php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #65161 Generator + autoload + syntax error = segfault
Submitted: 2013-06-28 14:56 UTC Modified: 2013-06-29 20:01 UTC
From: j dot amend at gmail dot com Assigned: nikic
Status: Closed Package: Reproducible crash
PHP Version: 5.5.0 OS: Gentoo Linux
Private report: No CVE-ID:
 [2013-06-28 14:56 UTC] j dot amend at gmail dot com
Description:
------------
I noticed an issue in my development environment with PHP 5.5 that whenever there was a syntax error in my code, I would get a segmentation fault. It seems to happen when I am auto-loading a class file that has the syntax error, within a generator. Somehow removing the parameter to the class instantiation that triggers the auto-load avoids the segmentation fault. I've included a minimal amount of code that can reproduce the issue.

Test script:
---------------
SyntaxError.php:
<?php
class SyntaxError {
	public function __construct() {
}


test.php:
<?php
function autoload($fullClass) {
	require_once('SyntaxError.php');
}
spl_autoload_register('autoload');

function testGenerator() {
	yield new SyntaxError('param');
}

foreach (testGenerator() as $i);

Expected result:
----------------
Parse error:

lws5 htdocs # php test.php

Parse error: syntax error, unexpected end of file, expecting function (T_FUNCTION) in /home/www/htdocs/SyntaxError.php on line 4


Actual result:
--------------
Parse error + segmentation fault:

lws5 htdocs # php test.php

Parse error: syntax error, unexpected end of file, expecting function (T_FUNCTION) in /home/www/htdocs/SyntaxError.php on line 4
Segmentation fault

Backtrace:

#0  0x00000000009a4d33 in zval_delref_p (pz=0x1) at /var/tmp/portage/dev-lang/php-5.5.0/work/sapis-build/cli/Zend/zend.h:409
#1  0x00000000009a4fba in i_zval_ptr_dtor (zval_ptr=0x1,
    __zend_filename=0xec8a18 "/var/tmp/portage/dev-lang/php-5.5.0/work/sapis-build/cli/Zend/zend_generators.c", __zend_lineno=106)
    at /var/tmp/portage/dev-lang/php-5.5.0/work/sapis-build/cli/Zend/zend_execute.h:76
#2  0x00000000009a71fb in _zval_ptr_dtor (zval_ptr=0x7ffff7fc40d0,
    __zend_filename=0xec8a18 "/var/tmp/portage/dev-lang/php-5.5.0/work/sapis-build/cli/Zend/zend_generators.c", __zend_lineno=106)
    at /var/tmp/portage/dev-lang/php-5.5.0/work/sapis-build/cli/Zend/zend_execute_API.c:426
#3  0x00000000009f2d0a in zend_generator_close (generator=0x7ffff7fc4138, finished_execution=0 '\000', tsrm_ls=0x121c1d0)
    at /var/tmp/portage/dev-lang/php-5.5.0/work/sapis-build/cli/Zend/zend_generators.c:106
#4  0x00000000009f3072 in zend_generator_free_storage (generator=0x7ffff7fc4138, tsrm_ls=0x121c1d0)
    at /var/tmp/portage/dev-lang/php-5.5.0/work/sapis-build/cli/Zend/zend_generators.c:192
#5  0x00000000009fcc3f in zend_objects_store_free_object_storage (objects=0x121fbe0, tsrm_ls=0x121c1d0)
    at /var/tmp/portage/dev-lang/php-5.5.0/work/sapis-build/cli/Zend/zend_objects_API.c:92
#6  0x00000000009a6806 in shutdown_executor (tsrm_ls=0x121c1d0)
    at /var/tmp/portage/dev-lang/php-5.5.0/work/sapis-build/cli/Zend/zend_execute_API.c:293
#7  0x00000000009bdffb in zend_deactivate (tsrm_ls=0x121c1d0)
    at /var/tmp/portage/dev-lang/php-5.5.0/work/sapis-build/cli/Zend/zend.c:939
#8  0x0000000000901647 in php_request_shutdown (dummy=0x0)
    at /var/tmp/portage/dev-lang/php-5.5.0/work/sapis-build/cli/main/main.c:1800
#9  0x0000000000a7f844 in do_cli (argc=2, argv=0x121c0f0, tsrm_ls=0x121c1d0)
    at /var/tmp/portage/dev-lang/php-5.5.0/work/sapis-build/cli/sapi/cli/php_cli.c:1176
#10 0x0000000000a80083 in main (argc=2, argv=0x121c0f0)
    at /var/tmp/portage/dev-lang/php-5.5.0/work/sapis-build/cli/sapi/cli/php_cli.c:1377

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-06-28 15:00 UTC] nikic@php.net
-Assigned To: +Assigned To: nikic
 [2013-06-29 20:01 UTC] nikic@php.net
-Status: Assigned +Status: Closed
 [2013-06-29 20:01 UTC] nikic@php.net
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 14:01:50 2014 UTC