Edit report at https://bugs.php.net/bug.php?id=65470&edit=1
ID: 65470
Updated by: s...@php.net
Reported by: s...@php.net
Summary: Segmentation fault in zend_error() with
--enable-dtrace
Status: Assigned
Type: Bug
Package: Reproducible crash
Operating System: Linux
PHP Version: 5.4Git-2013-08-18 (Git)
Assigned To: sixd
Block user comment: N
Private report: N
New Comment:
I'm currently testing a patch.
Previous Comments:
------------------------------------------------------------------------
[2013-08-18 04:40:25] s...@php.net
Description:
------------
A segmentation fault can occur in zend_error() with --enable-dtrace.
The zend_vspprintf() call in the DTRACE_ERROR_ENABLED() block leaves
args undefined:
"If ap is passed to a function that uses va_arg(ap,type) then the
value of ap is undefined after the return of that function."
When args is used again later in zend_error(), a seg fault can occur.
Test script:
---------------
As root:
-------------------
# dtrace -Z -s error.d
dtrace: script 'error.d' matched 0 probes
CPU ID FUNCTION:NAME
0 6 zend_error:error PHP error
--------------------
As a normal user:
--------------------
$ php error.php
Segmentation fault (core dumped)
--------------------
Where error.d is:
php*:::error { printf("PHP error\n"); }
and error.php is:
<?php trigger_error('This is an error', E_USER_ERROR); ?>
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=65470&edit=1
