From: bugs dot php dot net at majkl578 dot cz
Operating system: Linux
PHP version: 5.4.9
Package: Reproducible crash
Bug Type: Bug
Bug description:Sigsegv when Exception::$trace is changed by user
Description:
------------
Segmentation fault occurs when calling Exception::getTraceAsString() after
Exception::$trace has been changed by reflection to a value PHP doesn't
understand.
Test script:
---------------
$e = new Exception();
$ref = new ReflectionProperty($e, 'trace');
$ref->setAccessible(TRUE);
$ref->setValue($e, array(NULL));
var_dump($e->getTraceAsString());
Expected result:
----------------
an error / trace converted using "fallback" mode (e.g. var_dump) / nothing
Actual result:
--------------
SIGSEGV
backtrace:
#0 0x0000000000a20c30 in _zend_is_inconsistent (ht=0x0, file=0x10792f8
"/data/build/php/5.4/php-5.4.9/Zend/zend_hash.c", line=919) at
/data/build/php/5.4/php-5.4.9/Zend/zend_hash.c:54
#1 0x0000000000a237cc in zend_hash_find (ht=0x0, arKey=0x107c10d "file",
nKeyLength=5, pData=0x7fffffffa558) at
/data/build/php/5.4/php-5.4.9/Zend/zend_hash.c:919
#2 0x0000000000a32fcc in _build_trace_string (frame=0x7ffff7fb4330,
num_args=3, args=0x7fffffffa5f8, hash_key=0x7fffffffa5e0) at
/data/build/php/5.4/php-5.4.9/Zend/zend_exceptions.c:472
#3 0x0000000000a231ac in zend_hash_apply_with_arguments
(ht=0x7ffff7fb41e0, apply_func=0xa32daa <_build_trace_string>, num_args=3)
at /data/build/php/5.4/php-5.4.9/Zend/zend_hash.c:772
#4 0x0000000000a335e4 in zim_exception_getTraceAsString (ht=0,
return_value=0x7ffff7fb43b8, return_value_ptr=0x0, this_ptr=0x7ffff7fb27e8,
return_value_used=1)
at /data/build/php/5.4/php-5.4.9/Zend/zend_exceptions.c:515
#5 0x0000000000a4f4c7 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7ffff7f7c0e8) at
/data/build/php/5.4/php-5.4.9/Zend/zend_vm_execute.h:642
#6 0x0000000000a50370 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x7ffff7f7c0e8) at
/data/build/php/5.4/php-5.4.9/Zend/zend_vm_execute.h:752
#7 0x0000000000a4de96 in execute (op_array=0x7ffff7fb3680) at
/data/build/php/5.4/php-5.4.9/Zend/zend_vm_execute.h:410
#8 0x0000000000a118c1 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /data/build/php/5.4/php-5.4.9/Zend/zend.c:1309
#9 0x0000000000988cb0 in php_execute_script (primary_file=0x7fffffffdfd0)
at /data/build/php/5.4/php-5.4.9/main/main.c:2482
#10 0x0000000000b57db2 in do_cli (argc=2, argv=0x7fffffffe378) at
/data/build/php/5.4/php-5.4.9/sapi/cli/php_cli.c:988
#11 0x0000000000b58d6d in main (argc=2, argv=0x7fffffffe378) at
/data/build/php/5.4/php-5.4.9/sapi/cli/php_cli.c:1364
--
Edit bug report at https://bugs.php.net/bug.php?id=63762&edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=63762&r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=63762&r=trysnapshot53
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=63762&r=trysnapshottrunk
Fixed in SVN: https://bugs.php.net/fix.php?id=63762&r=fixed
Fixed in release: https://bugs.php.net/fix.php?id=63762&r=alreadyfixed
Need backtrace: https://bugs.php.net/fix.php?id=63762&r=needtrace
Need Reproduce Script: https://bugs.php.net/fix.php?id=63762&r=needscript
Try newer version: https://bugs.php.net/fix.php?id=63762&r=oldversion
Not developer issue: https://bugs.php.net/fix.php?id=63762&r=support
Expected behavior: https://bugs.php.net/fix.php?id=63762&r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=63762&r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=63762&r=submittedtwice
register_globals: https://bugs.php.net/fix.php?id=63762&r=globals
PHP 4 support discontinued: https://bugs.php.net/fix.php?id=63762&r=php4
Daylight Savings: https://bugs.php.net/fix.php?id=63762&r=dst
IIS Stability: https://bugs.php.net/fix.php?id=63762&r=isapi
Install GNU Sed: https://bugs.php.net/fix.php?id=63762&r=gnused
Floating point limitations: https://bugs.php.net/fix.php?id=63762&r=float
No Zend Extensions: https://bugs.php.net/fix.php?id=63762&r=nozend
MySQL Configuration Error: https://bugs.php.net/fix.php?id=63762&r=mysqlcfg
