|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2013-07-31 11:10 UTC] mbeccati@php.net
Description:
------------
While updating an old open source application to work with PHP 5.4 and 5.5, I somehow managed to trigger a segmentation fault when removing an =& assignment. I've been able to write a small reproduce script, which however still requires MDB2 from PEAR (tested only with the pgsql driver).
Changing back a specific assignment to =& prevents the shutdown segfault from happening.
The code works fine with 5.3 and crashes on 5.4+. Tested on Windows and Linux.
Test script:
---------------
<?php
require './usr/share/php/MDB2.php';
class A {
static function singleton()
{
$db = MDB2::connect('pgsql://postgres:password@localhost/postgres');
$db->loadModule('Datatype');
$GLOBALS['DB'] = $db; // Using =& $db doesn't crash
return $GLOBALS['DB'];
}
}
class B {
function __construct()
{
$this->db =& $this->getDb();
}
function &getDB()
{
return A::singleton();
}
}
$b = new B();
Expected result:
----------------
PHP Notice: Only variable references should be returned by reference in foobar.php on line 25
Actual result:
--------------
#0 0x0000000000812979 in gc_zval_possible_root (zv=0x7fffeef256e0) at /root/compile/php-5.5.1/Zend/zend_gc.c:143
No locals.
#1 0x0000000000801268 in zend_hash_destroy (ht=0x7fffeef2b4a0) at /root/compile/php-5.5.1/Zend/zend_hash.c:560
p = 0x7fffeef2b860
q = 0x7fffeef2b7b0
#2 0x00000000007f206b in _zval_dtor_func (zvalue=0x7fffeef2b470) at /root/compile/php-5.5.1/Zend/zend_variables.c:45
No locals.
#3 0x00000000007e3178 in _zval_dtor (zvalue=0x7fffeef2b470) at /root/compile/php-5.5.1/Zend/zend_variables.h:35
No locals.
#4 i_zval_ptr_dtor (zval_ptr=0x7fffeef2b470) at /root/compile/php-5.5.1/Zend/zend_execute.h:81
No locals.
#5 _zval_ptr_dtor (zval_ptr=<optimized out>) at /root/compile/php-5.5.1/Zend/zend_execute_API.c:426
No locals.
#6 0x0000000000801268 in zend_hash_destroy (ht=0x7fffeef28b10) at /root/compile/php-5.5.1/Zend/zend_hash.c:560
p = 0x7fffeef2bfd0
q = 0x7fffeef2ba80
#7 0x00000000007f206b in _zval_dtor_func (zvalue=0x7fffeef28778) at /root/compile/php-5.5.1/Zend/zend_variables.c:45
No locals.
#8 0x00000000007e3178 in _zval_dtor (zvalue=0x7fffeef28778) at /root/compile/php-5.5.1/Zend/zend_variables.h:35
No locals.
#9 i_zval_ptr_dtor (zval_ptr=0x7fffeef28778) at /root/compile/php-5.5.1/Zend/zend_execute.h:81
No locals.
#10 _zval_ptr_dtor (zval_ptr=<optimized out>) at /root/compile/php-5.5.1/Zend/zend_execute_API.c:426
No locals.
#11 0x0000000000801268 in zend_hash_destroy (ht=0x7fffeef2cbb8) at /root/compile/php-5.5.1/Zend/zend_hash.c:560
p = 0x7fffeef2ce78
q = 0x7fffeef2ce20
#12 0x000000000081579c in zend_object_std_dtor (object=0x7fffeef27cb0) at /root/compile/php-5.5.1/Zend/zend_objects.c:44
No locals.
#13 0x0000000000815829 in zend_objects_free_object_storage (object=0x7fffeef27cb0) at /root/compile/php-5.5.1/Zend/zend_objects.c:137
No locals.
