from:"fbaligant at synalabs dot com"

[PHP-BUG] Bug #60134 [NEW]: SIGSEGV in zend_std_write_property

2011-10-25 Thread fbaligant at synalabs dot com

From: 
Operating system: Debian Squeeze
PHP version:  5.4.0beta2
Package:  Class/Object related
Bug Type: Bug
Bug description:SIGSEGV in zend_std_write_property

Description:

PHP5.4beta2 from SVN, up to this revision: http://svn.php.net/viewvc?
view=revision&revision=318411

Repeatable crash in Symfony 1.4.14's Doctrine 1.2.4 Doctrine_Record
constructor.

PHP environment is FastCGI with lighttpd.

No APC or Xcache active.

This code runs fine with PHP 5.3.8.


Test script:
---
Didn't manage to reproduce it in a simple script yet

Expected result:

Should not crash

Actual result:
--
Program received signal SIGSEGV, Segmentation fault.
0x006c787d in zend_std_write_property (object=0x3cc01e0, 
member=0x2964040, value=0xcd11c69b772c0444, key=0x2964040) at
/tmp/buildd/php5-
5.3.99+5.4.0/Zend/zend_object_handlers.c:244
244 if (key && (property_info = CACHED_POLYMORPHIC_PTR(key-
>cache_slot, ce)) != NULL) {
(gdb) print key
$1 = (zend_literal *) 0x2964040
(gdb) print key->cache_slot
$2 = 4
(gdb) print ce
$3 = (zend_class_entry *) 0x4
(gdb) bt full
#0  0x006c787d in zend_std_write_property (object=0x3cc01e0, 
member=0x2964040, value=0xcd11c69b772c0444, key=0x2964040) at
/tmp/buildd/php5-
5.3.99+5.4.0/Zend/zend_object_handlers.c:244
property_info = 0x85
scope_property_info = 0x6c85a3
denied_access = 184 '\270'
h = 64829024
zobj = 0x3cc4690
tmp_member = 0x13c21c8
variable_ptr = 0x13c42f0
property_info = 0x0
#1  0x0071f5b3 in zend_assign_to_object (retval=0x0, 
object_ptr=0x3cc01e0, property_name=0x7f18dc45d5e8, value_type=4, 
value_op=0x29612e0, Ts=0x1, opcode=7471229, key=0x2964040) at
/tmp/buildd/php5-
5.3.99+5.4.0/Zend/zend_execute.c:738
object = 0x3cb69e0
value = 0x3cc01e0
opcode = 136
key = 0x2964040
#2  0x0072007d in ZEND_ASSIGN_OBJ_SPEC_UNUSED_CONST_HANDLER 
(execute_data=0x7f18dc45cb58) at /tmp/buildd/php5-
5.3.99+5.4.0/Zend/zend_vm_execute.h:21975
opline = 0x29612e0
#3  0x00711fb8 in execute (op_array=0x3dba620) at
/tmp/buildd/php5-
5.3.99+5.4.0/Zend/zend_vm_execute.h:410
ret = 0
execute_data = 0x7f18dc45cb58
nested = 0 '\000'
original_in_execution = 0 '\000'
#4  0x006a03ad in zend_execute_scripts (type=32767, 
retval=0x7bb685f0, file_count=3) at /tmp/buildd/php5-
5.3.99+5.4.0/Zend/zend.c:1272
files = {{gp_offset = 0, fp_offset = 0, overflow_arg_area = 0x28, 
reg_save_area = 0x7bb68680}}
i = 1
file_handle = 
orig_op_array = 0x0
orig_retval_ptr_ptr = 0xd23518
#5  0x00643268 in php_execute_script (primary_file=0x0) at 
/tmp/buildd/php5-5.3.99+5.4.0/main/main.c:2414
__orig_bailout = 0x7bb67db0
__bailout = {{__jmpbuf = {4223038732, 32767, 4223038736, 32767, 
4223040800, 32767, 4223038688, 32767}, __mask_was_saved = 7041200,
__saved_mask 
= {__val = {6910217, 0, 76, 0, 4223038784, 32767, 64586544, 0, 64623000, 0,

