php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77693 Crash on multiple separate exception thrown inside custom error handler
Submitted: 2019-03-05 12:50 UTC Modified: 2020-06-10 12:51 UTC
From: jean dot beguin at free dot fr Assigned: cmb (profile)
Status: Closed Package: Reproducible crash
PHP Version: 7.3.2 OS: Windows 7 & Ubuntu 18.04
Private report: No CVE-ID: None
 [2019-03-05 12:50 UTC] jean dot beguin at free dot fr
Description:
------------
When running the test script, the apache server processes crashes with exit status 3221225725.

The timing is of no importance as this still crash after around the same number of cycles, even with a sleep inside the loop.

This crash persists even with the use of gc_collect_cycles().

Tested on:
  Windows 7, Apache 2.4.38, PHP 7.3.2 via XAMPP
  Windows 7, Apache 2.4.29, PHP 7.2.2 via XAMPP
  Ubuntu Server 18.04, Apache/2.4.29 (Ubuntu), PHP 7.2.15-0ubuntu0.18.04.1


Test script:
---------------
<?php 

error_reporting(E_ALL);

function errorHandler(int $errorNumber, string $errorMessage)
{
    throw new \Exception();
}

$previousHandler = set_error_handler("errorHandler");

// 1000 is enough to crash on Windows 7 with XAMPP, but more is needed for Ubuntu
$operations = 10000;

for($i = 0; $i < $operations; $i++) {
    try{
        //Used to generate a warning.
        $inexistant[0];
    } catch (\Exception $e) {}
}

set_error_handler($previousHandler);

Expected result:
----------------
The process should not crash, as exception are thrown, caught and discarded, and should be garbage collected.

Actual result:
--------------
Apache error.loh:
[mpm_winnt:notice] [pid 6000:tid 244] AH00428: Parent: child process 3904 exited with status 3221225725 -- Restarting.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-03-05 13:29 UTC] danack@php.net
-Status: Open +Status: Feedback
 [2019-03-05 13:29 UTC] danack@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2019-03-05 13:31 UTC] danack@php.net
Generating the backtrace on Ubuntu would probably be best.

As you're seeing this crash under both OSes, if you can also run a memory checker on your machine...
 [2019-03-05 14:27 UTC] nikic@php.net
-Status: Feedback +Status: Open
 [2019-03-05 14:27 UTC] nikic@php.net
This is a stack overflow caused by a destruction of a deeply nested object. This happens because the exception captures backtrace arguments and the error handler is passed the variable scope of the error, which also includes the previous exception in $e. This creates a chain of exceptions.

In PHP 8 the error context is gone, not sure if there's anything actionable here before that. The fact that exceptions capture backtrace args is a common problem for a number of reasons, we might want to address that in some way (possibly ini option to disable).
 [2020-06-10 12:51 UTC] cmb@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 [2020-06-10 12:51 UTC] cmb@php.net
As of PHP 7.4.0, there is zend.exception_ignore_args, so I think
this ticket can be closed.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Nov 09 11:01:28 2024 UTC