Bug #65470 [Opn->Csd]: Segmentation fault in zend_error() with --enable-dtrace

stas Sun, 18 Aug 2013 17:25:30 -0700

Edit report at https://bugs.php.net/bug.php?id=65470&edit=1


 ID:                 65470
 Updated by:         s...@php.net
 Reported by:        s...@php.net
 Summary:            Segmentation fault in zend_error() with
                     --enable-dtrace
-Status:             Open
+Status:             Closed
 Type:               Bug
 Package:            Reproducible crash
 Operating System:   Linux
 PHP Version:        5.4Git-2013-08-18 (Git)
 Block user comment: N
 Private report:     N

 New Comment:

Automatic comment on behalf of stas
Revision: 
http://git.php.net/?p=php-src.git;a=commit;h=14f5732096575f3c4ff0438e6650238370cb465c
Log: Fix bug #65470     Segmentation fault in zend_error() with --enable-dtrace


Previous Comments:
------------------------------------------------------------------------
[2013-08-18 06:02:12] s...@php.net

The patch tested OK and can be applied to PHP 5.4, 5.5 and master.  This 
requires 
zend karma, which I don't have.

------------------------------------------------------------------------
[2013-08-18 05:05:12] s...@php.net

The following patch has been added/updated:

Patch Name: bug65470
Revision:   1376802312
URL:        
https://bugs.php.net/patch-display.php?bug=65470&patch=bug65470&revision=1376802312

------------------------------------------------------------------------
[2013-08-18 04:41:33] s...@php.net

I'm currently testing a patch.

------------------------------------------------------------------------
[2013-08-18 04:40:25] s...@php.net

Description:
------------
A segmentation fault can occur in zend_error() with --enable-dtrace.
The zend_vspprintf() call in the DTRACE_ERROR_ENABLED() block leaves
args undefined:

  "If ap is passed to a function that uses va_arg(ap,type) then the
  value of ap is undefined after the return of that function."

When args is used again later in zend_error(), a seg fault can occur.

Test script:
---------------
As root:
-------------------
# dtrace -Z -s error.d 
dtrace: script 'error.d' matched 0 probes
CPU     ID                    FUNCTION:NAME
  0      6                 zend_error:error PHP error
--------------------


As a normal user:
--------------------
$ php error.php 
Segmentation fault (core dumped)
--------------------

Where error.d is:

php*:::error { printf("PHP error\n"); }

and error.php is:

<?php trigger_error('This is an error', E_USER_ERROR); ?>




------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=65470&edit=1

Bug #65470 [Opn->Csd]: Segmentation fault in zend_error() with --enable-dtrace

Reply via email to