PHP :: Bug #39445 :: Calling debug_backtrace() in the __toString() function produces a crash

Bug #39445	Calling debug_backtrace() in the __toString() function produces a crash
Submitted:	2006-11-09 10:54 UTC	Modified:	2006-11-15 16:06 UTC
From:	daan at parse dot nl	Assigned:	dmitry (profile)
Status:	Closed	Package:	Reproducible crash
PHP Version:	5.2.0	OS:	Slackware 10.2
Private report:	No	CVE-ID:	None

View Developer Edit

[2006-11-09 10:54 UTC] daan at parse dot nl

Description:
------------
Calling debug_backtrace() in an __toString() function produces a crash, but only when the __toString() function is triggered by a native php string function.


Reproduce code:
---------------
<?php
class test
{
	public function __toString()
	{
		debug_backtrace();
		return 'lowercase';
	}
}

	$test = new test();
	echo strtoupper($test);
?>

Expected result:
----------------
An echoed "LOWERCASE"

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 28346)]
zend_objects_store_del_ref_by_handle (handle=1089634572)
   at /usr/src/php-5.2.0/Zend/zend_objects_API.c:187
187             if (EG(objects_store).object_buckets[handle].valid) {
(gdb) bt
#0  zend_objects_store_del_ref_by_handle (handle=1089634572)
   at /usr/src/php-5.2.0/Zend/zend_objects_API.c:187
#1  0x40656015 in zend_objects_store_del_ref (zobject=0x40f27e10)
   at /usr/src/php-5.2.0/Zend/zend_objects_API.c:165
#2  0x40636a52 in _convert_to_string (op=0x40f27e10)
   at /usr/src/php-5.2.0/Zend/zend_variables.h:35
#3  0x405c8b79 in zif_strtoupper (ht=1, return_value=0x40f27df8,
   return_value_ptr=0x0, this_ptr=0x0, return_value_used=0)
   at /usr/src/php-5.2.0/ext/standard/string.c:1132
#4  0x40658d64 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffb260)
   at /usr/src/php-5.2.0/Zend/zend_vm_execute.h:200
#5  0x40658499 in execute (op_array=0x40f24184)
   at /usr/src/php-5.2.0/Zend/zend_vm_execute.h:92
#6  0x4063ec0c in zend_execute_scripts (type=8, retval=0x0, file_count=3)
   at /usr/src/php-5.2.0/Zend/zend.c:1097
#7  0x40604e3a in php_execute_script (primary_file=0xbfffd5c0)
   at /usr/src/php-5.2.0/main/main.c:1758
#8  0x406bf8d2 in apache_php_module_main (r=0x80cb5bc, display_source_mode=0)
   at /usr/src/php-5.2.0/sapi/apache/sapi_apache.c:53
#9  0x406c02e6 in send_php (r=0x80cb5bc, display_source_mode=0, filename=0x0)
   at /usr/src/php-5.2.0/sapi/apache/mod_php5.c:660
#10 0x406c04f6 in send_parsed_php (r=0x80cb5bc)
   at /usr/src/php-5.2.0/sapi/apache/mod_php5.c:675
#11 0x08053ff7 in ap_invoke_handler ()
#12 0x08069039 in process_request_internal ()
#13 0x08069098 in ap_process_request ()
#14 0x080600ba in child_main ()
#15 0x08060262 in make_child ()
#16 0x080603c8 in startup_children ()
#17 0x08060a88 in standalone_main ()
#18 0x080612a6 in main ()

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-11-09 17:57 UTC] iliaa@php.net

This patch seems to fix the problem:
http://bb.prohost.org/patch/ze.txt

But I am not 100% certain of its validity.

[2006-11-15 16:06 UTC] dmitry@php.net

Fixed in CVS HEAD and PHP_5_2.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri May 30 22:01:27 2025 UTC