Edit report at https://bugs.php.net/bug.php?id=54604&edit=1
ID: 54604
Updated by: fel...@php.net
Reported by: bugs dot php dot net at zetafleet dot com
Summary: Segfault in ZEND_SWITCH_FREE_SPEC_VAR_HANDLER
-Status: Open
+Status: Feedback
Type: Bug
Package: Reproducible crash
Operating System: Debian Linux
PHP Version: 5.3.6
Block user comment: N
Private report: N
New Comment:
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves.
A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external
resources such as databases, etc. If the script requires a
database to demonstrate the issue, please make sure it creates
all necessary tables, stored procedures etc.
Please avoid embedding huge scripts into the report.
Previous Comments:
------------------------------------------------------------------------
[2011-04-26 04:23:12] bugs dot php dot net at zetafleet dot com
Description:
------------
Iâm not able to safely create a reduced test case. The crash is occurring
from inside a custom error handler when it calls Smarty::display on a Smarty
2.6.26 template. Reproduced using both dotdeb 5.3.6-6~dotdeb.1 and debian
unstable 5.3.6-8.
Expected result:
----------------
No crash.
Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
ZEND_SWITCH_FREE_SPEC_VAR_HANDLER (execute_data=0x7fb3ed373a30) at
/tmp/buildd/php5-5.3.6/Zend/zend.h:385
385 /tmp/buildd/php5-5.3.6/Zend/zend.h: No such file or directory.
in /tmp/buildd/php5-5.3.6/Zend/zend.h
(gdb) t a a bt
Thread 1 (Thread 0x7fb3f7bfd720 (LWP 9215)):
#0 ZEND_SWITCH_FREE_SPEC_VAR_HANDLER (execute_data=0x7fb3ed373a30) at
/tmp/buildd/php5-5.3.6/Zend/zend.h:385
#1 0x00000000006abb34 in execute (op_array=0x2832d68) at
/tmp/buildd/php5-5.3.6/Zend/zend_vm_execute.h:107
#2 0x000000000067862f in zend_call_function (fci=0x7fffa5018100,
fci_cache=0x7fb3ed36b1f8) at /tmp/buildd/php5-5.3.6/Zend/zend_execute_API.c:964
#3 0x0000000000678a60 in call_user_function_ex (function_table=0x7fb3ed373af0,
object_pp=0x0, function_name=0x0, retval_ptr_ptr=0x0, param_count=0,
params=0x101010101010101, no_separation=6838809, symbol_table=0x1)
at /tmp/buildd/php5-5.3.6/Zend/zend_execute_API.c:754
#4 0x0000000000685a19 in zend_error (type=8192, format=0xaaff40 "Assigning the
return value of new by reference is deprecated") at
/tmp/buildd/php5-5.3.6/Zend/zend.c:1173
#5 0x0000000000655ae7 in zendparse () at
/tmp/buildd/php5-5.3.6/Zend/zend_language_parser.c:4247
#6 0x0000000000657b62 in compile_file (file_handle=<incomplete type>, type=0)
at Zend/zend_language_scanner.l:364
#7 0x0000000000511d11 in phar_compile_file (file_handle=<incomplete type>,
type=0) at /tmp/buildd/php5-5.3.6/ext/phar/phar.c:3393
#8 0x0000000000657d22 in compile_filename (type=2, filename=0x282bfd8) at
Zend/zend_language_scanner.l:407
#9 0x00000000006cc4e8 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER
(execute_data=0x7fb3ed36b1f8) at
/tmp/buildd/php5-5.3.6/Zend/zend_vm_execute.h:1925
#10 0x00000000006abb34 in execute (op_array=0x27ff180) at
/tmp/buildd/php5-5.3.6/Zend/zend_vm_execute.h:107
#11 0x0000000000686796 in zend_execute_scripts (type=0, retval=0x7fffa501a590,
file_count=3) at /tmp/buildd/php5-5.3.6/Zend/zend.c:1266
#12 0x0000000000632063 in php_execute_script (primary_file=0x29e0f60) at
/tmp/buildd/php5-5.3.6/main/main.c:2296
#13 0x0000000000724306 in main (argc=41836840, argv=0xda8300) at
/tmp/buildd/php5-5.3.6/sapi/fpm/fpm/fpm_main.c:1917
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=54604&edit=1
