ID: 30142
Updated by: [EMAIL PROTECTED]
Reported By: toni dot viemero at iki dot fi
-Status: Open
+Status: Bogus
Bug Type: Reproducible crash
Operating System: FreeBSD 5.4-BETA4
PHP Version: 5.0.1
New Comment:
Please do not submit the same bug more than once. An existing
bug report already describes this very problem. Even if you feel
that your issue is somewhat different, the resolution is likely
to be the same.
Thank you for your interest in PHP.
Duplicate of #29944.
Previous Comments:
------------------------------------------------------------------------
[2004-09-18 18:35:37] toni dot viemero at iki dot fi
Description:
------------
I was investigating why Wordpress (www.wordpress.org) wp-login.php
segfaults my apache child and stripped down the code as low as possible
to reproduce segfault.
[EMAIL PROTECTED]:~]$ php-5.0.1/sapi/cli/php -v
PHP 5.0.1 (cli) (built: Sep 18 2004 02:34:23) (DEBUG)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v2.0.1, Copyright (c) 1998-2004 Zend Technologies
[EMAIL PROTECTED]:~]$ php-5.0.1/sapi/cli/php -e segfault.php
Segmentation fault (core dumped)
Compiled with:
./configure --enable-versioning --enable-memory-limit --enable-debug
--with-layout=GNU --with-config-file-scan-dir=/tmp --disable-all
--enable-libxml --enable-spl --with-regex=php
--with-apxs2=/usr/local/sbin/apxs --disable-ipv6 --prefix=/tmp
--with-bz2=/usr --enable-ctype --with-curl=/usr/local --enable-dba
--enable-dom --enable-exif --enable-ftp --with-gd
--with-freetype-dir=/usr/local --with-jpeg-dir=/usr/local
--with-png-dir=/usr/local --with-gettext=/usr/local
--with-iconv=/usr/local --with-imap=/usr/local --enable-mbstring
--with-mcrypt=/usr/local --with-mhash=/usr/local
--with-mysql=/usr/local --with-openssl=/usr --with-openssl-dir=/usr
--with-pcre-regex=yes --with-pgsql=/usr/local --enable-posix
--enable-session --enable-simplexml --with-snmp=/usr/local
--enable-ucd-snmp-hack --enable-soap --with-libxml-dir=/usr/local
--enable-sockets --with-sqlite --with-tidy=/usr/local
--enable-tokenizer --enable-wddx --enable-xml --with-xmlrpc
--with-expat-dir=/usr/local --with-iconv-dir=/usr/local
--with-libxml-dir=/usr/local --with-xsl=/usr/local --with-zlib=/usr
--with-zlib-dir=/usr
Reproduce code:
---------------
<?php
$action = '';
switch ($action) {
default:
function this_will_segfault() {
return true;
}
if ( (this_will_segfault()) ) {
print "true\n";
}
break;
}
?>
Expected result:
----------------
"true" printed.
Actual result:
--------------
(gdb) bt
#0 0x08301b9c in _zval_ptr_dtor (zval_ptr=0xbfbfcef4,
__zend_filename=0x84d5990
"/home/toni/php-5.0.1/Zend/zend_execute.c", __zend_lineno=208)
at /home/toni/php-5.0.1/Zend/zend_execute_API.c:389
#1 0x0833b202 in zend_switch_free (opline=0x85b0908, Ts=0xbfbfcec0) at
/home/toni/php-5.0.1/Zend/zend_execute.c:208
#2 0x0833b44f in zend_switch_free_handler (execute_data=0xbfbfcef0,
opline=0x85b0908, op_array=0x865eb00)
at /home/toni/php-5.0.1/Zend/zend_execute.c:3234
#3 0x08333ae1 in execute (op_array=0x865eb00) at
/home/toni/php-5.0.1/Zend/zend_execute.c:1400
#4 0x083395e4 in zend_do_fcall_common_helper (execute_data=0xbfbfd060,
opline=0x866644c, op_array=0x8658824)
at /home/toni/php-5.0.1/Zend/zend_execute.c:2737
#5 0x08339c9c in zend_do_fcall_by_name_handler
(execute_data=0xbfbfd060, opline=0x866644c, op_array=0x8658824)
at /home/toni/php-5.0.1/Zend/zend_execute.c:2822
#6 0x08333ae1 in execute (op_array=0x8658824) at
/home/toni/php-5.0.1/Zend/zend_execute.c:1400
#7 0x0830f5b0 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /home/toni/php-5.0.1/Zend/zend.c:1061
#8 0x082c8b27 in php_execute_script (primary_file=0xbfbfe794) at
/home/toni/php-5.0.1/main/main.c:1627
#9 0x0834038c in main (argc=3, argv=0xbfbfe7f4) at
/home/toni/php-5.0.1/sapi/cli/php_cli.c:943
(gdb) frame 0
#0 0x08301b9c in _zval_ptr_dtor (zval_ptr=0xbfbfcef4,
__zend_filename=0x84d5990
"/home/toni/php-5.0.1/Zend/zend_execute.c", __zend_lineno=208)
at /home/toni/php-5.0.1/Zend/zend_execute_API.c:389
389 (*zval_ptr)->refcount--;
(gdb) print (char
*)(executor_globals.function_state_ptr->function)->common.function_name
$1 = 0x865dba4 "this_will_segfault"
(gdb) print (char *)executor_globals.active_op_array->function_name
$2 = 0x865dba4 "this_will_segfault"
(gdb) print (char *)executor_globals.active_op_array->filename
$3 = 0x865db64 "/home/toni/segfault.php"
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=30142&edit=1