#14 0x000000000081b476 in zend_objects_store_free_object_storage (objects=0x1085120)
at /root/compile/php-5.5.1/Zend/zend_objects_API.c:92
obj = <optimized out>
i = <optimized out>
#15 0x00000000007e37e3 in shutdown_executor () at /root/compile/php-5.5.1/Zend/zend_execute_API.c:293
__orig_bailout = 0x7fffffffe460
__bailout = {{__jmpbuf = {17321344, -8869895244590628792, 0, 0, 0, 17333536, 8869894737283235912, -8869895235585851320},
__mask_was_saved = 0, __saved_mask = {__val = {9576849035021516823, 0, 8402366, 17291648, 17319392, 140737353913872,
140737353912280, 140737353913920, 140737353912280, 0, 17321080, 1, 0, 0, 8330270, 17320992}}}}
#16 0x00000000007f3075 in zend_deactivate () at /root/compile/php-5.5.1/Zend/zend.c:939
No locals.
#17 0x0000000000791637 in php_request_shutdown (dummy=<optimized out>) at /root/compile/php-5.5.1/main/main.c:1803
report_memleaks = 1 '\001'
<snip>
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Tue Apr 16 09:01:28 2024 UTC |
I have upgraded PHP 5.4 to latest-git on a new machine. With the patch applied I now see many test runs consistently fail with a segafult. Reverting to 5.4.17 fixes the segfault. Backtrace is: #0 0x00000000009beb33 in zend_std_object_get_class (object=0x7fffef535cd0) at /root/compile/php-src/Zend/zend_object_handlers.c:1500 zobj = 0x7fff00000021 #1 0x000000000098dd98 in zend_get_class_entry (zobject=0x7fffef535cd0) at /root/compile/php-src/Zend/zend_API.c:238 No locals. #2 0x0000000000a17121 in ZEND_INIT_METHOD_CALL_SPEC_CV_CONST_HANDLER (execute_data=0x7ffff7fa1ea0) at /root/compile/php-src/Zend/zend_vm_execute.h:29282 opline = 0x7ffff0a34228 function_name = 0x7ffff0a35058 function_name_strval = 0x7ffff7f97d50 "setFileNameProtection" function_name_strlen = 21 #3 0x00000000009c6513 in execute (op_array=0x1446f00) at /root/compile/php-src/Zend/zend_vm_execute.h:410 ret = 0 execute_data = 0x7ffff7fa1ea0 nested = 1 '\001' original_in_execution = 0 '\000' #4 0x000000000098ca9f in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/compile/php-src/Zend/zend.c:1315 files = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fffffffae40, reg_save_area = 0x7fffffffad80}} i = 1 file_handle = 0x7fffffffd1e0 orig_op_array = 0x0 orig_retval_ptr_ptr = 0x0 orig_interactive = 0 #5 0x0000000000902ff4 in php_execute_script (primary_file=0x7fffffffd1e0) at /root/compile/php-src/main/main.c:2497 realfile = "/home/atlassian/bamboo/xml-data/build-dir/AP-RET-P53P/tests/run.php\000\000\000\000\000\021", '\000' <repeats 15 times>, "P\301\377\377\377\177\000\000\336U\225\000\000\000\000\000\234\066\336\367\377\177\000\000\000\020$\001\000\000\000\000\016\000\000\000\000\000\000\000\260\302\377\377\377\177\000\000-\000\000\000\000\000\000\000fII\"\000\000\000\000\240>\336\367\377\177\000\000\000\000\000\000\000\000\000\000&\000\000\000\000\000\000\000%%\211\000\000\000\000\000\030\255\231\365\377\177\000\000\214\236\231\365\377\177\000\000"... __orig_bailout = 0x7fffffffd2f0 __bailout = {{__jmpbuf = {0, -263622604701000067, 4380576, 140737488348720, 0, 0, -263622602725482883, 263621642691976829}, __mask_was_saved = 0, __saved_mask = {__val = {0, 0, 140737314399616, 140737488343184, 0, 140737488343200, 4380576, 140737488348720, 0, 0, 9431409, 140737488344000, 140737488349319, 19186208, 287762808856, 21253568}}}} prepend_file_p = 0x0 append_file_p = 0x0 prepend_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0x0}, reader = 0x0, fsizer = 0x0, closer = 0x0}}, free_filename = 0 '\000'} append_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0x0}, reader = 0x0, fsizer = 0x0, closer = 0x0}}, free_filename = 0 '\000'} old_cwd = 0x7fffffffae60 "" use_heap = 0 '\000' retval = 0