Bug #55339 [Com]: Segfault with allow_call_time_pass_reference = Off

Mon, 01 Aug 2011 14:25:32 -0700 

Edit report at https://bugs.php.net/bug.php?id=55339&edit=1

 ID:                 55339
 Comment by:         tomas dot brastavicius at quantum dot lt
 Reported by:        tomas dot brastavicius at quantum dot lt
 Summary:            Segfault with allow_call_time_pass_reference = Off
 Status:             Feedback
 Type:               Bug
 Package:            Scripting Engine problem
 Operating System:   Linux
 PHP Version:        5.3SVN-2011-08-01 (SVN)
 Assigned To:        dmitry
 Block user comment: N
 Private report:     N

 New Comment:

Oops, here is the backtrace.

Program terminated with signal 11, Segmentation fault.
#0  0x00000000006210e7 in zval_delref_p (T=0x7f91d9630390, extended_value=1)
    at /home/tomas/php-5.3/Zend/zend.h:385
385             return --pz->refcount__gc;
(gdb) bt
#0  0x00000000006210e7 in zval_delref_p (T=0x7f91d9630390, extended_value=1)
    at /home/tomas/php-5.3/Zend/zend.h:385
#1  zend_pzval_unlock_free_func (T=0x7f91d9630390, extended_value=1) at 
/home/tomas/php-5.3/Zend/zend_execute.c:86
#2  zend_switch_free (T=0x7f91d9630390, extended_value=1) at 
/home/tomas/php-5.3/Zend/zend_execute.c:382
#3  0x00000000006459b6 in ZEND_SWITCH_FREE_SPEC_VAR_HANDLER 
(execute_data=0x7f91d96302a8)
    at /home/tomas/php-5.3/Zend/zend_vm_execute.h:8453
#4  0x0000000000624a36 in execute (op_array=0x29be158) at 
/home/tomas/php-5.3/Zend/zend_vm_execute.h:107
#5  0x00000000005e16b7 in zend_call_function (fci=0x7fff63d50ae0, 
fci_cache=0x7fff63d50970)
    at /home/tomas/php-5.3/Zend/zend_execute_API.c:968
#6  0x00000000005e089c in call_user_function_ex (function_table=0x28b7bd0, 
object_pp=0x0, function_name=0x29ba828, 
    retval_ptr_ptr=0x7fff63d50be8, param_count=5, params=0x29bedb0, 
no_separation=1, symbol_table=0x0)
    at /home/tomas/php-5.3/Zend/zend_execute_API.c:758
#7  0x00000000005f0d2a in zend_error (type=8192, format=0x794ad8 "Call-time 
pass-by-reference has been deprecated")
    at /home/tomas/php-5.3/Zend/zend.c:1102
#8  0x00000000005d2f9d in zend_do_pass_param (param=0x7fff63d51110, op=67 'C', 
offset=2)
    at /home/tomas/php-5.3/Zend/zend_compile.c:2093
#9  0x00000000005aae3b in zendparse () at 
/home/tomas/php-5.3/Zend/zend_language_parser.y:483
#10 0x00000000005af8cb in compile_file (file_handle=0x7fff63d52bc0, type=8) at 
Zend/zend_language_scanner.l:364
#11 0x000000000062a236 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER 
(execute_data=0x7f91d9630090)
    at /home/tomas/php-5.3/Zend/zend_vm_execute.h:1946
#12 0x0000000000624a36 in execute (op_array=0x29ba5b0) at 
/home/tomas/php-5.3/Zend/zend_vm_execute.h:107
#13 0x00000000005f11ec in zend_execute_scripts (type=8, retval=0x0, 
file_count=3)
    at /home/tomas/php-5.3/Zend/zend.c:1195
#14 0x000000000057a60c in php_execute_script (primary_file=0x7fff63d552a0) at 
/home/tomas/php-5.3/main/main.c:2284
#15 0x00000000006d5061 in main (argc=4, argv=0x7fff63d55508) at 
/home/tomas/php-5.3/sapi/cli/php_cli.c:1184


Previous Comments:
------------------------------------------------------------------------
[2011-08-01 20:58:46] [email protected]

Program terminated with signal 11, Segmentation fault.
#0  0x00000000006210e7 in ?? ()
(gdb) bt
#0  0x00000000006210e7 in ?? ()


No, the debug mode was not used sorry. the ?? are here to say that gdb has no 
idea about the symbols.

------------------------------------------------------------------------
[2011-08-01 20:50:04] tomas dot brastavicius at quantum dot lt

@[email protected]

I did. I have made a mistake in a bug report. The following configuration was 
used: ./configure --disable-all --enable-debug.
I was able to reproduce this issue on 3 separate servers.

------------------------------------------------------------------------
[2011-08-01 20:31:13] [email protected]

The symbols are missing so the backtrace is rather useless. Compile php with --
enable-debug to get them.

------------------------------------------------------------------------
[2011-08-01 19:47:31] tomas dot brastavicius at quantum dot lt

Description:
------------
The scripts that are provided below causes segfault. The following 
configuration was used to compile PHP:
./configure --disable-all

Test script:
---------------
To reproduce the bug one needs 3 PHP files:

1. index.php
<?php

function error_handler($errno, $errstr, $errfile, $errline)
{
    require_once 'error_handler.php';
}
set_error_handler('error_handler');

require_once('inc.php');

echo 'Never prints';


2. error_handler.php
<?php

// The file may be empty. It's OK.


3. inc.php
<?php

function foo()
{
    $array = array();
    foreach ($array as $key => $value) {
        bar($key, &$value);
    }
}

function bar()
{

}

Before running index.php be sure allow_call_time_pass_reference is Off

Expected result:
----------------
Never prints

Actual result:
--------------
Program terminated with signal 11, Segmentation fault.
#0  0x00000000006210e7 in ?? ()
(gdb) bt
#0  0x00000000006210e7 in ?? ()
#1  0x0000000100000000 in ?? ()
#2  0x00007f3a4a29d390 in ?? ()
#3  0x0000000000000000 in ?? ()



------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=55339&edit=1

Reply via email to