php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73338 Exception thrown from error handler causes valgrind warnings (and crashes)
Submitted: 2016-10-18 10:54 UTC Modified: 2016-10-18 10:56 UTC
From: derick@php.net Assigned: bwoebi
Status: Closed Package: Scripting Engine problem
PHP Version: 7.0.12 OS: Linux
Private report: No CVE-ID:
 [2016-10-18 10:54 UTC] derick@php.net
Description:
------------
Original report through the Xdebug bug tracker https://bugs.xdebug.org/view.php?id=1352, but this is not Xdebug specific.

Running the "Test script" with USE_ZEND_ALLOC=0 and valgrind shows the actual output.

Test script:
---------------
<?php
set_error_handler(function() {
    throw new Error;
});
call_user_func("fail");
?>


Expected result:
----------------
No valgrind warning :-)

Actual result:
--------------
derick@whisky:~ $ valgrind php /tmp/foo.php 
==5682== Memcheck, a memory error detector
==5682== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==5682== Using Valgrind-3.12.0.SVN and LibVEX; rerun with -h for copyright info
==5682== Command: php /tmp/foo.php
==5682== 
==5682== Invalid read of size 1
==5682==    at 0xABB041: cleanup_unfinished_calls (zend_execute.c:2465)
==5682==    by 0xABEAAD: ZEND_HANDLE_EXCEPTION_SPEC_HANDLER (zend_vm_execute.h:1496)
==5682==    by 0xABB5BD: execute_ex (zend_vm_execute.h:414)
==5682==    by 0xF42DF21: xdebug_execute_ex (xdebug.c:1913)
==5682==    by 0xABB6CE: zend_execute (zend_vm_execute.h:458)
==5682==    by 0xA605CF: zend_execute_scripts (zend.c:1427)
==5682==    by 0x9D1D9E: php_execute_script (main.c:2494)
==5682==    by 0xB202A4: do_cli (php_cli.c:974)
==5682==    by 0xB21269: main (php_cli.c:1344)
==5682==  Address 0x101a96ec is 4 bytes before a block of size 352 alloc'd
==5682==    at 0x4C2BB0B: realloc (vg_replace_malloc.c:785)
==5682==    by 0xA2D24D: _erealloc (zend_alloc.c:2476)
==5682==    by 0xA4DF15: pass_two (zend_opcode.c:598)
==5682==    by 0xA09484: compile_file (zend_language_scanner.l:611)
==5682==    by 0x7CCAC1: phar_compile_file (phar.c:3322)
==5682==    by 0xF42E700: xdebug_compile_file (xdebug.c:2141)
==5682==    by 0xA60561: zend_execute_scripts (zend.c:1421)
==5682==    by 0x9D1D9E: php_execute_script (main.c:2494)
==5682==    by 0xB202A4: do_cli (php_cli.c:974)
==5682==    by 0xB21269: main (php_cli.c:1344)
==5682== 


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-10-18 10:56 UTC] bwoebi@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: bwoebi
 [2016-10-18 12:14 UTC] bwoebi@php.net
Automatic comment on behalf of bobwei9@hotmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=8b177f6a2a2782107461d7153385857872e2f4b9
Log: Fixed bug #73338 (Exception thrown from error handler may crash)
 [2016-10-18 12:14 UTC] bwoebi@php.net
-Status: Assigned +Status: Closed
 [2016-10-18 12:32 UTC] bwoebi@php.net
Automatic comment on behalf of bobwei9@hotmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=8b177f6a2a2782107461d7153385857872e2f4b9
Log: Fixed bug #73338 (Exception thrown from error handler may crash)
 [2016-10-18 12:32 UTC] bwoebi@php.net
Automatic comment on behalf of bobwei9@hotmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=8b177f6a2a2782107461d7153385857872e2f4b9
Log: Fixed bug #73338 (Exception thrown from error handler may crash)
 [2016-10-25 15:21 UTC] krakjoe@php.net
Automatic comment on behalf of bobwei9@hotmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=8b177f6a2a2782107461d7153385857872e2f4b9
Log: Fixed bug #73338 (Exception thrown from error handler may crash)
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Jul 23 14:01:36 2017 UTC