4223038912, 32767, 0, 1, 4223039008, 
32767
prepend_file_p = 0x0
append_file_p = 0x0
prepend_file = {type = 3695567936, filename = 0x7f180001
, opened_path = 0x27348c8 "\370Hs\002", handle
= 
{fd = -599399504, fp = 0x7f18dc45e3b0, stream = {handle = 0x7f18dc45e3b0,
isatty 
= 13775168, mmap = {
len = 10411208, pos = 4223041392, map = 0x1, buf = 0x2
, old_handle = 0x7bb67710, old_closer = 0x20}, reader
= 
0x648bb2 , fsizer = 0, 
  closer = 0x6dfc89 }},

free_filename = 172 '\254'}
append_file = {type = 6, filename = 0x0, opened_path = 0x3 , handle = {fd = 7012488, fp = 0x6b0088, stream = {handle = 
0x6b0088, isatty = 8, mmap = {len = 0, pos = 3695567936, map =
0x7f18dc45e458, 
buf = 0x6444e0 "H\201", , 
old_handle = 0x7f18dc45e3b0, old_closer = 0xd23140 },
reader = 
0, fsizer = 0, closer = 0x25eb400}}, free_filename = 176 '\260'}
retval = 0
#6  0x0074d03f in main (argc=32767, argv=0x20) at
/tmp/buildd/php5-
5.3.99+5.4.0/sapi/cgi/cgi_main.c:2420
__bailout = {{__jmpbuf = {0, 0, 0, 0, 1871636702, 1462165169,
13779936, 
0}, __mask_was_saved = -1744377634, __saved_mask = {__val = {0, 32536, 
3695797080, 32536, 4223052864, 32767, 3695786312, 32536, 4223052904, 32767,

3695796224, 32536, 20233565, 0, 
3693680738, 32536
free_query_string = 0
exit_status = 16178208
cgi = 0
c = 0
i = 16195251
len = 16195251
file_handle = {type = ZEND_HANDLE_FILENAME, filename =
0x7f180004 
, opened_path = 0x7f18dc451118 
"/var/www/project-sprint/web/index.php", handle = {fd = 0, fp = 0x0, stream
= 
{handle = 0x0, isatty = -599254176, 
  mmap = {len = 0, pos = 511, map = 0x0, buf = 0x0, old_handle
= 
0x7f18dc2fe000, old_closer = 0}, reader = 0, fsizer = 0x65c090 
<_

Bug #60134 [Opn]: SIGSEGV in zend_std_write_property

2011-10-28 Thread fbaligant at synalabs dot com

Edit report at https://bugs.php.net/bug.php?id=60134&edit=1

 ID: 60134
 User updated by:fbaligant at synalabs dot com
 Reported by:fbaligant at synalabs dot com
 Summary:SIGSEGV in zend_std_write_property
 Status: Open
 Type:   Bug
-Package:Class/Object related
+Package:Scripting Engine problem
 Operating System:   Debian Squeeze
 PHP Version:5.4.0beta2
 Block user comment: N
 Private report: N

 New Comment:

Wrong package


Previous Comments:

[2011-10-25 22:35:26] fbaligant at synalabs dot com

Description:

PHP5.4beta2 from SVN, up to this revision: http://svn.php.net/viewvc?
view=revision&revision=318411

Repeatable crash in Symfony 1.4.14's Doctrine 1.2.4 Doctrine_Record constructor.

PHP environment is FastCGI with lighttpd.

No APC or Xcache active.

This code runs fine with PHP 5.3.8.


Test script:
---
Didn't manage to reproduce it in a simple script yet

Expected result:

