PHP :: Bug #50005 :: Throwing through Reflection modified Exception object makes segmentation fault

Bug #50005	Throwing through Reflection modified Exception object makes segmentation fault
Submitted:	2009-10-26 21:23 UTC	Modified:	2009-11-12 00:12 UTC
From:	arturas dot moskvinas at gmail dot com	Assigned:	felipe (profile)
Status:	Closed	Package:	Reproducible crash
PHP Version:	5.2, 5.3.0, 6	OS:	Centos 5.3 Final 64bit
Private report:	No	CVE-ID:	None

View Developer Edit

[2009-10-26 21:23 UTC] arturas dot moskvinas at gmail dot com

Description:
------------
Throwing through Reflection modified Exception (or any other Exception type) object makes php segment fault when file property is set to null.



Reproduce code:
---------------
<?php
$e = new Exception();
$reflection = new ReflectionObject($e);
$property = $reflection->getProperty("file");
$property->setAccessible(true);
$property->setValue($e, null);
throw $e;
?>

Expected result:
----------------
PHP Fatal error:  Uncaught exception 'Exception' in null:xx

Actual result:
--------------
Segmentation fault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-10-26 22:22 UTC] johannes@php.net

(dbx) where 
current thread: t@1
  [1] strlen(0x0, 0x0, 0x44, 0xfefefefefefefeff, 0x0, 0x4000), at 0xfffffd7fff18d520 
  [2] strdup(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0xfffffd7fff1ccf78 
  [3] php_error_cb(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0x894252 
=>[4] zend_error_va(type = 1, file = (nil), lineno = 2U, format = 0xcf5f12 "Uncaught %s\n  thrown", ...), line 749 in "zend_exceptions.c"
  [5] zend_exception_error(exception = 0xd6a890, severity = 1), line 789 in "zend_exceptions.c"
  [6] zend_execute_scripts(type = 8, retval = (nil), file_count = 3, ...), line 1212 in "zend.c"
  [7] php_execute_script(primary_file = 0xfffffd7fffdff780), line 2226 in "main.c"
  [8] main(argc = 1, argv = 0xfffffd7fffdff858), line 1190 in "php_cli.c"

[2009-11-05 14:50 UTC] kalle@php.net

I cannot reproduce this using VC9 TS builds on Windows, using 5.3.0 and 5.3.2-dev:

C:\php>php -v
PHP 5.3.2-dev (cli) (built: Nov  5 2009 15:19:54)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2009 Zend Technologies

C:\php>php bug50005.php

Fatal error: Uncaught exception 'Exception' in :2
Stack trace:
#0 {main}
  thrown in (null) on line 2

[2009-11-05 19:41 UTC] arturas dot moskvinas at gmail dot com

Probable strdup or strlen implementation on windows differs from linux.
Here is one of possible fix patches (on 5.3.0 release)
--- php-5.3.0.orig/main/main.c	2009-06-04 10:41:01.000000000 +0300
+++ php-5.3.0/main/main.c	2009-10-30 17:49:40.000000000 +0200
@@ -865,7 +865,10 @@
 		}
 		PG(last_error_type) = type;
 		PG(last_error_message) = strdup(buffer);
-		PG(last_error_file) = strdup(error_filename);
+		if (error_filename)
+		{
+		    PG(last_error_file) = strdup(error_filename);
+		}
 		PG(last_error_lineno) = error_lineno;
 	}

[2009-11-12 00:10 UTC] svn@php.net

Automatic comment from SVN on behalf of felipe
Revision: http://svn.php.net/viewvc/?view=revision&revision=290567
Log: - Fixed bug #50005 (Throwing through Reflection modified Exception object makes segmentation fault)

[2009-11-12 00:12 UTC] felipe@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Thanks for the patch, but I've committed a bit different fix avoiding this '(null)' in the message.

[2013-05-12 12:13 UTC] ab@php.net

Related To: Bug #64821

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Nov 13 08:00:02 2025 UTC