Mombu the Php Forum sponsored links

Go Back   Mombu the Php Forum > Php > #35323 : debug_backtrace() crash when assigned to global in error handler (works in 5.1)
User Name
Password
REGISTER NOW! Mark Forums Read

sponsored links


Reply
 
1 26th August 00:44
php-bugs@lists.php.net (tcarter at noggin dot com dot
External User
 
Posts: 1
Default #35323 : debug_backtrace() crash when assigned to global in error handler (works in 5.1)


ID: 35323
User updated by: tcarter at noggin dot com dot au
Reported By: tcarter at noggin dot com dot au
Status: Open
Bug Type: Scripting Engine problem
Operating System: Linux 2.4.31
PHP Version: 4.4.2RC1
New Comment:

This crash seems to be related to the way that the
$errcontext (symbol table) argument passed to the error
handler is treated by debug_backtrace.

If you unset the $errcontext argument in the backtrace
(arg 5 of the final call) then the crash does not occur.

It appears to be specific to debug_backtrace() because
setting the global variable directly to $errcontext as a
named argument, or from func_get_args() does not trigger a
crash.


Previous Comments:
------------------------------------------------------------------------

[2005-11-23 04:25:01] tcarter at noggin dot com dot au

PHP 4.3.11 does not crash
PHP 4.4.0 crashes

(Both versions tested on both Solars SPARC & Linux x86)

------------------------------------------------------------------------

[2005-11-22 09:13:47] sniper@php.net

Does not happen with PHP 5.1 CVS.


------------------------------------------------------------------------

[2005-11-22 08:33:53] tcarter at noggin dot com dot au

Description:
------------
Calls to debug_backtrace() cause PHP to crash when
the result is assigned to a static or uninitialized global
variable inside a custom error handler when an error is
triggered from inside a (different) function.

Crash occurs with:
PHP 4.4.1
PHP 4.4.2RC2 (Snapshot 200511220601)

Does not occur with:
PHP 4.3.10
PHP 5.0.3


Reproduce code:
---------------
function err_h() {
global $backtrace;
$backtrace = debug_backtrace();
}

set_error_handler("err_h");

function crash_me() { trigger_error('Crash!'); }

crash_me();


