[PHP-BUG] Bug #54266 [NEW]: crash on shutdown when destroying circular references in object

s...@php.net Tue, 15 Mar 2011 20:48:36 -0700

From:             stas
Operating system: MacOS X 10.6.6
PHP version:      5.3SVN-2011-03-16 (snap)
Package:          Reproducible crash
Bug Type:         Bug
Bug description:crash on shutdown when destroying circular references in object


Description:
------------
Reported by Christian Holler on mailing list, the example code produces
crash on 

engine shutdown.

Test script:
---------------
<?php



class Person {

        public $dad;

        public function __destruct() {

                $this->dad = null; /* no segfault if this is commented out
*/

        }

}



class Dad extends Person {

        public $son;

        public function __construct() {

                $this->son = new Person;

                $this->son->dad = $this; /* no segfault if this is
commented out */

        }

        public function __destruct() {

                $dad = new dad;

                parent::__destruct(); /* segfault here */

        }

}



$o = new Dad;

unset($o);

echo "ok\n";



Actual result:
--------------
Program received signal EXC_BAD_ACCESS, Could not access memory.

Reason: KERN_PROTECTION_FAILURE at address: 0x00000004

0x005310bd in gc_remove_from_buffer [inlined] () at /Users/smalyshev/php-

src/branches/PHP_5_3/Zend/zend_gc.h:265

265             GC_REMOVE_FROM_BUFFER(root_buffer);

(gdb) bt

#0  0x005310bd in gc_remove_from_buffer [inlined] () at
/Users/smalyshev/php-

src/branches/PHP_5_3/Zend/zend_gc.h:265

#1  0x005310bd in gc_remove_zval_from_buffer (zv=0x2424dd8) at 

/Users/smalyshev/php-5.3/Zend/zend_gc.c:265

#2  0x004ffe56 in _zval_ptr_dtor (zval_ptr=0x2425154) at
/Users/smalyshev/php-

5.3/Zend/zend_execute_API.c:442

#3  0x0051d7b7 in zend_hash_destroy (ht=0x24250f0) at
/Users/smalyshev/php-

5.3/Zend/zend_hash.c:529

#4  0x00533700 in zend_object_std_dtor (object=0x24250c0) at 

/Users/smalyshev/php-5.3/Zend/zend_objects.c:45

#5  0x00533af0 in zend_objects_free_object_storage (object=0x24250c0) at 

/Users/smalyshev/php-5.3/Zend/zend_objects.c:126

#6  0x00538002 in zend_objects_store_free_object_storage (objects=0xa97d90)
at 

/Users/smalyshev/php-5.3/Zend/zend_objects_API.c:92

#7  0x004ff84b in shutdown_executor () at /Users/smalyshev/php-

5.3/Zend/zend_execute_API.c:302

#8  0x0050fdf9 in zend_deactivate () at
/Users/smalyshev/php-5.3/Zend/zend.c:890

#9  0x0049bea7 in php_request_shutdown (dummy=0x0) at
/Users/smalyshev/php-

5.3/main/main.c:1635

#10 0x005d359f in main (argc=2, argv=0xbffff864) at /Users/smalyshev/php-

5.3/sapi/cli/php_cli.c:1374



-- 
Edit bug report at http://bugs.php.net/bug.php?id=54266&edit=1
-- 
Try a snapshot (PHP 5.2):            
http://bugs.php.net/fix.php?id=54266&r=trysnapshot52
Try a snapshot (PHP 5.3):            
http://bugs.php.net/fix.php?id=54266&r=trysnapshot53
Try a snapshot (trunk):              
http://bugs.php.net/fix.php?id=54266&r=trysnapshottrunk
Fixed in SVN:                        
http://bugs.php.net/fix.php?id=54266&r=fixed
Fixed in SVN and need be documented: 
http://bugs.php.net/fix.php?id=54266&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=54266&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=54266&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=54266&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=54266&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=54266&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=54266&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=54266&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=54266&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=54266&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=54266&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=54266&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=54266&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=54266&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=54266&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=54266&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=54266&r=mysqlcfg

[PHP-BUG] Bug #54266 [NEW]: crash on shutdown when destroying circular references in object

Reply via email to