PHP :: Bug #47572 :: Undefined constant causes segmentation fault

Bug #47572

Undefined constant causes segmentation fault

Submitted:

2009-03-05 15:27 UTC

Modified:

2009-03-08 17:26 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

pumuckel at metropolis dot de

Assigned:

Status:

Closed

Package:

Reproducible crash

PHP Version:

5.3CVS-2009-03-05 (snap)

OS:

Linux Gentoo

Private report:

CVE-ID:

None

View Developer Edit

[2009-03-05 15:27 UTC] pumuckel at metropolis dot de

Description:
------------
Reproducable segmentation fault when creating class instance. Caused by use of an undefined constant.



Reproduce code:
---------------
<?php

class Foo {
  public static $bar = array(
    FOO => "bar"
    );

}

$foo = new Foo();
?>

Expected result:
----------------
clean running script - no crash

Actual result:
--------------
Segmentation fault.
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1231058752 (LWP 14743)]
0x0836e169 in zval_update_constant_ex ()
(gdb) where
#0  0x0836e169 in zval_update_constant_ex ()
#1  0x0836e94e in zval_update_constant ()
#2  0x08384ee3 in zend_hash_apply_with_argument ()
#3  0x0837efff in zend_update_class_constants ()
#4  0x0837f257 in _object_and_properties_init ()
#5  0x0837f35e in _object_init_ex ()
#6  0x083a8f9d in ?? ()
#7  0x089e6c18 in ?? ()
#8  0x089e8644 in ?? ()
#9  0xb6d0dff4 in ?? () from /lib/libc.so.6
#10 0xb69f88c0 in ?? ()
#11 0x08a18668 in ?? ()
#12 0xbfefa6f8 in ?? ()
#13 0x08a5c8b4 in ?? ()
#14 0x08a18854 in ?? ()
#15 0x08a187f0 in ?? ()
#16 0x08a1883c in ?? ()
#17 0xbfefa708 in ?? ()
#18 0x083995b6 in ?? ()
#19 0x089e8624 in ?? ()
#20 0x00000003 in ?? ()
#21 0x089e6c18 in ?? ()
#22 0x08a187f0 in ?? ()
#23 0x08a187f0 in ?? ()
#24 0x08a1883c in ?? ()
#25 0xbfefa748 in ?? ()
#26 0x0839a839 in execute ()

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-03-05 15:37 UTC] pajoye@php.net

Confirmed, backtrace:

!zval_update_constant_ex(_zval_struct * * pp=0x02b57934, void * arg=0x00000001, _zend_class_entry * scope=0x00000000)  Line 620 + 0x6 bytes	C
!zval_update_constant(_zval_struct * * pp=0x02b57934, void * arg=0x00000001)  Line 680 + 0xf bytes	C
!zend_hash_apply_with_argument(_hashtable * ht=0x02b57490, int (void *, void *)* apply_func=0x101b5cc0, void * argument=0x00000001)  Line 697 + 0x10 bytes	C
!zend_update_class_constants(_zend_class_entry * class_type=0x02b573f0)  Line 1032 + 0x16 bytes	C
!_object_and_properties_init(_zval_struct * arg=0x02b57a20, _zend_class_entry * class_type=0x02b573f0, _hashtable * properties=0x00000000, char * __zend_filename=0x1052ca88, unsigned int __zend_lineno=477)  Line 1054 + 0x9 bytes	C
!_object_init_ex(_zval_struct * arg=0x02b57a20, _zend_class_entry * class_type=0x02b573f0, char * __zend_filename=0x1052ca88, unsigned int __zend_lineno=477)  Line 1075 + 0x17 bytes	C
!ZEND_NEW_SPEC_HANDLER(_zend_execute_data * execute_data=0x02b80090)  Line 477 + 0x27 bytes	C
!execute(_zend_op_array * op_array=0x02b55750)  Line 104 + 0xe bytes	C
!zend_execute_scripts(int type=8, _zval_struct * * retval=0x00000000, int file_count=3, ...)  Line 1181 + 0xe bytes	C
!php_execute_script(_zend_file_handle * primary_file=0x00c1fed8)  Line 2147 + 0x17 bytes	C
php.exe!main(int argc=2, char * * argv=0x02cc4ca0)  Line 1159 + 0xc bytes	C

[2009-03-05 16:24 UTC] felipe@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Feb 22 16:01:29 2025 UTC