Bug #65372 [Ver->Csd]: Segfault in gc_zval_possible_root when return reference fails

laruence Fri, 02 Aug 2013 09:25:34 -0700

Edit report at https://bugs.php.net/bug.php?id=65372&edit=1


 ID:                 65372
 Updated by:         larue...@php.net
 Reported by:        sreed at ontraport dot com
 Summary:            Segfault in gc_zval_possible_root when return
                     reference fails
-Status:             Verified
+Status:             Closed
 Type:               Bug
 Package:            Reproducible crash
 Operating System:   Fedora
 PHP Version:        5.4Git-2013-08-01 (Git)
-Assigned To:        
+Assigned To:        laruence
 Block user comment: N
 Private report:     N

 New Comment:

fixed in http://git.php.net/?p=php-
src.git;a=commitdiff;h=ce9169e360701ea3b1ab2366171c24d4de5e78e3


Previous Comments:
------------------------------------------------------------------------
[2013-08-02 01:59:23] larue...@php.net

The following patch has been added/updated:

Patch Name: bug65372.patch
Revision:   1375408763
URL:        
https://bugs.php.net/patch-display.php?bug=65372&patch=bug65372.patch&revision=1375408763

------------------------------------------------------------------------
[2013-08-01 19:18:26] sreed at ontraport dot com

Description:
------------
PHP is segfaulting during shutdown in gc_zval_possible_root. This bug appears 
to 
have appeared in version 5.4: http://3v4l.org/qLqe3.


Test script:
---------------
https://gist.github.com/sreed-ontraport/6134324

Expected result:
----------------
Script executes and PHP exits cleanly

Actual result:
--------------
0x00000000006a0032 in gc_zval_possible_root (zv=0x7ffff7fc5108) at /tmp/php5.4-
201308011830/Zend/zend_gc.c:143
143                     GC_ZOBJ_CHECK_POSSIBLE_ROOT(zv);

(gdb) bt
#0  0x00000000006a0032 in gc_zval_possible_root (zv=0x7ffff7fc5108) at 
/tmp/php5.4-201308011830/Zend/zend_gc.c:143
#1  0x00000000006a1c47 in zend_object_std_dtor (object=0x7ffff7fc8970) at 
/tmp/php5.4-201308011830/Zend/zend_objects.c:54
#2  0x00000000006a1c79 in zend_objects_free_object_storage 
(object=0x7ffff7fc8970) at /tmp/php5.4-201308011830/Zend/zend_objects.c:137
#3  0x00000000006a74c8 in zend_objects_store_free_object_storage 
(objects=0xd8a0a0 <executor_globals+960>) at /tmp/php5.4-
201308011830/Zend/zend_objects_API.c:92
#4  0x000000000067396b in shutdown_executor () at /tmp/php5.4-
201308011830/Zend/zend_execute_API.c:295
#5  0x0000000000681aa6 in zend_deactivate () at /tmp/php5.4-
201308011830/Zend/zend.c:938
#6  0x000000000062417d in php_request_shutdown (dummy=dummy@entry=0x0) at 
/tmp/php5.4-201308011830/main/main.c:1803
#7  0x0000000000726094 in do_cli (argc=2, argv=0x7fffffffe148) at /tmp/php5.4-
201308011830/sapi/cli/php_cli.c:1172
#8  0x00000000004255ca in main (argc=2, argv=0x7fffffffe148) at /tmp/php5.4-
201308011830/sapi/cli/php_cli.c:1365


------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=65372&edit=1

Bug #65372 [Ver->Csd]: Segfault in gc_zval_possible_root when return reference fails

Reply via email to