From:
Operating system: Linux
PHP version: 5.3.10
Package: *General Issues
Bug Type: Bug
Bug description:Segfault in xdebug? zend? binary operation?
Description:
------------
segfault in this example
Starting program: /usr/bin/php index.php
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x7ffff7192700 (LWP 987)]
[Thread 0x7ffff7192700 (LWP 987) exited]
Program received signal SIGSEGV, Segmentation fault.
0x00000000006f1e40 in zend_hash_num_elements ()
(gdb) bt
#0 0x00000000006f1e40 in zend_hash_num_elements ()
#1 0x00000000006ddf05 in bitwise_and_function ()
#2 0x0000000000756877 in ?? ()
#3 0x000000000070a03e in execute ()
#4 0x00007ffff7c2f5f7 in xdebug_execute () from
/usr/lib64/php5.3/lib/extensions/no-debug-zts-20090626/xdebug.so
#5 0x00000000007676f0 in ?? ()
#6 0x000000000070a03e in execute ()
#7 0x00007ffff7c2f5f7 in xdebug_execute () from
/usr/lib64/php5.3/lib/extensions/no-debug-zts-20090626/xdebug.so
#8 0x000000000071b7b3 in ?? ()
#9 0x000000000070a03e in execute ()
#10 0x00007ffff7c2f5f7 in xdebug_execute () from
/usr/lib64/php5.3/lib/extensions/no-debug-zts-20090626/xdebug.so
#11 0x00000000006e4c09 in zend_execute_scripts ()
#12 0x000000000068606e in php_execute_script ()
#13 0x000000000046d7e0 in main ()
PHP 5.3.10-pl2-gentoo (cli) (built: Mar 20 2012 01:15:33)
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies
with Xdebug v2.1.4, Copyright (c) 2002-2012, by Derick Rethans
[PHP Modules]
bz2
Core
ctype
curl
date
dba
dom
ereg
exif
fileinfo
filter
gd
geoip
gettext
hash
iconv
json
ldap
libxml
mbstring
mcrypt
memcached
mysql
mysqli
openssl
pcre
PDO
pdo_mysql
pdo_pgsql
pgsql
Phar
posix
pspell
readline
Reflection
session
SimpleXML
SPL
standard
tokenizer
xdebug
xhprof
xml
xmlreader
xmlwriter
zip
zlib
[Zend Modules]
Xdebug
Test script:
---------------
<?php
/* exploit PHP 5.3.10-pl2-gentoo
* @copyright Piotr Rogowski <piotrekrogow...@gmail.com>
*/
class segfault
{
static $var = array();
static function crash()
{
$item = &self::$var;
$item &= $item[1] = array();
}
}
segfault::crash();
?>
Expected result:
----------------
segfault
Actual result:
--------------
not segfault :P
--
Edit bug report at https://bugs.php.net/bug.php?id=61500&edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=61500&r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=61500&r=trysnapshot53
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=61500&r=trysnapshottrunk
Fixed in SVN:
https://bugs.php.net/fix.php?id=61500&r=fixed
Fixed in SVN and need be documented:
https://bugs.php.net/fix.php?id=61500&r=needdocs
Fixed in release:
https://bugs.php.net/fix.php?id=61500&r=alreadyfixed
Need backtrace:
https://bugs.php.net/fix.php?id=61500&r=needtrace
Need Reproduce Script:
https://bugs.php.net/fix.php?id=61500&r=needscript
Try newer version:
https://bugs.php.net/fix.php?id=61500&r=oldversion
Not developer issue:
https://bugs.php.net/fix.php?id=61500&r=support
Expected behavior:
https://bugs.php.net/fix.php?id=61500&r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=61500&r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=61500&r=submittedtwice
register_globals:
https://bugs.php.net/fix.php?id=61500&r=globals
PHP 4 support discontinued:
https://bugs.php.net/fix.php?id=61500&r=php4
Daylight Savings: https://bugs.php.net/fix.php?id=61500&r=dst
IIS Stability:
https://bugs.php.net/fix.php?id=61500&r=isapi
Install GNU Sed:
https://bugs.php.net/fix.php?id=61500&r=gnused
Floating point limitations:
https://bugs.php.net/fix.php?id=61500&r=float
No Zend Extensions:
https://bugs.php.net/fix.php?id=61500&r=nozend
MySQL Configuration Error:
https://bugs.php.net/fix.php?id=61500&r=mysqlcfg
