subject:"Bug #64960 \[Opn\]\: Segfault in gc_zval_possible

Bug #64960 [Opn]: Segfault in gc_zval_possible_root

2013-06-05 Thread pajoye

Edit report at https://bugs.php.net/bug.php?id=64960edit=1

 ID: 64960
 Updated by: paj...@php.net
 Reported by:arjen at react dot com
 Summary:Segfault in gc_zval_possible_root
 Status: Open
 Type:   Bug
 Package:Scripting Engine problem
 Operating System:   Archlinux
 PHP Version:5.4.15
 Block user comment: N
 Private report: N

 New Comment:

This is what we actually support:

http://www.php.net/downloads.php

or using:

https://github.com/php/php-src (use the 5.4 branch).

External patched versions like the one in ZendServer are not supported, while 
this possible bug may happen in these versions, we need to reproduce it with 
our 
code base.


Previous Comments:

[2013-06-05 07:58:06] arjen at react dot com

Centos 6.3 with Zend Server PHP (no Suhosin):

# php -v
PHP 5.3.14 (cli) (built: Jun 19 2012 03:47:42) 

Archlinux (from repo, no Suhosin)
$ php -v
PHP 5.4.15 (cli) (built: May 12 2013 13:11:23) 

Are you sure you're not testing with a debug build? The segfault does not 
happen 
in debug 
builds.


[2013-06-05 03:10:20] larue...@php.net

please disable Suhosin patch and try again.


[2013-06-04 19:25:14] arjen at react dot com

Verified it's not an Archlinux issue:

~$ php -v
PHP 5.3.10-1ubuntu3.6 with Suhosin-Patch (cli) (built: Mar 11 2013 14:31:48) 

~$ php segfault.php 
PHP Notice:  ob_end_flush(): failed to delete and flush buffer. No buffer to 
delete or flush in /home/arjen/segfault.php on line 3
PHP Fatal error:  Uncaught exception 'Exception' in /home/arjen/segfault.php:19
Stack trace:
#0 [internal function]: {closure}(8, 'ob_end_clean():...', 
'/home/arjen/seg...', 
9, Array)
#1 /home/arjen/segfault.php(9): ob_end_clean()
#2 [internal function]: ExceptionHandler-__invoke(Object(Exception))
#3 {main}
  thrown in /home/arjen/segfault.php on line 19
Segmentation fault (core dumped)


[2013-06-04 15:28:15] larue...@php.net

I can not reproduce the segfault


[2013-06-03 11:48:55] arjen at react dot com

Description:

Affects = 5.3.0, including 5.4.16.

See http://3v4l.org/dTDPH#v536

Combination of custom exception handler and error handler, custom property with 
a 
debug_backtrace defined to an exception and calling ob_end_clean while 
ob_end_flush was called.

Wasn't able to reduce this further.

Test script:
---
// this makes ob_end_clean raise an error
ob_end_flush();

class ExceptionHandler {
public function __invoke (Exception $e)
{
// this triggers the custom error handler
ob_end_clean();
}
}

// this must be a class, closure does not trigger segfault
set_exception_handler(new ExceptionHandler());

// exception must be throwed from error handler.
set_error_handler(function()
{
$e = new Exception;
$e-_trace = debug_backtrace();

throw $e;
});

// trigger error handler
$a['waa'];

Expected result:

No segfault.

Actual result:
--
#0  0x00648779 in gc_zval_possible_root ()
#1  0x00637168 in zend_hash_destroy ()
#2  0x00628c0b in _zval_dtor_func ()
#3  0x0061abd9 in _zval_ptr_dtor ()
#4  0x00637168 in zend_hash_destroy ()
#5  0x00628c0b in _zval_dtor_func ()
#6  0x0061abd9 in _zval_ptr_dtor ()
#7  0x0064a437 in zend_object_std_dtor ()
#8  0x0064a469 in zend_objects_free_object_storage ()
#9  0x0064fe16 in zend_objects_store_free_object_storage ()
#10 0x0061b123 in ?? ()
#11 0x00629bc2 in ?? ()
#12 0x005cc04d in php_request_shutdown ()
#13 0x00426004 in ?? ()
#14 0x7f9a6fddba15 in __libc_start_main () from /usr/lib/libc.so.6
#15 0x00426db9 in _start ()







-- 
Edit this bug report at https://bugs.php.net/bug.php?id=64960edit=1

Bug #64960 [Opn]: Segfault in gc_zval_possible_root

2013-06-05 Thread laruence

Edit report at https://bugs.php.net/bug.php?id=64960edit=1

 ID: 64960
 Updated by: larue...@php.net
 Reported by:arjen at react dot com
 Summary:Segfault in gc_zval_possible_root
 Status: Open
 Type:   Bug
 Package:Scripting Engine problem
 Operating System:   Archlinux
 PHP Version:5.4.15
 Block user comment: N
 Private report: N

 New Comment:

ah, thanks, I can verify it. and got a fix. will commit soon.

thanks


Previous Comments:

[2013-06-05 08:54:10] arjen at react dot com

Archlinux fetches src tarballs from http://www.php.net/downloads.php and does 
not apply any 
patch to the code. I tried the other versions to show it's not an Archlinux 
problem.