Expected result:
----------------
PHP shouldn't crash

Actual result:
--------------
[trav@dev php4-STABLE-200511220601]$ ./configure
--disable-all --enable-debug
....
[trav@dev php4-STABLE-200511220601]$ gdb sapi/cli/php
....
This GDB was configured as "i386-redhat-linux-gnu"...
(gdb) set args -c ./php.ini-dist -f ~/crashme.php
(gdb) run
Starting
program: /home/users/trav/build/php4-STABLE-200511220601/sapi/cli/php
-c ./php.ini-dist -f ~/crashme.php
[Tue Nov 22 18:23:15 2005] Script:
'/home/users/trav/crashme.php'
---------------------------------------
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_opcode.c(152)
:
Block 0x0816F7E8 status:
Beginning: Overrun (magic=0x08170A78,
expected=0x7312F8DC)
End: Unknown
---------------------------------------
[Tue Nov 22 18:23:15 2005] Script:
'/home/users/trav/crashme.php'
---------------------------------------
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_opcode.c(159)
:
Block 0x0816A028 status:
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_variables.c(44)
:
Actual location (location was relayed)
Beginning: Overrun (magic=0x0816A060,
expected=0x7312F8DC)
End: Unknown
---------------------------------------
[Tue Nov 22 18:23:15 2005] Script:
'/home/users/trav/crashme.php'
---------------------------------------
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_opcode.c(159)
:
Block 0x08169FE8 status:
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_variables.c(44)
:
Actual location (location was relayed)
Beginning: Overrun (magic=0x0816A020,
expected=0x7312F8DC)
End: Unknown
---------------------------------------
[Tue Nov 22 18:23:15 2005] Script:
'/home/users/trav/crashme.php'
---------------------------------------
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_opcode.c(159)
:
Block 0x08170A40 status:
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_variables.c(44)
:
Actual location (location was relayed)
Beginning: Overrun (magic=0x0816FB68,
expected=0x7312F8DC)
End: Unknown
---------------------------------------
[Tue Nov 22 18:23:15 2005] Script:
'/home/users/trav/crashme.php'
---------------------------------------
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_opcode.c(159)
:
Block 0x08170938 status:
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_variables.c(44)
:
Actual location (location was relayed)
Beginning: Overrun (magic=0x08170A38,
expected=0x7312F8DC)
End: Unknown
---------------------------------------
[Tue Nov 22 18:23:15 2005] Script:
'/home/users/trav/crashme.php'
---------------------------------------
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_opcode.c(169)
:
Block 0x0816F820 status:
Beginning: Overrun (magic=0x401D662C,
expected=0x7312F8DC)
End: Unknown
---------------------------------------
[Tue Nov 22 18:23:15 2005] Script:
'/home/users/trav/crashme.php'
---------------------------------------
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_opcode.c(171)
:
Block 0x0816F7B0 status:
Beginning: Overrun (magic=0x0816F7E0,
expected=0x7312F8DC)
End: Unknown
---------------------------------------
[Tue Nov 22 18:23:15 2005] Script:
'/home/users/trav/crashme.php'
---------------------------------------
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_opcode.c(152)
:
Block 0x08170A80 status:
Beginning: Overrun (magic=0x0816FC20,
expected=0x7312F8DC)
End: Unknown
---------------------------------------
[Tue Nov 22 18:23:15 2005] Script:
'/home/users/trav/crashme.php'
---------------------------------------
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_opcode.c(159)
:
Block 0x0816FC28 status:
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_variables.c(44)
:
Actual location (location was relayed)
Beginning: Overrun (magic=0x081701D0,
expected=0x7312F8DC)
End: Unknown
---------------------------------------
[Tue Nov 22 18:23:15 2005] Script:
'/home/users/trav/crashme.php'
---------------------------------------
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_opcode.c(159)
:
Block 0x0816FBB0 status:
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_variables.c(44)
:
Actual location (location was relayed)
Beginning: Overrun (magic=0x08164618,
expected=0x7312F8DC)
End: Unknown
---------------------------------------

Program received signal SIGSEGV, Segmentation fault.
0x080e1dbc in _efree (ptr=0x8170adc,
__zend_filename=0x81307c0
"/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_opcode.c",
__zend_lineno=169,
__zend_orig_filename=0x0, __zend_orig_lineno=0)
at
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_alloc.c:260
260 REMOVE_POINTER_FROM_LIST(p);
(gdb) bt
#0 0x080e1dbc in _efree (ptr=0x8170adc,
__zend_filename=0x81307c0
"/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_opcode.c",
__zend_lineno=169,
__zend_orig_filename=0x0, __zend_orig_lineno=0)
at
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_alloc.c:260
#1 0x080ebabc in destroy_op_array (op_array=0x816fc60)
at
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_opcode.c:169

#2 0x080eb8c0 in destroy_zend_function
(function=0x816fc60)
at
/home/users/trav/build/php4-STABLE-200511220601/Zend/zend_opcode.c:100

#3 0x080f7e25 in zend_hash_destroy (ht=0x8143220)
at /home/users/trav/build/php4-STABLE-200511220601/Zend/zend_hash.c:556

#4 0x080f2396 in zend_shutdown ()
at /home/users/trav/build/php4-STABLE-200511220601/Zend/zend.c:573
#5 0x080c0b7f in php_module_shutdown ()
at /home/users/trav/build/php4-STABLE-200511220601/main/main.c:1286
#6 0x0810aef7 in main (argc=5, argv=0xbffff924)
at
/home/users/trav/build/php4-STABLE-200511220601/sapi/cli/php_cli.c:887

#7 0x400b5a67 in __libc_start_main ()
from /lib/i686/libc.so.6

------------------------------------------------------------------------


--
Edit this bug report at http://bugs.php.net/?id=35323&edit=1
  Reply With Quote


  sponsored links


Reply


Thread Tools
Display Modes




Copyright 2006 SmartyDevil.com - Dies Mies Jeschet Boenedoesef Douvema Enitemaus -
666