php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #63596 finally in generators segfaults since the new finally implementation
Submitted: 2012-11-24 16:57 UTC Modified: -
From: nikic@php.net Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: master-Git-2012-11-24 (Git) OS:
Private report: No CVE-ID: None
 [2012-11-24 16:57 UTC] nikic@php.net
Description:
------------
Since https://github.com/php/php-src/commit/eb4825b50b1f4d20b574d8f66acf26e35180e7e6 the test Zend/tests/generators/finally_ran_on_close.phpt segfaults.

Output:

before yield
finally run
Segmentation fault (core dumped)

Backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x086c6e21 in execute_ex (execute_data=0xb7fb868c, tsrm_ls=0x8d4a070)
    at /home/nikic/dev/php-src/Zend/zend_vm_execute.h:435
435			if ((ret = OPLINE->handler(execute_data TSRMLS_CC)) > 0) {
(gdb) bt
#0  0x086c6e21 in execute_ex (execute_data=0xb7fb868c, tsrm_ls=0x8d4a070)
    at /home/nikic/dev/php-src/Zend/zend_vm_execute.h:435
#1  0x086b43d7 in zend_generator_resume (generator=0xb7fb7f20, 
    tsrm_ls=0x8d4a070) at /home/nikic/dev/php-src/Zend/zend_generators.c:535
#2  0x086b2bf6 in zend_generator_close (generator=0xb7fb7f20, 
    finished_execution=0 '\000', tsrm_ls=0x8d4a070)
    at /home/nikic/dev/php-src/Zend/zend_generators.c:64
#3  0x086b30b1 in zend_generator_free_storage (generator=0xb7fb7f20, 
    tsrm_ls=0x8d4a070) at /home/nikic/dev/php-src/Zend/zend_generators.c:195
#4  0x086bfb8e in zend_objects_store_del_ref_by_handle_ex (handle=1, 
    handlers=0x8d47700, tsrm_ls=0x8d4a070)
    at /home/nikic/dev/php-src/Zend/zend_objects_API.c:220
#5  0x086bf7fd in zend_objects_store_del_ref (zobject=0xb7fb6214, 
    tsrm_ls=0x8d4a070) at /home/nikic/dev/php-src/Zend/zend_objects_API.c:172
#6  0x08684659 in _zval_dtor_func (zvalue=0xb7fb6214, 
    __zend_filename=0x8c87e44 "/home/nikic/dev/php-src/Zend/zend_execute_API.c", __zend_lineno=439) at /home/nikic/dev/php-src/Zend/zend_variables.c:54
#7  0x08672b43 in _zval_dtor (__zend_lineno=<optimized out>, 
    __zend_filename=0x8c87e44 "/home/nikic/dev/php-src/Zend/zend_execute_API.c", zvalue=0xb7fb6214) at /home/nikic/dev/php-src/Zend/zend_variables.h:35
#8  _zval_ptr_dtor (zval_ptr=0xb7fb7bc0, 
    __zend_filename=0x8c89164 "/home/nikic/dev/php-src/Zend/zend_variables.c", 
    __zend_lineno=182) at /home/nikic/dev/php-src/Zend/zend_execute_API.c:439
#9  0x08684a5e in _zval_ptr_dtor_wrapper (zval_ptr=0xb7fb7bc0)
    at /home/nikic/dev/php-src/Zend/zend_variables.c:182
#10 0x08698ac5 in zend_hash_del_key_or_index (ht=0x8d4bb88, 
    arKey=0xb7fb7da4 "gen", nKeyLength=4, h=2090288735, flag=2)
    at /home/nikic/dev/php-src/Zend/zend_hash.c:531
#11 0x08677af9 in zend_delete_variable (ex=0x0, ht=0x8d4bb88, 
    name=0xb7fb7da4 "gen", name_len=4, hash_value=2090288735, 
    tsrm_ls=0x8d4a070) at /home/nikic/dev/php-src/Zend/zend_execute_API.c:1703
#12 0x087d8ec9 in ZEND_UNSET_VAR_SPEC_CV_UNUSED_HANDLER (
    execute_data=0xb7f9a07c, tsrm_ls=0x8d4a070)
    at /home/nikic/dev/php-src/Zend/zend_vm_execute.h:38546
#13 0x086c6e2d in execute_ex (execute_data=0xb7f9a07c, tsrm_ls=0x8d4a070)
    at /home/nikic/dev/php-src/Zend/zend_vm_execute.h:435
#14 0x086c6f18 in execute (op_array=0xb7fb6acc, tsrm_ls=0x8d4a070)
    at /home/nikic/dev/php-src/Zend/zend_vm_execute.h:460
#15 0x08688d5d in zend_execute_scripts (type=8, tsrm_ls=0x8d4a070, retval=0x0, 
    file_count=3) at /home/nikic/dev/php-src/Zend/zend.c:1309
#16 0x085ea548 in php_execute_script (primary_file=0xbfffe0d0, 
    tsrm_ls=0x8d4a070) at /home/nikic/dev/php-src/main/main.c:2468
#17 0x087e75b1 in do_cli (argc=2, argv=0xbffff374, tsrm_ls=0x8d4a070)
    at /home/nikic/dev/php-src/sapi/cli/php_cli.c:988
#18 0x087e8aec in main (argc=2, argv=0xbffff374)
    at /home/nikic/dev/php-src/sapi/cli/php_cli.c:1364


The relevant code in the generator storage free handler: http://lxr.php.net/xref/PHP_TRUNK/Zend/zend_generators.c#36.



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-11-24 18:24 UTC] nikic@php.net
Automatic comment on behalf of nikic
Revision: http://git.php.net/?p=php-src.git;a=commit;h=60871e51ada0644f258c991d67adba22d38f8a7b
Log: Fix bug #63596: finally in generators segfaults
 [2012-11-24 18:24 UTC] nikic@php.net
-Status: Open +Status: Closed
 [2012-12-19 17:55 UTC] derick@php.net
Automatic comment on behalf of nikic
Revision: http://git.php.net/?p=php-src.git;a=commit;h=60871e51ada0644f258c991d67adba22d38f8a7b
Log: Fix bug #63596: finally in generators segfaults
 [2013-11-17 09:32 UTC] laruence@php.net
Automatic comment on behalf of nikic
Revision: http://git.php.net/?p=php-src.git;a=commit;h=60871e51ada0644f258c991d67adba22d38f8a7b
Log: Fix bug #63596: finally in generators segfaults
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 23:01:26 2024 UTC