ID: 46568
Comment by: bruno at ioda dot net
Reported By: phpbugs at colin dot guthr dot ie
Status: Open
Bug Type: Reproducible crash
Operating System: Linux
PHP Version: 5.2.7RC3
New Comment:
I've try this on 3 differents openSUSE 10.3 all with the lastest
opensuse build services php version 5.2.6.
And the result was the expected exception
Fatal error: Uncaught exception 'Exception' with message 'Wibble' in
/tmp/bugs.php:10
Stack trace:
#0 /tmp/bugs.php(14): foo->wibble()
#1 /tmp/bugs.php(23): foo->bug()
#2 {main}
thrown in /tmp/bugs.php on line 10
PHP 5.2.6 with Suhosin-Patch 0.9.6.2 (cli) (built: Nov 5 2008
13:42:52)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies
with Suhosin v0.9.27, Copyright (c) 2007, by SektionEins GmbH
For 10.3 gcc is :
Target: x86_64-suse-linux
Configuré avec: ../configure --enable-threads=posix --prefix=/usr
--with-local-prefix=/usr/local --infodir=/usr/share/info
--mandir=/usr/share/man --libdir=/usr/lib64 --libexecdir=/usr/lib64
--enable-languages=c,c++,objc,fortran,obj-c++,java,ada
--enable-checking=release --with-gxx-include-dir=/usr/include/c++/4.2.1
--enable-ssp --disable-libssp --disable-libgcj --with-slibdir=/lib64
--with-system-zlib --enable-shared --enable-__cxa_atexit
--enable-libstdcxx-allocator=new --disable-libstdcxx-pch
--program-suffix=-4.2 --enable-version-specific-runtime-libs
--without-system-libunwind --with-cpu=generic --host=x86_64-suse-linux
Modèle de thread: posix
version gcc 4.2.1 (SUSE Linux)
I've not yet try on the lastest 11.0 x64 which have the gcc
gcc version 4.3.1 20080507 (prerelease) [gcc-4_3-branch revision
135036] (SUSE Linux)
Previous Comments:
------------------------------------------------------------------------
[2008-11-13 22:41:05] phpbugs at colin dot guthr dot ie
Well I've confirmed this problem on three Mandriva systems with
Mandriva packages but for this bug report I built a fresh vanilla
version from the 5.2.7rc3 tarball on my own machine to ensure it was
nothing to do with any additional patches in the Mandriva package
causing the problem.
I do not have access to any non-Mandriva 64 bit build hosts here to do
more tests...
FWIW, the GCC version is 4.3.2.
I can tarball up the installed version if you want to give my build a
run and see if it crashes on your machine. If it does crash then I'd
expect the problem to be related to GCC.
------------------------------------------------------------------------
[2008-11-13 22:23:05] [EMAIL PROTECTED]
I can't reproduce it on FreeBSD amd64.
------------------------------------------------------------------------
[2008-11-13 16:18:13] phpbugs at colin dot guthr dot ie
Description:
------------
I seem to have uncovered a bug that has been affecting me for a while
(e.g. it affects 5.2.6 as well) but that, until now, I have been able to
work around.
I have confirmed this bug on both 5.2.6 and 5.2.7RC3 on x86_64. I have
confirmed this bug does *not* occur on i586 with these same versions.
The reproduce code has two examples. It should be obvious which is
which ;)
I compiled up a fresh 5.2.7RC3 to produce the below backtrace.
Please remember that this bug affects x86_64 only.
I discovered this when using code in the Zend Framework in which this
scenario crops up in the natural flow of code.
Reproduce code:
---------------
<?php
class foo
{
private function bar($x)
{
echo $x;
}
private function wibble()
{
throw new Exception("Wibble");
}
public function bug()
{
$this->bar($this->wibble());
}
public function nobug()
{
$wibble = $this->wibble();
$this->bar($wibble);
}
}
$foo = new foo;
$foo->bug();
//$foo->nobug();
Expected result:
----------------
PHP Fatal error: Uncaught exception 'Exception' with message 'Wibble'
in /home/colin/bug.php:10
Stack trace:
#0 /home/colin/bug.php(14): foo->wibble()
#1 /home/colin/bug.php(23): foo->bug()
#2 {main}
thrown in /home/colin/bug.php on line 10
Actual result:
--------------
[EMAIL PROTECTED] pfx]$ gdb bin/php
GNU gdb 6.8-2mdv2009.0 (Mandriva Linux release 2009.0)
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show
copying"
and "show warranty" for details.
This GDB was configured as "x86_64-mandriva-linux-gnu"...
(gdb) set args bug.php
(gdb) run
Starting program: /home/colin/php/pfx/bin/php bug.php
[Thread debugging using libthread_db enabled]
[New Thread 0x7f75d9a056f0 (LWP 18074)]
Program received signal SIGSEGV, Segmentation fault.
