[PHP-BUG] Bug #62854 [NEW]: Segfault on call_user_func_array

[popsul1993 at gmail dot com]

From:             popsul1993 at gmail dot com
Operating system: Ubuntu 12.04
PHP version:      5.4.6
Package:          Reproducible crash
Bug Type:         Bug
Bug description:Segfault on call_user_func_array

Description:
------------
PHP crash through deep nested recursion over call_user_func_array


Compilation config:
./configure '--enable-fpm' '--enable-mbstring' '--with-mysql'
'--with-regex=php' 
'--with-tidy=shared' '--prefix=/usr/local/' --with-config-file-scan-
dir=/usr/local/etc/php5

Also, PHP >=5.4.5 have a crazy behavior, i.e. my implementation of
ActiveRecord 
have method 'buildSql' (with public visibility), but when run e.g. $this-
>buildSql(); that call send to __call(), where there is a checing with code

method_exists($this, $method_name), which returning true and after that
calling 
call_user_func_array([$this, $method_name], $parameters);, and that
invocation 
again sending to __call(), although method buildSql exists and visibled.


Test script:
---------------
class Test {
        public function foo() {
                return call_user_func_array([$this, 'foo'], func_get_args());
        }
}

$test = new Test();
$test->foo();

Actual result:
--------------
(gdb) run
Starting program: /usr/local/bin/php -e ./tests/testrecursion.php

Program received signal SIGSEGV, Segmentation fault.
zend_is_callable_ex (callable=0xb70bd424, object_ptr=<optimized out>, 
check_flags=0, callable_name=0x0, callable_name_len=0xbf800000, 
    fcc=0xbf8001b4, error=0xbf800108) at
/home/popsul/Загрузки/php-
5.4.6/Zend/zend_API.c:2970
2970                                    if 
(zend_hash_num_elements(Z_ARRVAL_P(callable)) == 2) {
(gdb) backtrace
#0  zend_is_callable_ex (callable=0xb70bd424, object_ptr=<optimized out>, 
check_flags=0, callable_name=0x0, callable_name_len=0xbf800000, 
    fcc=0xbf8001b4, error=0xbf800108) at
/home/popsul/Загрузки/php-
5.4.6/Zend/zend_API.c:2970
#1  0x0834a89f in zend_fcall_info_init (callable=0xb70bd424, check_flags=0,

fci=0xbf800190, fcc=0xbf8001b4, callable_name=0x0, error=0xbf800108)
    at /home/popsul/Загрузки/php-5.4.6/Zend/zend_API.c:3126
#2  0x0834af0a in zend_parse_arg_impl (severity=<synthetic pointer>, 
error=0xbf8000f4, spec=<synthetic pointer>, va=0xbf800158, arg=0xb70ad254,

    arg_num=<optimized out>) at /home/popsul/Загрузки/php-
5.4.6/Zend/zend_API.c:616
#3  zend_parse_arg (quiet=0, spec=<synthetic pointer>, va=0xbf800158, 
arg=0xb70ad254, arg_num=1)
    at /home/popsul/Загрузки/php-5.4.6/Zend/zend_API.c:675
#4  zend_parse_va_args (num_args=1, type_spec=0x878128a "fa/",
va=0xbf800158, 
flags=0) at /home/popsul/Загрузки/php-5.4.6/Zend/zend_API.c:844
#5  0x0834c6d2 in zend_parse_parameters (num_args=2, type_spec=0x878128a
"fa/") 
at /home/popsul/Загрузки/php-5.4.6/Zend/zend_API.c:895
#6  0x08256b77 in zif_call_user_func_array (ht=2, return_value=0xb70bd48c,

return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
    at
/home/popsul/Загрузки/php-5.4.6/ext/standard/basic_functions.c:4742
#7  0x083df418 in zend_do_fcall_common_helper_SPEC (execute_data=<optimized

out>)
    at /home/popsul/Загрузки/php-5.4.6/Zend/zend_vm_execute.h:642
#8  0x083a242d in execute (op_array=<optimized out>) at /home/popsul/
Загрузки/php-5.4.6/Zend/zend_vm_execute.h:410
#9  0x08336060 in zend_call_function (fci=0xbf8003a0, fci_cache=0xbf8003c4)
at 
/home/popsul/Загрузки/php-5.4.6/Zend/zend_execute_API.c:958
#10 0x08256ba0 in zif_call_user_func_array (ht=2, return_value=0xb70bd310,

return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
    at
/home/popsul/Загрузки/php-5.4.6/ext/standard/basic_functions.c:4749
#11 0x083df418 in zend_do_fcall_common_helper_SPEC (execute_data=<optimized

