|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #63453 Segmentation fault in gc_zval_possible_root
Submitted: 2012-11-07 10:29 UTC Modified: 2013-02-18 00:36 UTC
From: Assigned:
Status: No Feedback Package: Reproducible crash
PHP Version: 5.4.8 OS: CentOS release 5.6 (Final)
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
Solve the problem:
29 + 48 = ?
Subscribe to this entry?

 [2012-11-07 10:29 UTC]
I've produced a segfault during some unit tests.

# /usr/bin/php-5.4.8 -c /etc/php54.ini /usr/bin/phpunit --colors tests/phpunit/My/Service/InterlocuteurEntiteTest.php
PHPUnit 3.6.12 by Sebastian Bergmann.

Configuration read from /media/sf_workspace/referentielinterlocuteurs/phpunit.xml

...................................Erreur de segmentation (core dumped)

My configure options : 
Configure Command =>  './configure'  '--with-config-file-path=/etc/php54.ini' '--enable-mbstring' '--with-ldap' '--enable-debug'

I haven't a short script that reproduces this problem but I have attached som code samples.

(ZF 1.8.3)

Test script:

$formRolesEtActesGestion = new My_Form_RolesEtActesDeGestion('mock');      $formRolesEtActesGestion->getSubform('roles')->setRolesConfig(My_Form_RolesEtActesDeGestion_RolesTest::getRolesConfig());

class My_Form_RolesEtActesDeGestion_RolesTest
    public static function getRolesConfig()
         return array();

class My_Form_RolesEtActesDeGestion_RolesTest
    public static function getRolesConfig()
         return array();
class My_Form_RolesEtActesDeGestion_Roles
    protected $_rolesConfig;

    public function setRolesConfig($rolesConfig)
        $this->_rolesConfig = $rolesConfig;

Actual result:
warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7fff06bfc000
Core was generated by `/usr/bin/php-5.4.8 -c /etc/php54.ini /usr/bin/phpunit --colors --debug tests/ph'.
Program terminated with signal 11, Segmentation fault.
#0  0x00000000006c3c82 in gc_zval_possible_root (zv=0x12615ae0) at /tmp/php-build/php-5.4.8/Zend/zend_gc.c:143
143     /tmp/php-build/php-5.4.8/Zend/zend_gc.c: Aucun fichier ou répertoire de ce type.
        in /tmp/php-build/php-5.4.8/Zend/zend_gc.c
(gdb) bt
#0  0x00000000006c3c82 in gc_zval_possible_root (zv=0x12615ae0) at /tmp/php-build/php-5.4.8/Zend/zend_gc.c:143
#1  0x00000000006b2e38 in zend_hash_destroy (ht=0x126464a0) at /tmp/php-build/php-5.4.8/Zend/zend_hash.c:560
#2  0x00000000006a5a16 in _zval_dtor_func (zvalue=0x12646748) at /tmp/php-build/php-5.4.8/Zend/zend_variables.c:43
#3  0x0000000000698bc5 in _zval_dtor (zval_ptr=0x12377758) at /tmp/php-build/php-5.4.8/Zend/zend_variables.h:35
#4  _zval_ptr_dtor (zval_ptr=0x12377758) at /tmp/php-build/php-5.4.8/Zend/zend_execute_API.c:438
#5  0x00000000006c5b92 in zend_object_std_dtor (object=0x125ebf58) at /tmp/php-build/php-5.4.8/Zend/zend_objects.c:54
#6  0x00000000006c5bc9 in zend_objects_free_object_storage (object=0x12615ae0) at /tmp/php-build/php-5.4.8/Zend/zend_objects.c:137
#7  0x00000000006cad98 in zend_objects_store_del_ref_by_handle_ex (handle=274, handlers=<value optimized out>)
    at /tmp/php-build/php-5.4.8/Zend/zend_objects_API.c:220
#8  0x00000000006cadd3 in zend_objects_store_del_ref (zobject=0x125b5970) at /tmp/php-build/php-5.4.8/Zend/zend_objects_API.c:172
#9  0x00000000006cdd23 in _zval_dtor (execute_data=0x2b673426f770) at /tmp/php-build/php-5.4.8/Zend/zend_variables.h:35
#10 i_zval_ptr_dtor (execute_data=0x2b673426f770) at /tmp/php-build/php-5.4.8/Zend/zend_execute.h:87
#11 zend_leave_helper_SPEC (execute_data=0x2b673426f770) at /tmp/php-build/php-5.4.8/Zend/zend_vm_execute.h:468
#12 0x00000000006e49d8 in ZEND_HANDLE_EXCEPTION_SPEC_HANDLER (execute_data=0x2b673426f770) at /tmp/php-build/php-5.4.8/Zend/zend_vm_execute.h:1113
#13 0x00000000006d807d in execute (op_array=0x123770e0) at /tmp/php-build/php-5.4.8/Zend/zend_vm_execute.h:410
#14 0x00000000006998b7 in zend_call_function (fci=0x7fff06badc20, fci_cache=0x7fff06badc70) at /tmp/php-build/php-5.4.8/Zend/zend_execute_API.c:958
#15 0x00000000005a9553 in zim_reflection_method_invokeArgs (ht=2, return_value=0x12378b88, return_value_ptr=<value optimized out>,
    this_ptr=<value optimized out>, return_value_used=<value optimized out>) at /tmp/php-build/php-5.4.8/ext/reflection/php_reflection.c:3017
#16 0x00000000006d25d6 in zend_do_fcall_common_helper_SPEC (execute_data=0x2b673426ee30) at /tmp/php-build/php-5.4.8/Zend/zend_vm_execute.h:642
#17 0x00000000006d807d in execute (op_array=0x2b673835f520) at /tmp/php-build/php-5.4.8/Zend/zend_vm_execute.h:410
#18 0x00000000006a5fc8 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /tmp/php-build/php-5.4.8/Zend/zend.c:1309
#19 0x000000000064aced in php_execute_script (primary_file=0x7fff06bb13e0) at /tmp/php-build/php-5.4.8/main/main.c:2482
#20 0x0000000000748d8d in do_cli (argc=7, argv=0x7fff06bb17c8) at /tmp/php-build/php-5.4.8/sapi/cli/php_cli.c:988
#21 0x0000000000749458 in main (argc=7, argv=0x7fff06bb17c8) at /tmp/php-build/php-5.4.8/sapi/cli/php_cli.c:1364
(gdb) frame 13
#13 0x00000000006d807d in execute (op_array=0x123770e0) at /tmp/php-build/php-5.4.8/Zend/zend_vm_execute.h:410
410     /tmp/php-build/php-5.4.8/Zend/zend_vm_execute.h: Aucun fichier ou répertoire de ce type.
        in /tmp/php-build/php-5.4.8/Zend/zend_vm_execute.h


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2012-11-07 10:48 UTC] jeanseb at au-fil-du dot net
The segfault occured in the callback of setRolesConfig()
 [2012-11-07 14:36 UTC]
Please try using this snapshot:
For Windows:

there was a bug about zval_dtor recursive array cause segfault. seems the fix is 
not merged into 5.4.8 yet, please try with the 5.4 snapshot, thanks
 [2012-11-07 14:36 UTC]
-Status: Open +Status: Feedback
 [2012-11-07 23:07 UTC]
-Summary: Segmentation fault +Summary: Segmentation fault in gc_zval_possible_root
 [2012-11-08 10:09 UTC] jeanseb at au-fil-du dot net
Same issue with php5.4-201211080830.
 [2012-11-09 16:14 UTC]
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.

 [2013-02-18 00:36 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Sun Sep 25 01:05:53 2022 UTC