From: nikic
Operating system:
PHP version: 5.5.0alpha2
Package: Scripting Engine problem
Bug Type: Bug
Bug description:Segfault on undefined function call in nested generator
Description:
------------
In the given test script PHP will crash during destruction of the outer
generator:
#0 0x08251d6f in zval_delref_p (pz=0x4)
at /home/nikic/dev/php-src/Zend/zend.h:406
#1 i_zval_ptr_dtor (__zend_lineno=132,
__zend_filename=0x84ad810
"/home/nikic/dev/php-src/Zend/zend_generators.c", zval_ptr=0x4) at
/home/nikic/dev/php-src/Zend/zend_execute.h:76
#2 _zval_ptr_dtor (zval_ptr=0xb7fc4cd4,
__zend_filename=0x84ad810
"/home/nikic/dev/php-src/Zend/zend_generators.c", __zend_lineno=132) at
/home/nikic/dev/php-src/Zend/zend_execute_API.c:428
#3 0x082924a4 in zend_generator_close (generator=0xb7fc41d0,
finished_execution=0 '\000', tsrm_ls=0x850a050)
at /home/nikic/dev/php-src/Zend/zend_generators.c:132
#4 0x0829265c in zend_generator_free_storage (generator=0xb7fc41d0,
tsrm_ls=0x850a050) at
/home/nikic/dev/php-src/Zend/zend_generators.c:180
#5 0x0829e57b in zend_objects_store_free_object_storage
(objects=0x850bcb8,
tsrm_ls=0x850a050) at
/home/nikic/dev/php-src/Zend/zend_objects_API.c:92
#6 0x082515d2 in shutdown_executor (tsrm_ls=0x850a050)
at /home/nikic/dev/php-src/Zend/zend_execute_API.c:295
#7 0x082669cd in zend_deactivate (tsrm_ls=0x850a050)
at /home/nikic/dev/php-src/Zend/zend.c:938
#8 0x081c7755 in php_request_shutdown (dummy=0x0)
at /home/nikic/dev/php-src/main/main.c:1789
#9 0x083c8384 in do_cli (argc=2, argv=0xbffff394, tsrm_ls=0x850a050)
at /home/nikic/dev/php-src/sapi/cli/php_cli.c:1171
The reason is that the argument stack has the argument number pushed at the
end, so the code tries to zval_ptr_dtor the pointer 0x4.
I'm not yet sure how to best fix this. One would need some way to know
whether the last argument is actually the argument count.
Test script:
---------------
<?php
function gen() {
i_totally_dont_exist();
yield; // force generator
}
function function_with_4_args() {
$gen = gen();
$gen->rewind();
}
function outerGen() {
function_with_4_args(0, 1, 2, 3);
yield; // force generator
}
$outerGen = outerGen();
$outerGen->rewind();
--
Edit bug report at https://bugs.php.net/bug.php?id=63830&edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=63830&r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=63830&r=trysnapshot53
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=63830&r=trysnapshottrunk
Fixed in SVN: https://bugs.php.net/fix.php?id=63830&r=fixed
Fixed in release: https://bugs.php.net/fix.php?id=63830&r=alreadyfixed
Need backtrace: https://bugs.php.net/fix.php?id=63830&r=needtrace
Need Reproduce Script: https://bugs.php.net/fix.php?id=63830&r=needscript
Try newer version: https://bugs.php.net/fix.php?id=63830&r=oldversion
Not developer issue: https://bugs.php.net/fix.php?id=63830&r=support
Expected behavior: https://bugs.php.net/fix.php?id=63830&r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=63830&r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=63830&r=submittedtwice
register_globals: https://bugs.php.net/fix.php?id=63830&r=globals
PHP 4 support discontinued: https://bugs.php.net/fix.php?id=63830&r=php4
Daylight Savings: https://bugs.php.net/fix.php?id=63830&r=dst
IIS Stability: https://bugs.php.net/fix.php?id=63830&r=isapi
Install GNU Sed: https://bugs.php.net/fix.php?id=63830&r=gnused
Floating point limitations: https://bugs.php.net/fix.php?id=63830&r=float
No Zend Extensions: https://bugs.php.net/fix.php?id=63830&r=nozend
MySQL Configuration Error: https://bugs.php.net/fix.php?id=63830&r=mysqlcfg
