PHP :: Bug #67037 :: crash when assigning a function result after finally()

Bug #67037

crash when assigning a function result after finally()

Submitted:

2014-04-07 12:26 UTC

Modified:

2014-04-10 14:08 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

tony2001@php.net

Assigned:

dmitry (profile)

Status:

Duplicate

Package:

Reproducible crash

PHP Version:

5.5Git-2014-04-07 (Git)

OS:

Private report:

CVE-ID:

None

View Developer Edit

[2014-04-07 12:26 UTC] tony2001@php.net

Description:
------------
PHP crashes on this short script.
It seems to be caused by finally(), since I'm unable to reproduce the crash if I remove it.

Test script:
---------------
<?php
function process()
{
    try {
        throw new Exception("1");
    }
    finally {
        try {
            throw new Exception("2");
        } catch (Exception $Error) {
        }
    }
}
$res = process();
?>

Expected result:
----------------
No crash =)

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x00000000006af247 in zval_delref_p (pz=0x0) at /local/git/php-src/Zend/zend.h:409
409             return --pz->refcount__gc;
(gdb) bt
#0  0x00000000006af247 in zval_delref_p (pz=0x0) at /local/git/php-src/Zend/zend.h:409
#1  0x00000000006b0ba8 in zend_pzval_unlock_func (z=0x0, should_free=0x7fffffffa3b0, unref=1) at /local/git/php-src/Zend/zend_execute.c:72
#2  0x00000000006b0cb7 in _get_zval_ptr_var (var=4294967264, execute_data=0x7ffff7f8c128, should_free=0x7fffffffa3b0)
    at /local/git/php-src/Zend/zend_execute.c:186
#3  0x0000000000714fdf in ZEND_ASSIGN_SPEC_CV_VAR_HANDLER (execute_data=0x7ffff7f8c128) at /local/git/php-src/Zend/zend_vm_execute.h:36930
#4  0x00000000006b532b in execute_ex (execute_data=0x7ffff7f8c128) at /local/git/php-src/Zend/zend_vm_execute.h:363
#5  0x00000000006b539c in zend_execute (op_array=0x7ffff7fc9320) at /local/git/php-src/Zend/zend_vm_execute.h:388
#6  0x0000000000679ca6 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /local/git/php-src/Zend/zend.c:1316
#7  0x00000000005f43ea in php_execute_script (primary_file=0x7fffffffd960) at /local/git/php-src/main/main.c:2506
#8  0x0000000000720af5 in do_cli (argc=2, argv=0xbe0b10) at /local/git/php-src/sapi/cli/php_cli.c:994
#9  0x0000000000721ac3 in main (argc=2, argv=0xbe0b10) at /local/git/php-src/sapi/cli/php_cli.c:1378

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2014-04-07 16:53 UTC] dmitry@php.net

-Status: Open +Status: Assigned -Assigned To: +Assigned To: dmitry

[2014-04-10 14:08 UTC] tony2001@php.net

-Status: Assigned +Status: Duplicate

[2014-04-10 14:08 UTC] tony2001@php.net

Ok, this seems to be a duplicate of bug #65784, which is already fixed in 5.6, but cannot be fixed in 5.5 due to ABI incompatible changes.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Oct 27 14:00:01 2025 UTC