Edit report at https://bugs.php.net/bug.php?id=64966&edit=1
ID: 64966 Patch added by: larue...@php.net Reported by: bfra...@php.net Summary: segfault in zend_do_fcall_common_helper_SPEC Status: Assigned Type: Bug Package: Scripting Engine problem PHP Version: Irrelevant Assigned To: laruence Block user comment: N Private report: N New Comment: The following patch has been added/updated: Patch Name: bug64966.patch Revision: 1370683141 URL: https://bugs.php.net/patch-display.php?bug=64966&patch=bug64966.patch&revision=1370683141 Previous Comments: ------------------------------------------------------------------------ [2013-06-08 09:15:03] larue...@php.net change summary, since not reflection specific bug ------------------------------------------------------------------------ [2013-06-08 08:39:25] larue...@php.net here is a small reproduce script, if no segfault, run with valgrind: <?php error_reporting(E_ALL | E_STRICT); set_error_handler(function($error) { throw new Exception(); }, E_RECOVERABLE_ERROR); function test($func) { $a = $func(""); return true; } class A { public function b() { test("strlen"); test("iterator_apply"); } } $a = new A(); $a->b(); ------------------------------------------------------------------------ [2013-06-08 06:37:10] larue...@php.net A more simple fix might be like: diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index 02566f3..d471f39 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -2327,6 +2327,8 @@ ZEND_VM_HELPER(zend_do_fcall_common_helper, ANY, ANY) if (!RETURN_VALUE_USED(opline)) { zval_ptr_dtor(&EX_T(opline- >result.u.var).var.ptr); } + } else if (RETURN_VALUE_USED(opline)) { + EX_T(opline->result.u.var).var.ptr = NULL; } } else if (EX(function_state).function->type == ZEND_USER_FUNCTION) { EX(original_return_value) = EG(return_value_ptr_ptr); ------------------------------------------------------------------------ [2013-06-07 20:04:43] bfra...@php.net I just added a patch that make 5.3.24+ not core dump, but I want somebody to review it. http://git.php.net/?p=php-src.git;a=blob;f=Zend/zend_vm_execute.h;h=f6220b0f5305924afd7f480f321cae8075b46ab2;hb=refs/heads/PHP-5.3#l303 The issue is allocate for EX_T(opline->result.u.var).var.ptr was moved to line 316 and inside the: if (EXPECTED(EG(exception) == NULL)) { } block. The problem with this is that on line 417, it calls: zval_ptr_dtor(&EX_T(opline->result.u.var).var.ptr); but without allocating it. May be the other option would be to add a else option at line 330 to either null the value or set: RETURN_VALUE_USED(opline) to false instead of true (no idea how to do that), which it currently is. Thoughts? ------------------------------------------------------------------------ [2013-06-07 19:53:45] bfra...@php.net The following patch has been added/updated: Patch Name: exception.diff Revision: 1370634825 URL: https://bugs.php.net/patch-display.php?bug=64966&patch=exception.diff&revision=1370634825 ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=64966 -- Edit this bug report at https://bugs.php.net/bug.php?id=64966&edit=1
