ID: 29054
Comment by: not at valid dot boop
Reported By: auslander at tampabay dot rr dot com
Status: Assigned
Bug Type: Reproducible crash
Operating System: Linux 2.6.5
PHP Version: 5.0.0RC3
Assigned To: andi
New Comment:
Should PHP5 have even been released without this being fixed first?!
Seems like any half-complex project (like mine) is going to choke on
this commonly case.
If you could add a comment with a likely fix-by date that'd be great.
Previous Comments:
------------------------------------------------------------------------
[2004-07-08 09:01:14] [EMAIL PROTECTED]
Confirmed here, assigning to Andi.
valgrind says:
==25868==
==25868== Jump to the invalid address stated on the next line
==25868== at 0x2A8FCC84: ???
==25868== by 0x8313A25: zend_do_fcall_common_helper
(zend_execute.c:2728)
==25868== by 0x8313EA6: zend_do_fcall_by_name_handler
(zend_execute.c:2810)
==25868== by 0x831029E: execute (zend_execute.c:1391)
==25868== Address 0x2A8FCC84 is not stack'd, malloc'd or free'd
==25868==
gdb says:
0x2a8fcc84 in ?? ()
(gdb) bt
#0 0x2a8fcc84 in ?? ()
#1 0x0831029f in execute (op_array=0x404e95a0)
at /dat/dev/php/php-5.0dev/Zend/zend_execute.c:1391
#2 0x08313a26 in zend_do_fcall_common_helper
(execute_data=0xbfffd520,
opline=0x404ec6e4, op_array=0x404e68cc)
at /dat/dev/php/php-5.0dev/Zend/zend_execute.c:2728
#3 0x08313ea7 in zend_do_fcall_by_name_handler
(execute_data=0xbfffd520,
opline=0x404ec6e4, op_array=0x404e68cc)
at /dat/dev/php/php-5.0dev/Zend/zend_execute.c:2810
#4 0x0831029f in execute (op_array=0x404e68cc)
at /dat/dev/php/php-5.0dev/Zend/zend_execute.c:1391
#5 0x082ec861 in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
at /dat/dev/php/php-5.0dev/Zend/zend.c:1058
#6 0x082a6b83 in php_execute_script (primary_file=0xbffff960)
at /dat/dev/php/php-5.0dev/main/main.c:1630
#7 0x0831cd96 in main (argc=3, argv=0xbffffa04)
at /dat/dev/php/php-5.0dev/sapi/cli/php_cli.c:943
------------------------------------------------------------------------
[2004-07-07 23:19:31] auslander at tampabay dot rr dot com
Description:
------------
throwing an exception causes a segfault.
test case 1:
created an object (A) within another object (B). B calls
$this->A->close() then sets $this->A = null which calls
$this->A->__destruct() method which calls A->close() again. on the
second call of A->close(), an exception is thrown which results in a
segfault.
test case 2:
when creating A directly, without going through another object, no
segfault happens, but still, no exception is thrown and no error.
Reproduce code:
---------------
http://gub.no-ip.org:8546/~auslander/bugtest.php.txt
Expected result:
----------------
expect no segfault and expect exception to be thrown/caught in both
test cases.
Actual result:
--------------
test case 1 output/backtrace
---------------------------------
test 1
------
creating Bar object
Bar::__construct() called
Foo::__construct() called
closing Bar
Bar::close() called
Foo::close() called
Foo::__destruct() called
Foo::close() called
supposed to throw an exception here
Segmentation fault
#0 0x00000000 in ?? ()
#1 0x082039e3 in execute (op_array=0xf709f444)
at /usr/local/src/php-5.0.0RC3/Zend/zend_execute.c:1389
#2 0x08206a75 in zend_do_fcall_common_helper
(execute_data=0xfeeb09d0,
opline=0xf70a1340, op_array=0xf7096304)
at /usr/local/src/php-5.0.0RC3/Zend/zend_execute.c:2726
#3 0x08206d4c in zend_do_fcall_by_name_handler
(execute_data=0xf70a08c8,
opline=0xf70a1340, op_array=0xf7096304)
at /usr/local/src/php-5.0.0RC3/Zend/zend_execute.c:2808
#4 0x082039e3 in execute (op_array=0xf7096304)
at /usr/local/src/php-5.0.0RC3/Zend/zend_execute.c:1389
#5 0x081e9285 in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
at /usr/local/src/php-5.0.0RC3/Zend/zend.c:1061
#6 0x081b753e in php_execute_script (primary_file=0xfeeb2db0)
at /usr/local/src/php-5.0.0RC3/main/main.c:1627
#7 0x0820e112 in main (argc=3, argv=0xfeeb2e74)
at /usr/local/src/php-5.0.0RC3/sapi/cli/php_cli.c:943
test case 2 output (no segfault/backtrace)
---------------------------------
test 2
------
creating Foo object
Foo::__construct() called
closing Foo
Foo::close() called
setting Foo to null
Foo::__destruct() called
Foo::close() called
supposed to throw an exception here
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=29054&edit=1