Should not crash

Actual result:
--
Program received signal SIGSEGV, Segmentation fault.
0x006c787d in zend_std_write_property (object=0x3cc01e0, 
member=0x2964040, value=0xcd11c69b772c0444, key=0x2964040) at /tmp/buildd/php5-
5.3.99+5.4.0/Zend/zend_object_handlers.c:244
244 if (key && (property_info = CACHED_POLYMORPHIC_PTR(key-
>cache_slot, ce)) != NULL) {
(gdb) print key
$1 = (zend_literal *) 0x2964040
(gdb) print key->cache_slot
$2 = 4
(gdb) print ce
$3 = (zend_class_entry *) 0x4
(gdb) bt full
#0  0x006c787d in zend_std_write_property (object=0x3cc01e0, 
member=0x2964040, value=0xcd11c69b772c0444, key=0x2964040) at /tmp/buildd/php5-
5.3.99+5.4.0/Zend/zend_object_handlers.c:244
property_info = 0x85
scope_property_info = 0x6c85a3
denied_access = 184 '\270'
h = 64829024
zobj = 0x3cc4690
tmp_member = 0x13c21c8
variable_ptr = 0x13c42f0
property_info = 0x0
#1  0x0071f5b3 in zend_assign_to_object (retval=0x0, 
object_ptr=0x3cc01e0, property_name=0x7f18dc45d5e8, value_type=4, 
value_op=0x29612e0, Ts=0x1, opcode=7471229, key=0x2964040) at /tmp/buildd/php5-
5.3.99+5.4.0/Zend/zend_execute.c:738
object = 0x3cb69e0
value = 0x3cc01e0
opcode = 136
key = 0x2964040
#2  0x0072007d in ZEND_ASSIGN_OBJ_SPEC_UNUSED_CONST_HANDLER 
(execute_data=0x7f18dc45cb58) at /tmp/buildd/php5-
5.3.99+5.4.0/Zend/zend_vm_execute.h:21975
opline = 0x29612e0
#3  0x00711fb8 in execute (op_array=0x3dba620) at /tmp/buildd/php5-
5.3.99+5.4.0/Zend/zend_vm_execute.h:410
ret = 0
execute_data = 0x7f18dc45cb58
nested = 0 '\000'
original_in_execution = 0 '\000'
#4  0x006a03ad in zend_execute_scripts (type=32767, 
retval=0x7bb685f0, file_count=3) at /tmp/buildd/php5-
5.3.99+5.4.0/Zend/zend.c:1272
files = {{gp_offset = 0, fp_offset = 0, overflow_arg_area = 0x28, 
reg_save_area = 0x7bb68680}}
i = 1
file_handle = 
orig_op_array = 0x0
orig_retval_ptr_ptr = 0xd23518
#5  0x00643268 in php_execute_script (primary_file=0x0) at 
/tmp/buildd/php5-5.3.99+5.4.0/main/main.c:2414
__orig_bailout = 0x7bb67db0
__bailout = {{__jmpbuf = {4223038732, 32767, 4223038736, 32767, 
4223040800, 32767, 4223038688, 32767}, __mask_was_saved = 7041200, __saved_mask 
= {__val = {6910217, 0, 76, 0, 4223038784, 32767, 64586544, 0, 64623000, 0, 
4223038912, 32767, 0, 1, 4223039008, 
32767
prepend_file_p = 0x0
append_file_p = 0x0
prepend_file = {type = 3695567936, filename = 0x7f180001 , opened_path = 0x27348c8 "\370Hs\002", handle = 
{fd = -599399504, fp = 0x7f18dc45e3b0, stream = {handle = 0x7f18dc45e3b0, 
isatty 
= 13775168, mmap = {
len = 10411208, pos = 4223041392, map = 0x1, buf = 0x2 , old_handle = 0x7bb67710, old_closer = 0x20}, reader = 
0x648bb2 , fsizer = 0, 
  closer = 0x6dfc89 }}, 
free_filename = 172 '\254'}
append_file = {type = 6, filename = 0x0, opened_path = 0x3 , handle = {fd = 7012488, fp = 0x6b0088, stream = {handle = 
0x6b0088, isatty = 8, mmap = {len = 0, pos = 3695567936, map = 0x7f18dc45e458, 
buf = 0x6444e0 "H\201", , 
old_handle = 0x7f18dc45e3b0, old_closer = 0xd23140 }, reader 
= 
0, fsizer = 0, closer = 0x25eb400}}, free_filename = 176 '\260'}
retval = 0
#6  0x0074d03f in main (argc=32767, argv=0x20) at /tmp/buildd/php5-
5.3.99+5.4.0/sapi/cgi/cgi_main.c:2420
__bailout = {{__jmpbuf = {0, 0, 0, 0, 1871636702, 1462165169, 13779936, 
0}, __mask_was_saved = -1744377634, __saved_mask = {__val = {0, 32536, 
3695797080, 32536, 4223052864, 32767, 369

[PHP-BUG] Bug #60134 [NEW]: SIGSEGV in zend_std_write_property

Bug #60134 [Opn]: SIGSEGV in zend_std_write_property

2 matches

Site Navigation

Mail list logo

Footer information