ID: 31894 Comment by: f dot boender at electricmonk dot nl Reported By: adove at mindrage dot com Status: No Feedback Bug Type: Scripting Engine problem Operating System: WinXP PHP Version: 5.0.3 New Comment:
Oops, small correction on the test program in my first comment. It turns out {} doesn't actually represent a new scope at all. It's the redefining of $test that causes the destructor of the previous $test to get triggered instead of going out of scope. Same results though. Previous Comments: ------------------------------------------------------------------------ [2006-08-02 11:27:11] f dot boender at electricmonk dot nl I've succesfully reproduced the Segmentation fault of the above test program on the following systems: (All Debian GNU/Linux systems); Commandline: PHP 5.0.5-Debian-0.8~sarge1 (cli) (built: Oct 27 2005 10:43:05) (Debian GNU/Linux) Copyright (c) 1997-2004 The PHP Group Commandline: PHP 5.0.4-0.9sarge1 (cli) (built: Jul 20 2005 17:08:52) (Debian GNU/Linux) Copyright (c) 1997-2004 The PHP Group Zend Engine v2.0.4-dev, Copyright (c) 1998-2004 Zend Technologies Apache module: PHP Version 5.1.2-1+b1 System = Linux jib 2.6.15.5 #2 i686 Build Date = Mar 20 2006 04:04:37 Server API = Apache 2.0 Handler Virtual Directory Support = disabled PHP API = 20041225 PHP Extension = 20050922 Zend Extension = 220051025 ------------------------------------------------------------------------ [2006-08-02 11:13:29] f dot boender at electricmonk dot nl I'm experiencing the same bug. Here's my bugreport: Description: ------------ PHP crashes with a segmentation fault when restoring the error handler in the destructor. Environment: ------------ PHP: PHP 5.1.2-1+b1 (cli) (built: Mar 20 2006 04:17:24) Copyright (c) 1997-2006 The PHP Group Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies php.ini excerpt: error_reporting = E_ALL & ~E_NOTICE & ~E_STRICT display_errors = On display_startup_errors = Off log_errors = Off log_errors_max_len = 1024 ignore_repeated_errors = Off track_errors = Off Observations: ------------- * The test program crashes with a segfault when run as shown here. * The test program does NOT crash when the destructor is called due to the instance of Test going out of scope. (Comment out the OUT-OF-SCOPE piece). Not even the unset() crashes after the OUT-OF-SCOPE test has run first. Test program: ------------- <?php class Test { private $prevErrorReporting = 0; public function __construct() { $this->prevErrorReporting = error_reporting(E_ALL); set_error_handler(array(&$this, "errorHandler")); } public function __destruct() { restore_error_handler(); error_reporting($this->prevErrorReporting); echo("trace1"); } public function errorHandler($errno, $errmsg, $filename, $linenum, $vars) { } } // OUT-OF-SCOPE TEST // { // $test = new Test(); // } // UNSET TEST $test = new Test(); unset($test); // Unsetting, destructor is called, SegFault (unless OUT-OF-SCOPE test has run) ?> Expected output: ---------------- [EMAIL PROTECTED]/dev/tlib-php$ export MALLOC_CHECK_=1 [EMAIL PROTECTED]/dev/tlib-php$ php ./tlib-test.php malloc: using debugging hooks trace1 Actual output: -------------- [EMAIL PROTECTED]/dev/tlib-php$ export MALLOC_CHECK_=1 [EMAIL PROTECTED]/dev/tlib-php$ php ./tlib-test.php malloc: using debugging hooks Segmentation fault GDB output: ----------- Here's some output from GDB; might be useful. Duplicate lines and default GDB messages have been removed. > (gdb) run > Starting program: /usr/bin/php tlib-test.php > malloc: using debugging hooks > > Program received signal SIGSEGV, Segmentation fault. > 0x08298316 in zend_std_read_property () > (gdb) Strace output: -------------- Useless probably, but anyway: > rt_sigprocmask(SIG_UNBLOCK, [PROF], NULL, 8) = 0 > ioctl(5, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbf86e0d8) = -1 ENOTTY (Inappropriate ioctl for device) > read(5, "<?php\n\nclass Test {\n\tprivate $pr"..., 8192) = 560 > read(5, "", 4096) = 0 > read(5, "", 8192) = 0 > close(5) = 0 > munmap(0xb78ad000, 4096) = 0 > --- SIGSEGV (Segmentation fault) @ 0 (0) --- > +++ killed by SIGSEGV +++ > Process 5638 detached ------------------------------------------------------------------------ [2005-02-28 01:00:04] php-bugs at lists dot php dot net No feedback was provided for this bug for over a week, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open". ------------------------------------------------------------------------ [2005-02-09 23:44:31] [EMAIL PROTECTED] Thank you for this bug report. To properly diagnose the problem, we need a short but complete example script to be able to reproduce this bug ourselves. A proper reproducing script starts with <?php and ends with ?>, is max. 10-20 lines long and does not require any external resources such as databases, etc. If possible, make the script source available online and provide an URL to it here. Try to avoid embedding huge scripts into the report. Also, please try CVS snapshot first - I can't reproduce it with the parts of the code you've posted. ------------------------------------------------------------------------ [2005-02-09 12:24:28] adove at mindrage dot com Description: ------------ This may be related to an older bug that was fixed (#24708) but I can reproduce reliably (having spent days and hours chasing!). Basically, if you call restore_error_handler from __destruct() things go horribly ary. Interestingly enough, calling restore_exception_handler works just fine. This happens both CLI and Apache 2.x. Note that it does not matter if you use $this or &$this in the constructor. Reproduce code: --------------- function __construct( &$aConfig ) { if(is_array($aConfig)) { $this->m_aConfig = &$aConfig; // Extraneous but it's in my constructor. set_error_handler(array &$this, "handleRuntimeException")); set_exception_handler(array($this, "handleException")); } } function __destruct() { //restore_error_handler(); restore_exception_handler(); unset($this->m_aConfig); } Expected result: ---------------- Proper ending of PHP script execution. Actual result: -------------- Segfault in php5ts.dll, ModVer: 5.0.3.3 Offset: 0004d661 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=31894&edit=1