Edit report at https://bugs.php.net/bug.php?id=64960&edit=1
ID: 64960 Updated by: paj...@php.net Reported by: arjen at react dot com Summary: Segfault in gc_zval_possible_root Status: Open Type: Bug Package: Scripting Engine problem Operating System: Archlinux PHP Version: 5.4.15 Block user comment: N Private report: N New Comment: This is what we actually support: http://www.php.net/downloads.php or using: https://github.com/php/php-src (use the 5.4 branch). External patched versions like the one in ZendServer are not supported, while this possible bug may happen in these versions, we need to reproduce it with our code base. Previous Comments: ------------------------------------------------------------------------ [2013-06-05 07:58:06] arjen at react dot com Centos 6.3 with Zend Server PHP (no Suhosin): # php -v PHP 5.3.14 (cli) (built: Jun 19 2012 03:47:42) Archlinux (from repo, no Suhosin) $ php -v PHP 5.4.15 (cli) (built: May 12 2013 13:11:23) Are you sure you're not testing with a debug build? The segfault does not happen in debug builds. ------------------------------------------------------------------------ [2013-06-05 03:10:20] larue...@php.net please disable Suhosin patch and try again. ------------------------------------------------------------------------ [2013-06-04 19:25:14] arjen at react dot com Verified it's not an Archlinux issue: ~$ php -v PHP 5.3.10-1ubuntu3.6 with Suhosin-Patch (cli) (built: Mar 11 2013 14:31:48) ~$ php segfault.php PHP Notice: ob_end_flush(): failed to delete and flush buffer. No buffer to delete or flush in /home/arjen/segfault.php on line 3 PHP Fatal error: Uncaught exception 'Exception' in /home/arjen/segfault.php:19 Stack trace: #0 [internal function]: {closure}(8, 'ob_end_clean():...', '/home/arjen/seg...', 9, Array) #1 /home/arjen/segfault.php(9): ob_end_clean() #2 [internal function]: ExceptionHandler->__invoke(Object(Exception)) #3 {main} thrown in /home/arjen/segfault.php on line 19 Segmentation fault (core dumped) ------------------------------------------------------------------------ [2013-06-04 15:28:15] larue...@php.net I can not reproduce the "segfault" ------------------------------------------------------------------------ [2013-06-03 11:48:55] arjen at react dot com Description: ------------ Affects >= 5.3.0, including 5.4.16. See http://3v4l.org/dTDPH#v536 Combination of custom exception handler and error handler, custom property with a debug_backtrace defined to an exception and calling ob_end_clean while ob_end_flush was called. Wasn't able to reduce this further. Test script: --------------- // this makes ob_end_clean raise an error ob_end_flush(); class ExceptionHandler { public function __invoke (Exception $e) { // this triggers the custom error handler ob_end_clean(); } } // this must be a class, closure does not trigger segfault set_exception_handler(new ExceptionHandler()); // exception must be throwed from error handler. set_error_handler(function() { $e = new Exception; $e->_trace = debug_backtrace(); throw $e; }); // trigger error handler $a['waa']; Expected result: ---------------- No segfault. Actual result: -------------- #0 0x0000000000648779 in gc_zval_possible_root () #1 0x0000000000637168 in zend_hash_destroy () #2 0x0000000000628c0b in _zval_dtor_func () #3 0x000000000061abd9 in _zval_ptr_dtor () #4 0x0000000000637168 in zend_hash_destroy () #5 0x0000000000628c0b in _zval_dtor_func () #6 0x000000000061abd9 in _zval_ptr_dtor () #7 0x000000000064a437 in zend_object_std_dtor () #8 0x000000000064a469 in zend_objects_free_object_storage () #9 0x000000000064fe16 in zend_objects_store_free_object_storage () #10 0x000000000061b123 in ?? () #11 0x0000000000629bc2 in ?? () #12 0x00000000005cc04d in php_request_shutdown () #13 0x0000000000426004 in ?? () #14 0x00007f9a6fddba15 in __libc_start_main () from /usr/lib/libc.so.6 #15 0x0000000000426db9 in _start () ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=64960&edit=1
