Bug #51425 [Opn->Fbk]: segfaults at method_exists()

Tue, 30 Mar 2010 02:43:13 -0700 

Edit report at http://bugs.php.net/bug.php?id=51425&edit=1

 ID:               51425
 Updated by:       paj...@php.net
 Reported by:      jimmyxx at gmail dot com
 Summary:          segfaults at method_exists()
-Status:           Open
+Status:           Feedback
 Type:             Bug
 Package:          Class/Object related
 Operating System: Ubuntu 9.10
 PHP Version:      5.2.13

 New Comment:

Please use the same version of the dbg package than for php itself or
compile php in debug mode. The backtrace you provide uses 5.2.10 dbg
package.



We also need a small reproduce script.


Previous Comments:
------------------------------------------------------------------------
[2010-03-30 11:38:03] jimmyxx at gmail dot com

I think this is a better backtrace - this is using the php5-dbg
package.



Program terminated with signal 11, Segmentation fault.

#0  0x0119c642 in zif_method_exists (ht=2, return_value=0x20f76918, 

return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)

    at
/build/buildd/php5-5.2.10.dfsg.1/Zend/zend_builtin_functions.c:935

935     /build/buildd/php5-5.2.10.dfsg.1/Zend/zend_builtin_functions.c: No
such 

file or directory.

        in /build/buildd/php5-5.2.10.dfsg.1/Zend/zend_builtin_functions.c

(gdb) bt full

#0  0x0119c642 in zif_method_exists (ht=2, return_value=0x20f76918, 

return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)

    at
/build/buildd/php5-5.2.10.dfsg.1/Zend/zend_builtin_functions.c:935

        klass = 0x20e5e53c

        method_name = 0x20e5e540

        lcname = 0x0

        ce = 0x20f59e6c

        pce = 0x20eb366c

        return_value = 0x20f76918

#1  0x011b6546 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfcf66dc) at 

/build/buildd/php5-5.2.10.dfsg.1/Zend/zend_vm_execute.h:200

        return_reference = 0 '\000'

        opline = 0x20f62cc0

        original_return_value = 0x0

        current_scope = 0x0

        current_this = 0x0

        return_value_used = 1

        should_change_scope = 0 '\000'

#2  0x011b204b in execute (op_array=0x20f5adf4) at /build/buildd/php5-

5.2.10.dfsg.1/Zend/zend_vm_execute.h:92

        execute_data = {opline = 0x20f62cc0, function_state = 

{function_symbol_table = 0x20e6e4c0, function = 0x20d27070, reserved =
{0xe, 

0xef154a66, 

              0xbfcf671c, 0x9}}, fbc = 0x0, op_array = 0x20f5adf4,
object = 0x0, 

Ts = 0xbfcf4fc0, CVs = 0xbfcf4f90, original_in_execution = 1 '\001', 

          symbol_table = 0x20e86a0c, prev_execute_data = 0xbfcf6b0c, 

old_error_reporting = 0x0}

        op_array = 0x20f5adf4

#3  0x011b5df9 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfcf6b0c) at 

/build/buildd/php5-5.2.10.dfsg.1/Zend/zend_vm_execute.h:234

        opline = 0x20ebd2e8

        original_return_value = 0xbfcf6ca0

        current_scope = 0x20e9a310

        current_this = 0x20f4b144

        return_value_used = 1

        should_change_scope = 1 '\001'

#4  0x011b204b in execute (op_array=0x20ebbe1c) at /build/buildd/php5-

5.2.10.dfsg.1/Zend/zend_vm_execute.h:92

        execute_data = {opline = 0x20ebd2e8, function_state = 

{function_symbol_table = 0x20e86a0c, function = 0x20f5adf4, reserved = 

{0xbfcf6b38, 0x11a947d, 

              0x11988ae, 0xc}}, fbc = 0x20f5adf4, op_array = 0x20ebbe1c,
object 

= 0x20f53bf8, Ts = 0xbfcf6830, CVs = 0xbfcf6810, 

          original_in_execution = 1 '\001', symbol_table = 0x20e86994, 

prev_execute_data = 0xbfcf6d0c, old_error_reporting = 0x0}

        op_array = 0x20ebbe1c

#5  0x011b5df9 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfcf6d0c) at 

/build/buildd/php5-5.2.10.dfsg.1/Zend/zend_vm_execute.h:234

        opline = 0x20ebae14

        original_return_value = 0xbfcf6e8c

        current_scope = 0x20e9a310

        current_this = 0x20f4b144

        return_value_used = 0

        should_change_scope = 1 '\001'

