Edit report at https://bugs.php.net/bug.php?id=55365&edit=1
ID: 55365
Updated by: larue...@php.net
Reported by: dan at velsoft dot com
Summary: Using reference variable to $this in callback causes
a segfault
-Status: Open
+Status: Feedback
Type: Bug
-Package: Reproducible crash
+Package: Scripting Engine problem
Operating System: OS X 10.7 + Linux 64bit
PHP Version: 5.3.6
Block user comment: N
Private report: N
New Comment:
I can reproduce it on linux 64 bit, and I have a quick look at PHP 5.3.7, it
seems no such issues in PHP 5.3.7 , please try PHP 5.3.7 RC5. If the problem is
still there in PHP 5.3.7 plz change the status back to "Open". Thank you for
helping us make PHP better.
Previous Comments:
------------------------------------------------------------------------
[2011-08-05 12:35:41] dan at velsoft dot com
Also causes a segfault on a 64bit Linux machine
------------------------------------------------------------------------
[2011-08-05 02:29:54] dan at velsoft dot com
As an additional note: I've tried disabling xdebug, thinking it may be that,
however the above code still resulted in a segfault on my machine.
------------------------------------------------------------------------
[2011-08-05 02:28:52] dan at velsoft dot com
GDB backtrace:
(gdb) bt
#0 0x000000010034aa20 in zend_hash_find ()
#1 0x000000010035d555 in zend_std_get_method ()
#2 0x000000010039a104 in ZEND_INIT_METHOD_CALL_SPEC_CV_CONST_HANDLER ()
#3 0x00000001003a4325 in execute ()
#4 0x0000000100e054e1 in xdebug_execute ()
#5 0x000000010033fea1 in zend_execute_scripts ()
#6 0x00000001002f0806 in php_execute_script ()
#7 0x00000001003ba4a0 in main ()
------------------------------------------------------------------------
[2011-08-05 01:38:18] fel...@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32
Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.
I can't reproduce it on linux 32 bit.
------------------------------------------------------------------------
[2011-08-04 20:32:51] dan at velsoft dot com
Description:
------------
Using a reference variable to $this within an anonymous function, in a class
function causes a segfault. This previously worked in PHP 5.3.5.
The segfault can be caused either when using the function as a closure, or as
an
anonymous function.
The GDB output:
GNU gdb 6.3.50-20050815 (Apple version gdb-1705) (Fri Jul 1 10:50:06 UTC 2011)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "x86_64-apple-darwin"...Reading symbols for shared
libraries ...................... done
(gdb) run segfault.php
Starting program: /usr/bin/php segfault.php
Reading symbols for shared libraries
+++++++++++++++++++++...........................................................
............................................................... done
Reading symbols for shared libraries . done
Reading symbols for shared libraries . done
Reading symbols for shared libraries . done
Reading symbols for shared libraries . done
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x00000001ffffffff
0x000000010035d53d in zend_std_get_method ()
Test script:
---------------
<?php
class Seg
{
public function fault()
{
$that = &$this;
$callback = function() use ($that){};
$callback(); // Causes a segfault
is_callable(function() use ($that){}); // Causes a segfault
}
}
$obj = new Seg();
for($i = 0; $i < 5000; $i++)
{
$obj->fault();
}
Expected result:
----------------
No segfault
Actual result:
--------------
Segfault
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=55365&edit=1