out>)
    at /home/popsul/Загрузки/php-5.4.6/Zend/zend_vm_execute.h:642
#12 0x083a242d in execute (op_array=<optimized out>) at /home/popsul/
Загрузки/php-5.4.6/Zend/zend_vm_execute.h:410
#13 0x08336060 in zend_call_function (fci=0xbf8005b0, fci_cache=0xbf8005d4)
at 
/home/popsul/Загрузки/php-5.4.6/Zend/zend_execute_API.c:958
#14 0x08256ba0 in zif_call_user_func_array (ht=2, return_value=0xb70bd194,

return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
    at
/home/popsul/Загрузки/php-5.4.6/ext/standard/basic_functions.c:4749
#15 0x083df418 in zend_do_fcall_common_helper_SPEC (execute_data=<optimized

out>)
    at /home/popsul/Загрузки/php-5.4.6/Zend/zend_vm_execute.h:642
#16 0x083a242d in execute (op_array=<optimized out>) at /home/popsul/
Загрузки/php-5.4.6/Zend/zend_vm_execute.h:410
#17 0x08336060 in zend_call_function (fci=0xbf8007c0, fci_cache=0xbf8007e4)
at 
/home/popsul/Загрузки/php-5.4.6/Zend/zend_execute_API.c:958
#18 0x08256ba0 in zif_call_user_func_array (ht=2, return_value=0xb70bd018,

return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
    at
/home/popsul/Загрузки/php-5.4.6/ext/standard/basic_functions.c:4749
#19 0x083df418 in zend_do_fcall_common_helper_SPEC (execute_data=<optimized

out>)
    at /home/popsul/Загрузки/php-5.4.6/Zend/zend_vm_execute.h:642
#20 0x083a242d in execute (op_array=<optimized out>) at /home/popsul/
Загрузки/php-5.4.6/Zend/zend_vm_execute.h:410
#21 0x08336060 in zend_call_function (fci=0xbf8009d0, fci_cache=0xbf8009f4)
at 
/home/popsul/Загрузки/php-5.4.6/Zend/zend_execute_API.c:958
#22 0x08256ba0 in zif_call_user_func_array (ht=2, return_value=0xb70bce9c,

return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
    at
/home/popsul/Загрузки/php-5.4.6/ext/standard/basic_functions.c:4749
#23 0x083df418 in zend_do_fcall_common_helper_SPEC (execute_data=<optimized

out>)
    at /home/popsul/Загрузки/php-5.4.6/Zend/zend_vm_execute.h:642


-- 
Edit bug report at https://bugs.php.net/bug.php?id=62854&edit=1
-- 
Try a snapshot (PHP 5.4):            
https://bugs.php.net/fix.php?id=62854&r=trysnapshot54
Try a snapshot (PHP 5.3):            
https://bugs.php.net/fix.php?id=62854&r=trysnapshot53
Try a snapshot (trunk):              
https://bugs.php.net/fix.php?id=62854&r=trysnapshottrunk
Fixed in SVN:                        
https://bugs.php.net/fix.php?id=62854&r=fixed
Fixed in SVN and need be documented: 
https://bugs.php.net/fix.php?id=62854&r=needdocs
Fixed in release:                    
https://bugs.php.net/fix.php?id=62854&r=alreadyfixed
Need backtrace:                      
https://bugs.php.net/fix.php?id=62854&r=needtrace
Need Reproduce Script:               
https://bugs.php.net/fix.php?id=62854&r=needscript
Try newer version:                   
https://bugs.php.net/fix.php?id=62854&r=oldversion
Not developer issue:                 
https://bugs.php.net/fix.php?id=62854&r=support
Expected behavior:                   
https://bugs.php.net/fix.php?id=62854&r=notwrong
Not enough info:                     
https://bugs.php.net/fix.php?id=62854&r=notenoughinfo
Submitted twice:                     
https://bugs.php.net/fix.php?id=62854&r=submittedtwice
register_globals:                    
https://bugs.php.net/fix.php?id=62854&r=globals
PHP 4 support discontinued:          
https://bugs.php.net/fix.php?id=62854&r=php4
Daylight Savings:                    https://bugs.php.net/fix.php?id=62854&r=dst
IIS Stability:                       
https://bugs.php.net/fix.php?id=62854&r=isapi
Install GNU Sed:                     
https://bugs.php.net/fix.php?id=62854&r=gnused
Floating point limitations:          
https://bugs.php.net/fix.php?id=62854&r=float
No Zend Extensions:                  
https://bugs.php.net/fix.php?id=62854&r=nozend
MySQL Configuration Error:           
https://bugs.php.net/fix.php?id=62854&r=mysqlcfg