php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #27997 SPL: Crash with getInnerIterator()
Submitted: 2004-04-14 16:28 UTC Modified: 2004-04-14 19:26 UTC
From: adam at trachtenberg dot com Assigned: helly (profile)
Status: Closed Package: Reproducible crash
PHP Version: 5CVS-2004-04-14 (dev) OS: *
Private report: No CVE-ID: None
 [2004-04-14 16:28 UTC] adam at trachtenberg dot com
Description:
------------
SPL crashes PHP when the developer misuses 
getInnerIterator().

This test case triggers the crash, but it probably not 
the smallest such test case. Sorry.

Reproduce code:
---------------
class CrashIterator extends FilterIterator implements RecursiveIterator {
    function accept() { 
        return true;
    }

    function hasChildren() {
        return $this->getInnerIterator()->hasChildren();
    }

    function getChildren() {
        return new RecursiveDirectoryIterator($this->getInnerIterator()->getPath());
    }
}


$dir = new RecursiveIteratorIterator(new CrashIterator(
        new RecursiveDirectoryIterator($argv[1])), 1);
foreach ($dir as $file) {
        print "$file\n";
}

Expected result:
----------------
No crash.

Actual result:
--------------
Core dump. Let me know if you want a bt.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-04-14 17:11 UTC] amt@php.net
Here's a bt. Don't know what's up with xmlLastError:

#0  0x00173bf8 in xmlLastError ()
(gdb) bt
#0  0x00173bf8 in xmlLastError ()
#1  0x00173be0 in xmlLastError ()
#2  0x0030e260 in zend_make_printable_zval 
(expr=0x30e260, expr_copy=0xd081d8, use_copy=0x5) at /
usr/local/cvs/php-src/Zend/zend.c:229
#3  0x0034593c in zend_add_var_handler 
(execute_data=0xbfffec10, opline=0xd06a44, 
op_array=0xd05d08) at /usr/local/cvs/php-src/Zend/
zend_execute.c:2401
#4  0x00341314 in execute (op_array=0xd05d08) at /usr/
local/cvs/php-src/Zend/zend_execute.c:1391
#5  0x003104dc in zend_execute_scripts (type=8, 
retval=0x0, file_count=3) at /usr/local/cvs/php-src/
Zend/zend.c:1058
#6  0x002aecb0 in php_execute_script 
(primary_file=0xbffff680) at /usr/local/cvs/php-src/
main/main.c:1630
#7  0x003540bc in main (argc=3, argv=0xbffffbec) at /
usr/local/cvs/php-src/sapi/cli/php_cli.c:943

 [2004-04-14 19:26 UTC] helly@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 14:01:32 2024 UTC