I manually verified by building it from src:

wget http://www.php.net/distributions/php-5.4.15.tar.gz
tar xf php-5.4.15.tar.gz
cd php-5.4.15
./configure
make

sapi/cli/php segfault.php

Fatal error: Uncaught exception 'Exception' in segfault.php:20
Stack trace:
#0 [internal function]: {closure}(8, 'ob_end_clean():...', 'segfault.php', 10, 
Array)
#1 segfault.php(10): ob_end_clean()
#2 [internal function]: ExceptionHandler-__invoke(Object(Exception))
#3 {main}
  thrown in segfault.php on line 20
Segmentation fault (core dumped)

sapi/cli/php -v
PHP 5.4.15 (cli) (built: Jun  5 2013 10:36:25) 
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies

and again, when compiling from src (php.net tarball) with ./configure 
--enable-debug the 
segfault does not occur.


[2013-06-05 08:17:24] paj...@php.net

This is what we actually support:

http://www.php.net/downloads.php

or using:

https://github.com/php/php-src (use the 5.4 branch).

External patched versions like the one in ZendServer are not supported, while 
this possible bug may happen in these versions, we need to reproduce it with 
our 
code base.


[2013-06-05 07:58:06] arjen at react dot com

Centos 6.3 with Zend Server PHP (no Suhosin):

# php -v
PHP 5.3.14 (cli) (built: Jun 19 2012 03:47:42) 

Archlinux (from repo, no Suhosin)
$ php -v
PHP 5.4.15 (cli) (built: May 12 2013 13:11:23) 

Are you sure you're not testing with a debug build? The segfault does not 
happen 
in debug 
builds.


[2013-06-05 03:10:20] larue...@php.net

please disable Suhosin patch and try again.


[2013-06-04 19:25:14] arjen at react dot com

Verified it's not an Archlinux issue:

~$ php -v
PHP 5.3.10-1ubuntu3.6 with Suhosin-Patch (cli) (built: Mar 11 2013 14:31:48) 

~$ php segfault.php 
PHP Notice:  ob_end_flush(): failed to delete and flush buffer. No buffer to 
delete or flush in /home/arjen/segfault.php on line 3
PHP Fatal error:  Uncaught exception 'Exception' in /home/arjen/segfault.php:19
Stack trace:
#0 [internal function]: {closure}(8, 'ob_end_clean():...', 
'/home/arjen/seg...', 
9, Array)
#1 /home/arjen/segfault.php(9): ob_end_clean()
#2 [internal function]: ExceptionHandler-__invoke(Object(Exception))
#3 {main}
  thrown in /home/arjen/segfault.php on line 19
Segmentation fault (core dumped)




The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

https://bugs.php.net/bug.php?id=64960


-- 
Edit this bug report at https://bugs.php.net/bug.php?id=64960edit=1

Bug #64960 [Opn]: Segfault in gc_zval_possible_root

2013-06-04 Thread laruence

Edit report at https://bugs.php.net/bug.php?id=64960edit=1

 ID: 64960
 Updated by: larue...@php.net
 Reported by:arjen at react dot com
 Summary:Segfault in gc_zval_possible_root
 Status: Open
 Type:   Bug
 Package:Scripting Engine problem
 Operating System:   Archlinux
 PHP Version:5.4.15
 Block user comment: N
 Private report: N

 New Comment:

I can not reproduce the segfault


Previous Comments:

[2013-06-03 11:48:55] arjen at react dot com

Description:

Affects = 5.3.0, including 5.4.16.

See http://3v4l.org/dTDPH#v536

Combination of custom exception handler and error handler, custom property with 
a 
debug_backtrace defined to an exception and calling ob_end_clean while 
ob_end_flush was called.

Wasn't able to reduce this further.

Test script:
---
// this makes ob_end_clean raise an error
ob_end_flush();

class ExceptionHandler {
public function __invoke (Exception $e)
{
// this triggers the custom error handler
ob_end_clean();
}
}

// this must be a class, closure does not trigger segfault
set_exception_handler(new ExceptionHandler());

// exception must be throwed from error handler.
set_error_handler(function()
{
$e = new Exception;
$e-_trace = debug_backtrace();

throw $e;
});

// trigger error handler
$a['waa'];

Expected result:

No segfault.

Actual result:
--
#0  0x00648779 in gc_zval_possible_root ()
#1  0x00637168 in zend_hash_destroy ()
#2  0x00628c0b in _zval_dtor_func ()
#3  0x0061abd9 in _zval_ptr_dtor ()
#4  0x00637168 in zend_hash_destroy ()
#5  0x00628c0b in _zval_dtor_func ()
#6  0x0061abd9 in _zval_ptr_dtor ()
#7  0x0064a437 in zend_object_std_dtor ()
#8  0x0064a469 in zend_objects_free_object_storage ()
#9  0x0064fe16 in zend_objects_store_free_object_storage ()
#10 0x0061b123 in ?? ()
#11 0x00629bc2 in ?? ()
#12 0x005cc04d in php_request_shutdown ()
#13 0x00426004 in ?? ()
#14 0x7f9a6fddba15 in __libc_start_main () from /usr/lib/libc.so.6
#15 0x00426db9 in _start ()







-- 
Edit this bug report at https://bugs.php.net/bug.php?id=64960edit=1

Bug #64960 [Opn]: Segfault in gc_zval_possible_root

Bug #64960 [Opn]: Segfault in gc_zval_possible_root

Bug #64960 [Opn]: Segfault in gc_zval_possible_root

3 matches

Site Navigation

Mail list logo

Footer information