php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #67037 crash when assigning a function result after finally()
Submitted: 2014-04-07 12:26 UTC Modified: 2014-04-10 14:08 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: tony2001@php.net Assigned: dmitry (profile)
Status: Duplicate Package: Reproducible crash
PHP Version: 5.5Git-2014-04-07 (Git) OS: *
Private report: No CVE-ID: None
 [2014-04-07 12:26 UTC] tony2001@php.net
Description:
------------
PHP crashes on this short script.
It seems to be caused by finally(), since I'm unable to reproduce the crash if I remove it.

Test script:
---------------
<?php
function process()
{
    try {
        throw new Exception("1");
    }
    finally {
        try {
            throw new Exception("2");
        } catch (Exception $Error) {
        }
    }
}
$res = process();
?>

Expected result:
----------------
No crash =)

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x00000000006af247 in zval_delref_p (pz=0x0) at /local/git/php-src/Zend/zend.h:409
409             return --pz->refcount__gc;
(gdb) bt
#0  0x00000000006af247 in zval_delref_p (pz=0x0) at /local/git/php-src/Zend/zend.h:409
#1  0x00000000006b0ba8 in zend_pzval_unlock_func (z=0x0, should_free=0x7fffffffa3b0, unref=1) at /local/git/php-src/Zend/zend_execute.c:72
#2  0x00000000006b0cb7 in _get_zval_ptr_var (var=4294967264, execute_data=0x7ffff7f8c128, should_free=0x7fffffffa3b0)
    at /local/git/php-src/Zend/zend_execute.c:186
#3  0x0000000000714fdf in ZEND_ASSIGN_SPEC_CV_VAR_HANDLER (execute_data=0x7ffff7f8c128) at /local/git/php-src/Zend/zend_vm_execute.h:36930
#4  0x00000000006b532b in execute_ex (execute_data=0x7ffff7f8c128) at /local/git/php-src/Zend/zend_vm_execute.h:363
#5  0x00000000006b539c in zend_execute (op_array=0x7ffff7fc9320) at /local/git/php-src/Zend/zend_vm_execute.h:388
#6  0x0000000000679ca6 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /local/git/php-src/Zend/zend.c:1316
#7  0x00000000005f43ea in php_execute_script (primary_file=0x7fffffffd960) at /local/git/php-src/main/main.c:2506
#8  0x0000000000720af5 in do_cli (argc=2, argv=0xbe0b10) at /local/git/php-src/sapi/cli/php_cli.c:994
#9  0x0000000000721ac3 in main (argc=2, argv=0xbe0b10) at /local/git/php-src/sapi/cli/php_cli.c:1378


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-04-07 16:53 UTC] dmitry@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: dmitry
 [2014-04-10 14:08 UTC] tony2001@php.net
-Status: Assigned +Status: Duplicate
 [2014-04-10 14:08 UTC] tony2001@php.net
Ok, this seems to be a duplicate of bug #65784, which is already fixed in 5.6, but cannot be fixed in 5.5 due to ABI incompatible changes.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Wed Aug 21 14:01:26 2019 UTC