ID: 32171 Updated by: [EMAIL PROTECTED] Reported By: jr at terragate dot net -Status: Assigned +Status: Closed Bug Type: Reproducible crash Operating System: * PHP Version: 5.* Assigned To: tony2001 New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2005-05-11 16:43:14] [EMAIL PROTECTED] It has nothing to do with SPL, it's stream-related problem. Reassigned to myself, patch pending.. ------------------------------------------------------------------------ [2005-03-09 17:52:16] jr at terragate dot net Finally I was able to create a smaller test case for the segfault (with error_reporting = E_ALL): <?php class StreamWrapper { public function dir_opendir($path, $options) { return TRUE; } public function dir_readdir() { return FALSE; } } stream_wrapper_register('test', 'StreamWrapper'); $it = new DirectoryIterator('test://path/'); echo "Done\n"; ?> Trace: (gdb) r crash.php Starting program: /usr/local/bin/php crash.php warning: Unable to find dynamic linker breakpoint function. GDB will be unable to debug shared library initializers and track explicitly loaded dynamic code. [Thread debugging using libthread_db enabled] [New Thread 16384 (LWP 15212)] Done Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 16384 (LWP 15212)] 0x00000019 in ?? () Current language: auto; currently asm (gdb) bt #0 0x00000019 in ?? () #1 0x081abc73 in _php_stream_free (stream=0x82fdce4, close_options=3) at /root/compile/php5-STABLE-200503091530/main/streams/streams.c:351 #2 0x080b3fb8 in spl_ce_dir_object_free_storage (object=0x82f76c4) at /root/compile/php5-STABLE-200503091530/ext/spl/spl_directory.c:66 #3 0x081fa906 in zend_objects_store_del_ref (zobject=0x82fd4e4) at /root/compile/php5-STABLE-200503091530/Zend/zend_objects_API.c:159 #4 0x081deb76 in _zval_dtor (zvalue=0x82fd4e4, __zend_filename=0x82549e0 "/root/compile/php5-STABLE-200503091530/Zend/zend_execute_API.c", __zend_lineno=392) at /root/compile/php5-STABLE-200503091530/Zend/zend_variables.c:61 #5 0x081d36f8 in _zval_ptr_dtor (zval_ptr=0x82fdda0, __zend_filename=0x8255940 "/root/compile/php5-STABLE-200503091530/Zend/zend_variables.c", __zend_lineno=193) at /root/compile/php5-STABLE-200503091530/Zend/zend_execute_API.c:392 #6 0x081dee88 in _zval_ptr_dtor_wrapper (zval_ptr=0x82fdda0) at /root/compile/php5-STABLE-200503091530/Zend/zend_variables.c:193 #7 0x081e8f13 in zend_hash_apply_deleter (ht=0x82761d0, p=0x82fdd94) at /root/compile/php5-STABLE-200503091530/Zend/zend_hash.c:574 #8 0x081e9164 in zend_hash_graceful_reverse_destroy (ht=0x82761d0) at /root/compile/php5-STABLE-200503091530/Zend/zend_hash.c:640 #9 0x081d302f in shutdown_executor () at /root/compile/php5-STABLE-200503091530/Zend/zend_execute_API.c:208 #10 0x081e0264 in zend_deactivate () at /root/compile/php5-STABLE-200503091530/Zend/zend.c:817 #11 0x081996e1 in php_request_shutdown (dummy=0x0) at /root/compile/php5-STABLE-200503091530/main/main.c:1214 #12 0x082155d0 in main (argc=2, argv=0xbffff844) at /root/compile/php5-STABLE-200503091530/sapi/cli/php_cli.c:1046 The script will be fully executed but php segfaults on shutdown. The behavior in the complex test case (with the WebDAV stream wrapper) was the same: Using instaneof instead of is_a caused the script to be fully executed but with a segfault on shutdown. To answer your second question I modified the test case above: <?php class StreamWrapper { public function dir_opendir($path, $options) { is_a(null, 'AKnownOrUnknownClass'); return TRUE; } public function dir_readdir() { return FALSE; } } stream_wrapper_register('test', 'StreamWrapper'); $it = new DirectoryIterator('test://path/'); echo "Done\n"; ?> Running this script with error_reporting set to E_ALL (or even E_ALL & ~E_NOTICE & ~E_STRICT) will lead to the behaviour already mentioned (deprecation warning thrown as exception). Running the script with error_reporting = 0 will terminate the script with exit code 0377 and without outputting 'Done'. Using gdb I figured out that php_error_cb is still called with the deprecation warning and zend_throw_exception will abort the script. We have two issues here: 1. A wrong free causing a segfault on shutdown 2. PHP notices and warnings thrown as exception I dont't know what to do with the segfault (my knowledge about PHP's internals is too limited to debug this yet). IMHO the second problem could be solved in 2 ways: 1. Modifying php_error_cb's behavior (as my patch does) 2. Do not set error_mode to EH_THROW in spl_directory.c if a user space stream wrapper is used. ------------------------------------------------------------------------ [2005-03-09 14:40:34] [EMAIL PROTECTED] Did i get that correct that all works frin when you use instanceof ? If so all is fine. Also what happens if you stick with is_a but set error mode to 0? ------------------------------------------------------------------------ [2005-03-07 11:25:40] jr at terragate dot net I tested the instanceof segfault against the 5.1 branch and it segfaults too. But I had to change a is_a in HTTP/Request.php to instanceof because the 'notice exception' was thrown there this time. I wasn't able to reproduce the segfault with a smaller test case by using HTTP/Request.php myself (PEAR's WebDAV Wrapper) nor using instanceof inside a small stream wrapper. Initially I tested the bug with 5.0.3 but tried a snap a few hours later. Sorry for not updating the version field. ------------------------------------------------------------------------ [2005-03-06 16:21:35] [EMAIL PROTECTED] Please don't open more reports about same issue. (and when you report bugs, put the LATEST version in the 'Version' field' so we don't have to waste time asking if you tested the latest version..) ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/32171 -- Edit this bug report at http://bugs.php.net/?id=32171&edit=1