#6  0x011b204b in execute (op_array=0x20eb9f3c) at /build/buildd/php5-

5.2.10.dfsg.1/Zend/zend_vm_execute.h:92

        execute_data = {opline = 0x20ebae14, function_state = 

{function_symbol_table = 0x20e86994, function = 0x20ebbe1c, reserved = 

{0xb88775b, 0x13e0ff4, 

              0xbfcf6d50, 0x2}}, fbc = 0x20ebbe1c, op_array =
0x20eb9f3c, object 

= 0x20f4b144, Ts = 0xbfcf6c60, CVs = 0xbfcf6c40, 

          original_in_execution = 1 '\001', symbol_table = 0x20e6a790, 

prev_execute_data = 0xbfcf6ecc, old_error_reporting = 0x0}

        op_array = 0x20eb9f3c

#7  0x011b5df9 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfcf6ecc) at 

/build/buildd/php5-5.2.10.dfsg.1/Zend/zend_vm_execute.h:234

        opline = 0x20e7895c

        original_return_value = 0xbfcf7074

        current_scope = 0x20e6ba9c

        current_this = 0x20e86e00

        return_value_used = 1

        should_change_scope = 1 '\001'

#8  0x011b204b in execute (op_array=0x20e7776c) at /build/buildd/php5-

5.2.10.dfsg.1/Zend/zend_vm_execute.h:92

        execute_data = {opline = 0x20e7895c, function_state = 

{function_symbol_table = 0x20e6a790, function = 0x20eb9f3c, reserved = 

{0xbfcf6ef8, 0x11a947d, 

              0x11988ae, 0x9}}, fbc = 0x20eb9f3c, op_array = 0x20e7776c,
object 

= 0x20f4b144, Ts = 0xbfcf6e60, CVs = 0xbfcf6e40,          
original_in_execution 

= 1 '\001', symbol_table = 0x20e691c4, prev_execute_data = 0xbfcf70bc, 

old_error_reporting = 0x0}

        op_array = 0x20e7776c

#9  0x011b5df9 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfcf70bc) at 

/build/buildd/php5-5.2.10.dfsg.1/Zend/zend_vm_execute.h:234

        opline = 0x20e786e4

        original_return_value = 0xbfcf750c

        current_scope = 0x20e6ba9c

        current_this = 0x0

        return_value_used = 1

        should_change_scope = 1 '\001'

#10 0x011b204b in execute (op_array=0x20e77470) at /build/buildd/php5-

5.2.10.dfsg.1/Zend/zend_vm_execute.h:92

        execute_data = {opline = 0x20e786e4, function_state = 

{function_symbol_table = 0x20e691c4, function = 0x20e7776c, reserved =
{0xd, 

0xbfcf7148, 

              0x20f4b2b0, 0x0}}, fbc = 0x20e7776c, op_array =
0x20e77470, object 

= 0x20e86e00, Ts = 0xbfcf7020, CVs = 0xbfcf7000, 

          original_in_execution = 1 '\001', symbol_table = 0x20e69334, 

prev_execute_data = 0xbfcf75fc, old_error_reporting = 0x0}

        op_array = 0x20e77470

#11 0x011b5df9 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfcf75fc) at 

/build/buildd/php5-5.2.10.dfsg.1/Zend/zend_vm_execute.h:234

        opline = 0x20e6de24

        original_return_value = 0xbfcf76ac

        current_scope = 0x0

        current_this = 0x0

        return_value_used = 0

        should_change_scope = 1 '\001'

