php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #31086 Type hinting in constructor crashes php
Submitted: 2004-12-14 12:49 UTC Modified: 2005-06-06 08:48 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: junkmail at konvergencia dot hu Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 5CVS-2005-02-14 OS: *
Private report: No CVE-ID: None
View Developer Edit
 [2004-12-14 12:49 UTC] junkmail at konvergencia dot hu 
Description:
------------
If class B's constructor is defined as __construct(A $anObject), calling new B(new A) without taking the return value causes a crash (SIGBUS).
Not using type hinting or assigning the result to a variable seems to work around the problem.
E.g. $tmp = new B(new A()) does not produce the crash.




Reproduce code:
---------------
<?php
Class A {
        function __construct(){}
}

Class B {
        function __construct(A $a){}
}
new B(new A());
echo 'OK';
?>


Expected result:
----------------
A simple OK would be nice ;)


Actual result:
--------------
Program terminated with signal 10, Bus error.
(gdb) bt
#0  zend_std_object_get_class (object=0x84591cc) at /usr/local/src/php-5.0.2/Zend/zend_object_handlers.c:905
#1  0x81b66dd in zend_get_class_entry (zobject=0x84591cc) at /usr/local/src/php-5.0.2/Zend/zend_API.c:205
#2  0x81e9d5b in zend_recv_handler (execute_data=0xbfbfe094, opline=0x8443e58, op_array=0x83a6c0c)
    at /usr/local/src/php-5.0.2/Zend/zend_execute.c:345
#3  0x81d0805 in execute (op_array=0x83a6c0c) at /usr/local/src/php-5.0.2/Zend/zend_execute.c:1400
#4  0x81e8193 in zend_do_fcall_common_helper (execute_data=0xbfbfe254, opline=0x845a39c, op_array=0x83a660c)
    at /usr/local/src/php-5.0.2/Zend/zend_execute.c:2740
#5  0x81e84ed in zend_do_fcall_by_name_handler (execute_data=0xbfbfe254, opline=0x845a39c, op_array=0x83a660c)
    at /usr/local/src/php-5.0.2/Zend/zend_execute.c:2825
#6  0x81d0805 in execute (op_array=0x83a660c) at /usr/local/src/php-5.0.2/Zend/zend_execute.c:1400
#7  0x81b6195 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/src/php-5.0.2/Zend/zend.c:1060
#8  0x8187dbb in php_execute_script (primary_file=0xbfbff8d0) at /usr/local/src/php-5.0.2/main/main.c:1629
#9  0x81f1120 in main (argc=2, argv=0xbfbff948) at /usr/local/src/php-5.0.2/sapi/cgi/cgi_main.c:1568
(gdb) print zobj
$1 = (zend_object *) 0xffffffff

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-01-11 23:40 UTC] tony2001@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.0-win32-latest.zip

I can't reproduce it with latest 5.0.x-CVS version.
 [2005-01-21 16:23 UTC] junkmail at konvergencia dot hu 
I can reproduce the error with the latest -STABLE snapshot (php5-STABLE-200501211330).

php -v output:

PHP 5.0.4-dev (cgi) (built: Jan 21 2005 15:44:03)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v2.0.4-dev, Copyright (c) 1998-2004 Zend Technologies

The backtrace is the same.

I've tried to compile with different optimization levels (from none to -O2, with and without -fno-strict-aliasing) and with gcc 2.95 (the default compiler on FreeBSD 4.x, and gcc 3.3) The result is always the same :/
 [2005-01-23 20:32 UTC] moriyoshi@php.net 
Confirmed both on Linux and OSX.

It seems presence of a type hint doesn't matter.

----
<?php
class A {
}
class B {
  function __construct(A $a) {
    var_dump($a);
  }
}

new B(new A());
?>
----

#0  zend_std_object_get_class (object=0xffffffff)
    at /home/moriyoshi/src/php-src-5/Zend/zend_object_handlers.c:825
#1  0x0823a597 in zend_get_class_entry (zobject=0x8557dd4)
    at /home/moriyoshi/src/php-src-5/Zend/zend_API.c:227
#2  0x082bbde0 in zend_verify_arg_type (zf=0xffffffff, arg_num=1,
    arg=0x8556e94) at /home/moriyoshi/src/php-src-5/Zend/zend_execute.c:614
#3  0x0825c75a in ZEND_RECV_SPEC_HANDLER (execute_data=0xbfffd190)
    at zend_vm_execute.h:343
#4  0x0825bbe8 in execute (op_array=0x8568984) at zend_vm_execute.h:78
#5  0x0825c179 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffd320)
    at zend_vm_execute.h:204
#6  0x0825bbe8 in execute (op_array=0x8561c04) at zend_vm_execute.h:78
#7  0x08239e1f in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/moriyoshi/src/php-src-5/Zend/zend.c:1058
#8  0x081fd08f in php_execute_script (primary_file=0xbffff720)
    at /home/moriyoshi/src/php-src-5/main/main.c:1636
#9  0x082be3ae in main (argc=2, argv=0xbffff7e4)
 [2005-01-23 20:36 UTC] moriyoshi@php.net 
On the other hand this script fully works.

<?php
class A {
}
class B {
  function __construct(A $a) {
    var_dump($a);
  }
}

$a = new A();
new B($a);
?>

Therefore I think some wrong assumption is made for the temporary variable received in the handler specific to constructors.
 [2005-01-23 21:09 UTC] helly@php.net 
Funny, while the first works:
php -r 'class A{} class B { function __construct(A $x){}} $b=new B(new A);'

the second does not:
php -r 'class A{} class B { function __construct(A $x){}} new B(new A);'
Fatal error: Argument 1 must be an object of class A in Command line code on line 1
 [2005-06-06 08:48 UTC] dmitry@php.net 
This is the same as #30080, that is already fixed in CVS HEAD and PHP_5_0.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Nov 02 13:00:01 2025 UTC