Edit report at http://bugs.php.net/bug.php?id=49893&edit=1
ID: 49893 Updated by: [email protected] Reported by: greubel at nkey dot de Summary: Apache 2.2 Child crash while creating an instance of Zend_Mail_Storage_Pop3 -Status: Assigned +Status: Closed Type: Bug Package: Reproducible crash Operating System: * PHP Version: 5.3.0 Assigned To: dmitry New Comment: This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2010-05-11 18:09:45] [email protected] Automatic comment from SVN on behalf of dmitry Revision: http://svn.php.net/viewvc/?view=revision&revision=299254 Log: Fixed bug #49893 (Crash while creating an instance of Zend_Mail_Storage_Pop3) ------------------------------------------------------------------------ [2010-05-11 16:45:14] [email protected] The bug occurs when exception is caught in destructor during another exception processing Reproduce code: --------------- <?php class A { function __destruct() { try { throw new Exception("2"); } catch (Exception $e) { echo $e->getMessage() . "\n"; } } } class B { function __construct() { $this->a = new A(); throw new Exception("1"); } } try { $b = new B(); } catch(Exception $e) { echo $e->getMessage() . "\n";; } ?> Expected result: ---------------- 2 1 Actual result: -------------- 2 valgrind -------- ==26823== Invalid read of size 4 ==26823== at 0x856480A: ZEND_ASSIGN_SPEC_CV_VAR_HANDLER (zend.h:385) ==26823== by 0x84D7B98: execute (zend_vm_execute.h:104) ==26823== by 0x84ACA44: zend_execute_scripts (zend.c:1194) ==26823== by 0x844186E: php_execute_script (main.c:2260) ==26823== by 0x8572CDE: main (php_cli.c:1192) ==26823== Address 0x51f1428 is 8 bytes inside a block of size 20 free'd ==26823== at 0x4B8C90A: free (vg_replace_malloc.c:323) ==26823== by 0x848B079: _efree (zend_alloc.c:2348) ==26823== by 0x849C3E3: _zval_ptr_dtor (zend_execute_API.c:444) ==26823== by 0x84D8156: zend_leave_helper_SPEC (zend_vm_execute.h:226) ==26823== by 0x84DA521: ZEND_HANDLE_EXCEPTION_SPEC_HANDLER (zend_vm_execute.h:680) ==26823== by 0x84D7B98: execute (zend_vm_execute.h:104) ==26823== by 0x84ACA44: zend_execute_scripts (zend.c:1194) ==26823== by 0x844186E: php_execute_script (main.c:2260) ==26823== by 0x8572CDE: main (php_cli.c:1192) ------------------------------------------------------------------------ [2009-10-20 20:57:38] [email protected] not a bug > bogus. ------------------------------------------------------------------------ [2009-10-20 20:13:15] greubel at nkey dot de Not reproducable ------------------------------------------------------------------------ [2009-10-20 20:11:41] greubel at nkey dot de Please close. I'm not able to reproduce the problem with a small script. I tried to strip down the code from ZF to provide the same functionality but provoke the bug. This seems to be not possible on this circumstances. This code works well: <?php class foo { private $sock; private $errno; private $error; public function __construct() { $this->sock = fsockopen('pop.gmx.net', 110, $this->errno, $this->error); $r = fgets($this->sock); echo "$r<br/>"; fputs($this->sock, "USER [email protected]\r\n"); $r = fgets($this->sock); echo "$r<br/>"; fputs($this->sock, "PASS \r\n"); $r = fgets($this->sock); echo "$r<br/>"; fputs($this->sock, "QUIT\r\n"); $r = fgets($this->sock); echo "$r<br/>"; } public function close() { fclose($this->sock); $this->sock = null; } } $bar = new foo(); $bar->close(); ?> So please close. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/bug.php?id=49893 -- Edit this bug report at http://bugs.php.net/bug.php?id=49893&edit=1