zend_do_fcall_common_helper_SPEC (execute_data=0x7fffe1a4fbd0) at
/home/colin/php/php-5.2.7RC3/Zend/zend_vm_execute.h:289
289 if (RETURN_VALUE_USED(ctor_opline)) {
Missing debug package(s), you should install: glibc-debug libxml2-debug
zlib-debug
(gdb) thread apply all bt full
Thread 1 (Thread 0x7f75d9a056f0 (LWP 18074)):
#0 zend_do_fcall_common_helper_SPEC (execute_data=0x7fffe1a4fbd0) at
/home/colin/php/php-5.2.7RC3/Zend/zend_vm_execute.h:289
opline = (zend_op *) 0x7f75d9a2a770
original_return_value = (zval **) 0x7fffe1a4fcd0
current_scope = (zend_class_entry *) 0x0
current_this = (zval *) 0x0
return_value_used = 0
should_change_scope = 1 '\001'
#1 0x000000000064b8a4 in execute (op_array=0x7f75d9a2a108) at
/home/colin/php/php-5.2.7RC3/Zend/zend_vm_execute.h:92
execute_data = {opline = 0x7f75d9a2a770, function_state =
{function_symbol_table = 0x7f75d9a2d470,
function = 0x7f75d9a2a108, reserved = {0x0, 0x7f75d9a2a200, 0x0,
0x7f75d9a2a210}}, fbc = 0x7f75d9a2cb90,
op_array = 0x7f75d9a2a108, object = 0x7f75d9a29928, Ts =
0x7fffe1a4fa80, CVs = 0x7fffe1a4fa60, original_in_execution = 0 '\0',
symbol_table = 0x9db608, prev_execute_data = 0x0, old_error_reporting
= 0x0}
#2 0x00000000006290d1 in zend_execute_scripts (type=8, retval=0x51,
file_count=3)
at /home/colin/php/php-5.2.7RC3/Zend/zend.c:1134
files = {{gp_offset = 40, fp_offset = 0, overflow_arg_area =
0x7fffe1a4fdd0, reg_save_area = 0x7fffe1a4fce0}}
i = 1
file_handle = (zend_file_handle *) 0x7fffe1a52240
orig_op_array = (zend_op_array *) 0x0
orig_retval_ptr_ptr = (zval **) 0x0
local_retval = (zval *) 0x0
#3 0x00000000005e741f in php_execute_script
(primary_file=0x7fffe1a52240) at
/home/colin/php/php-5.2.7RC3/main/main.c:2023
realfile =
"/home/colin/php/pfx/bug.php\000\000\000\000\0000�%�u\177\000\000\000p��u\177\000\000\000\000\000\000\000\000\000\000����",
'\0' <repeats 12 times>,
"�U\232\000\000\000\000\000gister_an\000\000\000\000\000\000\000html_errH>\235",
'\0' <repeats 13 times>, "�P\204�u\177\000\000\001", '\0'
<repeats 15 times>,
"�\001&�u\177\000\000\020�5\000\000\000\000\0000�%�u\177",
'\0' <repeats 18 times>,
"r�\204�u\177\000\000�\227i", '\0' <repeats 13
times>, "\t:r\000\000\000\000\000�2c\000\000"...
__orig_bailout = (jmp_buf *) 0x7fffe1a52000
__bailout = {{__jmpbuf = {140736979084336,
-6156957097008169452, 140736979086864, 0, 140736979086864, 0,
-6156957080977539564, 6156943864853954068}, __mask_was_saved = 0,
__saved_mask = {__val = {206158430215, 140736979082960,
0, 140736979082960, 22266960, 0, 140144139213016,
140144139214560, 6402516, 140144139213376, 140144139213096,
140144139213056, 140144139213968, 140144139213016, 6921410,
3}}}}
prepend_file_p = (zend_file_handle *) 0x0
append_file_p = <value optimized out>
prepend_file = {type = 0 '\0', filename = 0x0, opened_path =
0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0,
reader = 0, closer = 0, fteller = 0, interactive = 0}},
free_filename = 0 '\0'}
append_file = {type = 0 '\0', filename = 0x0, opened_path =
0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0,
reader = 0, closer = 0, fteller = 0, interactive = 0}},
free_filename = 0 '\0'}
retval = 0
#4 0x000000000069b0ce in main (argc=2, argv=0x7fffe1a52428) at
/home/colin/php/php-5.2.7RC3/sapi/cli/php_cli.c:1134
__bailout = {{__jmpbuf = {0, -5642054132341337382,
7016452524537506151, 110, 8246765328184210536, 10305096,
-6156957097001877996, 6156943771903458836}, __mask_was_saved = 0,
__saved_mask = {__val = {140144137211684,
140144114257068, 23, 46448516, 140736979083392,
140736979083784, 140144114264912, 0, 140144139068736, 140144139071488,
140144112053138, 140144114315624, 140144112046240, 4294967296,
4294967449, 140144114744752}}}}
exit_status = 0
c = <value optimized out>
file_handle = {type = 2 '\002', filename = 0x7fffe1a52e10
"bug.php", opened_path = 0x0, handle = {fd = 22265984,
fp = 0x153c080, stream = {handle = 0x153c080, reader = 0x63d0f0
<zend_stream_stdio_reader>,
closer = 0x63d0d0 <zend_stream_stdio_closer>, fteller = 0x63d0c0
<zend_stream_stdio_fteller>, interactive = 0}},
free_filename = 0 '\0'}
behavior = <value optimized out>
reflection_what = 0x0
orig_optind = 1
orig_optarg = 0x0
arg_free = 0x7fffe1a52e10 "bug.php"
arg_excp = (char **) 0x7fffe1a52430
script_file = 0x7fffe1a52e10 "bug.php"
interactive = 0
module_started = 1
request_started = 1
lineno = 1
exec_direct = 0x0
exec_run = 0x0
exec_begin = 0x0
exec_end = 0x0
param_error = <value optimized out>
hide_argv = 0
ini_entries_len = <value optimized out>
(gdb)
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=46568&edit=1