#12 0x011b204b in execute (op_array=0x20e68c04) at /build/buildd/php5-

5.2.10.dfsg.1/Zend/zend_vm_execute.h:92

        execute_data = {opline = 0x20e6de24, function_state = 

{function_symbol_table = 0x20e69334, function = 0x20e77470, reserved =
{0x1e, 

0x119a272, 

              0x20e690ec, 0x20e68ca8}}, fbc = 0x20e77470, op_array =
0x20e68c04, 

object = 0x0, Ts = 0xbfcf7210, CVs = 0xbfcf71f0, 

          original_in_execution = 0 '\000', symbol_table = 0x140a970, 

prev_execute_data = 0x0, old_error_reporting = 0x0}

        op_array = 0x20e68c04

#13 0x0118c4d4 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at 

/build/buildd/php5-5.2.10.dfsg.1/Zend/zend.c:1215

        i = 1

        file_handle = 0x20e68c04

        orig_op_array = 0x0

        orig_retval_ptr_ptr = 0x0

        local_retval = 0x0

#14 0x01141246 in php_execute_script (primary_file=0xbfcf98dc) at 

/build/buildd/php5-5.2.10.dfsg.1/main/main.c:2046

        realfile = "P\233\301\000\001\000\000\000X\227\300
\340\207Ï¿H\230Ï¿

\024\231Ï¿\364\217\302\000P\233\301\000x\230Ï¿\001\000\000\000\350\305\300


\000\210Ï¿,\000\000\000\364\217\302\000P\233\301\000x\230Ï¿

\222\216\301\000\001\000\000\000\260\203\327  \210Ï¿

\364\217\302\000\001\000\000\000\370\200\327
@\210Ï¿P\233\301\000H\230Ï¿

\364\217\302\000P\233\301\000\300W\302\000\270}\327 \370\200\327
\030#\301 

\260\203\327 \270\314\300 8\317\300 \370\273\300 x\276\300 \360\300\300


x\265\206\267\000\000\000\000\002\000\000\000\000\000\000\000\b\000\000\200\070\

001\061\000\b\000\000\000P\000\000\000\b\000\000\000<\000\000\000\330\023\063\00

0\240\211�...@\000\000\000\000\000\000\000\240\023\063\000\320\023\063\000\000\000

\000\000\364\377\062\000\240\023\063\000\a\000\000\000\024\231Ï¿

\364\217\302\000P\233\301\000x\230Ï¿\222\216\301\000P\233\301\000H\230Ï¿\024\231Ï¿

\364\217\302\000P\233\301\000x\230Ï¿\001\000\000\000\244\222\302\000P\210Ï¿

\034\000\000\000\274\211Ͽ\344\210Ͽɤ\301\000H\211Ͽ

\270\262\206\267\000\240\206\267\030\250\300 @\312\300 \030#\301 

x\265\206\267\000\000\000\000\...@\301\000m/\332\000\364\217\302\000H\230Ï¿

\000\000\000\000\214"...

        __orig_bailout = 0xbfcf9840

        __bailout = {{__jmpbuf = {20844532, 550252128, 21014688,
-1076914152, -

1510018565, 322027654}, __mask_was_saved = 0, __saved_mask = {

              __val = 0xbfcf8730}}}

        prepend_file_p = 0x0

        append_file_p = 0x0

        prepend_file = {type = 0 '\000', filename = 0x0, opened_path =
0x0, 

handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0, closer =
0, 

              fteller = 0, interactive = 0}}, free_filename = 0 '\000'}

        append_file = {type = 0 '\000', filename = 0x0, opened_path =
0x0, 

handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0, closer =
0, 

              fteller = 0, interactive = 0}}, free_filename = 0 '\000'}

        retval = 0

        primary_file = 0xbfcf98dc

#15 0x01202f13 in php_handler (r=0x20ea9fa8) at /build/buildd/php5-

5.2.10.dfsg.1/sapi/apache2handler/sapi_apache2.c:651

        __bailout = {{__jmpbuf = {20844532, 550252128, 20766369,
-1076913864, -

1541205509, 2067815046}, __mask_was_saved = 0, __saved_mask = {

              __val = 0xbfcf985c}}}

        ctx = 0x20eae120

        conf = 0x20ea9a88

        brigade = 0x20eae8c0

        bucket = 0x20e5e540

        rv = 551937344

        parent_req = 0x0

#16 0x0042df51 in ap_run_handler () from /usr/sbin/apache2

No symbol table info available.

#17 0x00431d2f in ap_invoke_handler () from /usr/sbin/apache2

No symbol table info available.

#18 0x004413f4 in ap_internal_redirect () from /usr/sbin/apache2

No symbol table info available.

#19 0x0086180d in ?? () from /usr/lib/apache2/modules/mod_rewrite.so

No symbol table info available.

#20 0x0042df51 in ap_run_handler () from /usr/sbin/apache2

No symbol table info available.

#21 0x00431d2f in ap_invoke_handler () from /usr/sbin/apache2

No symbol table info available.

#22 0x004415a8 in ap_process_request () from /usr/sbin/apache2

No symbol table info available.

#23 0x0043e118 in ?? () from /usr/sbin/apache2

No symbol table info available.

#24 0x004367c1 in ap_run_process_connection () from /usr/sbin/apache2

No symbol table info available.

#25 0x00446ac1 in ?? () from /usr/sbin/apache2

No symbol table info available.

#26 0x00446dee in ?? () from /usr/sbin/apache2

No symbol table info available.

#27 0x004471c2 in ap_mpm_run () from /usr/sbin/apache2

No symbol table info available.

#28 0x00418a92 in main () from /usr/sbin/apache2

No symbol table info available.

------------------------------------------------------------------------


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

    http://bugs.php.net/bug.php?id=51425


-- 
Edit this bug report at http://bugs.php.net/bug.php?id=51425&edit=1

Reply via email to