PHP :: Bug #67037 :: crash when assigning a function result after finally()

Bug #67037

crash when assigning a function result after finally()

Submitted:

2014-04-07 12:26 UTC

Modified:

2014-04-10 14:08 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

tony2001@php.net

Assigned:

dmitry (profile)

Status:

Duplicate

Package:

Reproducible crash

PHP Version:

5.5Git-2014-04-07 (Git)

OS:

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	tony2001@php.net
New email:
PHP Version:		OS:

New Comment:

[2014-04-07 12:26 UTC] tony2001@php.net

Description:
------------
PHP crashes on this short script.
It seems to be caused by finally(), since I'm unable to reproduce the crash if I remove it.

Test script:
---------------
<?php
function process()
{
    try {
        throw new Exception("1");
    }
    finally {
        try {
            throw new Exception("2");
        } catch (Exception $Error) {
        }
    }
}
$res = process();
?>

Expected result:
----------------
No crash =)

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x00000000006af247 in zval_delref_p (pz=0x0) at /local/git/php-src/Zend/zend.h:409
409             return --pz->refcount__gc;
(gdb) bt
#0  0x00000000006af247 in zval_delref_p (pz=0x0) at /local/git/php-src/Zend/zend.h:409
#1  0x00000000006b0ba8 in zend_pzval_unlock_func (z=0x0, should_free=0x7fffffffa3b0, unref=1) at /local/git/php-src/Zend/zend_execute.c:72
#2  0x00000000006b0cb7 in _get_zval_ptr_var (var=4294967264, execute_data=0x7ffff7f8c128, should_free=0x7fffffffa3b0)
    at /local/git/php-src/Zend/zend_execute.c:186
#3  0x0000000000714fdf in ZEND_ASSIGN_SPEC_CV_VAR_HANDLER (execute_data=0x7ffff7f8c128) at /local/git/php-src/Zend/zend_vm_execute.h:36930
#4  0x00000000006b532b in execute_ex (execute_data=0x7ffff7f8c128) at /local/git/php-src/Zend/zend_vm_execute.h:363
#5  0x00000000006b539c in zend_execute (op_array=0x7ffff7fc9320) at /local/git/php-src/Zend/zend_vm_execute.h:388
#6  0x0000000000679ca6 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /local/git/php-src/Zend/zend.c:1316
#7  0x00000000005f43ea in php_execute_script (primary_file=0x7fffffffd960) at /local/git/php-src/main/main.c:2506
#8  0x0000000000720af5 in do_cli (argc=2, argv=0xbe0b10) at /local/git/php-src/sapi/cli/php_cli.c:994
#9  0x0000000000721ac3 in main (argc=2, argv=0xbe0b10) at /local/git/php-src/sapi/cli/php_cli.c:1378

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2014-04-07 16:53 UTC] dmitry@php.net

-Status: Open +Status: Assigned -Assigned To: +Assigned To: dmitry

[2014-04-10 14:08 UTC] tony2001@php.net

-Status: Assigned +Status: Duplicate

[2014-04-10 14:08 UTC] tony2001@php.net

Ok, this seems to be a duplicate of bug #65784, which is already fixed in 5.6, but cannot be fixed in 5.5 due to ABI incompatible changes.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Apr 23 22:01:31 2024 UTC