php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #24635 small block of code causes crash, possibly destructor related.
Submitted: 2003-07-13 12:53 UTC Modified: 2003-07-27 07:51 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: eric at cosky dot com Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 5CVS-2003-07-13 (dev) OS: *
Private report: No CVE-ID: None
View Developer Edit
 [2003-07-13 12:53 UTC] eric at cosky dot com 
Description:
------------
The following block of code will crash the PHP I installed from php5-win32-200307130630.zip (and previous versions).

I've read that I should be using '&new' to gain proper use of destructors, but it seems reasonable to say that using 'new' shouldn't cause a server crash. Perhaps a useful thing to do would be to have a class that has a __destruct() function produce an error if created without '&new'? 


Reproduce code:
---------------
class SiteClass {
	function __construct()	{ $this->page = new PageClass(); }
}
class PageClass {
	function Display() {
		$section = new SectionClass("PageClass::Display");
	}
}
class SectionClass {
	function __construct($comment) {
		$this->Comment = $comment;
 	}
	function __destruct() {
		out($this->Comment); // this line doesn't crash PHP 
 		out("\n<!-- End Section: " . $this->Comment . "-->"); // this line crashes PHP
 	}
}
function out($code) { return; }
$site = new SiteClass(); 
$site->page->Display();

Expected result:
----------------
Nothing.

Actual result:
--------------
System alert for PHP crashing.

Patches

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-07-13 18:20 UTC] sniper@php.net 
Verified, backtrace as follows:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (runnable)]
_efree (ptr=0x6f697463) at /usr/src/web/php/php5/Zend/zend_alloc.c:257
257             CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p->size);
(gdb) bt
#0  _efree (ptr=0x6f697463) at /usr/src/web/php/php5/Zend/zend_alloc.c:257
#1  0x813e01b in _zval_ptr_dtor (zval_ptr=0x4029afc0) at /usr/src/web/php/php5/Zend/zend_execute.h:67
#2  0x814b075 in zend_hash_clean (ht=0x4029adbc) at /usr/src/web/php/php5/Zend/zend_hash.c:535
#3  0x816bb91 in zend_do_fcall_common_helper (execute_data=0xbfffd53c, op_array=0x4029839c)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2673
#4  0x816bd80 in zend_do_fcall_by_name_handler (execute_data=0xbfffd53c, op_array=0x4029839c)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2725
#5  0x815c2c4 in execute (op_array=0x4029839c) at /usr/src/web/php/php5/Zend/zend_execute.c:1194
#6  0x8146b20 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/web/php/php5/Zend/zend.c:1017
#7  0x811b8d3 in php_execute_script (primary_file=0xbffff898) at /usr/src/web/php/php5/main/main.c:1695
#8  0x8175503 in main (argc=2, argv=0xbffff904) at /usr/src/web/php/php5/sapi/cgi/cgi_main.c:1560
#9  0x401b19cb in __libc_start_main (main=0x8174c80 <main>, argc=2, argv=0xbffff904, init=0x806985c <_init>, 
    fini=0x8175c14 <_fini>, rtld_fini=0x4000aea0 <_dl_fini>, stack_end=0xbffff8fc)
    at ../sysdeps/generic/libc-start.c:92
 [2003-07-27 07:51 UTC] stas@php.net 
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Mon Aug 19 03:01:30 2024 UTC