|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2003-05-06 03:28 UTC] alan at akbkhome dot com
<?php
class test {
function __call($method,$params,&$return) {
debug_backtrace();
}
}
overload('test');
$t = new test; $t->hello();
?>
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sat Nov 01 08:00:02 2025 UTC |
Full backtrace, it simply shows that the function name is already freed when we try to strdup it. I couldn't find the cause though... #0 0x4072567b in strlen (str=0x5a5a5a5a <Address 0x5a5a5a5a out of bounds>) at ../sysdeps/i386/strlen.c:28 str = 0x5a5a5a5a <Address 0x5a5a5a5a out of bounds> cnt = -1 #1 0x08222aa1 in add_assoc_string_ex (arg=0x83b8c54, key=0x82a4e23 "function", key_len=9, str=0x5a5a5a5a <Address 0x5a5a5a5a out of bounds>, duplicate=1) at /dat/dev/php/php-4.3.0dev/Zend/zend_API.c:668 __s = 0x5a5a5a5a <Address 0x5a5a5a5a out of bounds> tmp = (zval *) 0x83c5b3c #2 0x0822c33c in zif_debug_backtrace (ht=0, return_value=0x83c560c, this_ptr=0x0, return_value_used=0) at /dat/dev/php/php-4.3.0dev/Zend/zend_builtin_functions.c:1239 ptr = (zend_execute_data *) 0xbfffd620 lineno = 10 function_name = 0x5a5a5a5a <Address 0x5a5a5a5a out of bounds> filename = 0x83c39dc "/tmp/test.php.txt" class_name = 0x83c49f4 "test" call_type = 0x82a4e2f "->" include_filename = 0x0 stack_frame = (zval *) 0x83b8c54 cur_arg_pos = (void **) 0x83b9744 args = (void **) 0x83b973c arg_stack_consistent = 1 frames_on_stack = 1 #3 0x082316ab in execute (op_array=0x83c5cf4) at /dat/dev/php/php-4.3.0dev/Zend/zend_execute.c:1606 original_return_value = (zval **) 0x83c4ee4 return_value_used = 0 execute_data = {opline = 0x83c4ecc, function_state = { function_symbol_table = 0x0, function = 0x8303a10, reserved = {0x83c55e8, 0xc4, 0x830150c, 0xbfffd178}}, fbc = 0x0, ce = 0x0, object = { ptr = 0x0}, Ts = 0xbfffcf80, original_in_execution = 1 '\001', op_array = 0x83c5cf4, prev_execute_data = 0xbfffd1f0} #4 0x08218175 in call_user_function_ex (function_table=0xbfffd2c8, object_pp=0xbfffd3ac, function_name=0xbfffd390, retval_ptr_ptr=0xbfffd3b8, param_count=3, params=0xbfffd360, no_separation=0, symbol_table=0x0) at /dat/dev/php/php-4.3.0dev/Zend/zend_execute_API.c:559 i = 3 original_return_value = (zval **) 0xbfffd694 calling_symbol_table = (HashTable *) 0x830124c original_function_state_ptr = (zend_function_state *) 0xbfffd624 original_op_array = (zend_op_array *) 0x83bf8cc original_opline_ptr = (zend_op **) 0xbfffd620 orig_free_op1 = 0 orig_free_op2 = 0 orig_unary_op = (int (*)()) 0 orig_binary_op = (int (*)()) 0 function_name_copy = {value = {lval = 138165884, dval = 1.2800237762503321e-313, str = {val = 0x83c3e7c "__call", len = 6}, ht = 0x83c3e7c, obj = {ce = 0x83c3e7c, properties = 0x6}}, type = 3 '\003', is_ref = 0 '\0', refcount = 1} execute_data = {opline = 0x0, function_state = { function_symbol_table = 0xbfffd330, function = 0x83c5cf4, reserved = { 0x8210159, 0x83c56ac, 0x0, 0x20}}, fbc = 0x0, ce = 0x0, object = { ptr = 0x83beda4}, Ts = 0x0, original_in_execution = 69 'E', op_array = 0x0, prev_execute_data = 0xbfffd620} #5 0x08130f16 in overload_call_method (ht=0, return_value=0x83c52f4, this_ptr=0x83beda4, return_value_used=1, property_reference=0xbfffd4a8) at /dat/dev/php/php-4.3.0dev/ext/overload/overload.c:566 handler_args = {0xbfffd37c, 0xbfffd35c, 0xbfffd33c} arg_array = (zval *) 0x83c57e4 result = {value = {lval = 137368844, dval = 5.3614447185633565e-269, str = {val = 0x830150c "", len = 138171136}, ht = 0x830150c, obj = { ce = 0x830150c, properties = 0x83c5300}}, type = 0 '\0', is_ref = 1 '\001', refcount = 4} result_ptr = (zval *) 0xbfffd340 temp_ce = {type = 2 '\002', name = 0x83c49f4 "test", name_length = 4, parent = 0x0, refcount = 0x83c4a94, constants_updated = 1 '\001', function_table = {nTableSize = 16, nTableMask = 15, nNumOfElements = 1, nNextFreeElement = 0, pInternalPointer = 0x83c5c94, pListHead = 0x83c5c94, pListTail = 0x83c5c94, arBuckets = 0x83c4acc, pDestructor = 0x8219b20 <destroy_zend_function>, persistent = 0 '\0', nApplyCount = 0 '\0', bApplyProtection = 1 '\001', inconsistent = 0}, default_properties = {nTableSize = 16, nTableMask = 15, nNumOfElements = 0, nNextFreeElement = 0, pInternalPointer = 0x0, pListHead = 0x0, pListTail = 0x0, arBuckets = 0x83c4b3c, pDestructor = 0x821ff0c <_zval_ptr_dtor_wrapper>, persistent = 0 '\0', nApplyCount = 0 '\0', bApplyProtection = 1 '\001', inconsistent = 0}, builtin_functions = 0x0, handle_function_call = 0, handle_property_get = 0, handle_property_set = 0} orig_ce = (zend_class_entry *) 0x83c4f80 i = 0 args = (zval ***) 0x83c55dc retval = (zval *) 0x0 call_result = -1073752624 use_call_handler = 1 '\001' object = (zval *) 0x83beda4 call_handler = {value = {lval = 136765616, dval = 1.279954593818955e-313, str = {val = 0x826e0b0 "__call", len = 6}, ht = 0x826e0b0, obj = {ce = 0x826e0b0, properties = 0x6}}, type = 3 '\003', is_ref = 0 '\0', refcount = 1} method_name = {value = {lval = 138171068, dval = 1.0678244532774356e-313, str = {val = 0x83c52bc "hello", len = 5}, ht = 0x83c52bc, obj = {ce = 0x83c52bc, properties = 0x5}}, type = 3 '\003', is_ref = 0 '\0', refcount = 2} method_name_ptr = (zval *) 0xbfffd380 method = (zend_overloaded_element *) 0x83c550c #6 0x0822ec1a in call_overloaded_function (T=0xbfffd49c, arg_count=0, return_value=0x83c52f4) at /dat/dev/php/php-4.3.0dev/Zend/zend_execute.c:968 ce = (zend_class_entry *) 0x83c4f80 #7 0x08231a9b in execute (op_array=0x83bf8cc) at /dat/dev/php/php-4.3.0dev/Zend/zend_execute.c:1672 original_return_value = (zval **) 0x83c3b54 return_value_used = 0 execute_data = {opline = 0x83c3d58, function_state = { function_symbol_table = 0x0, function = 0x83c5554, reserved = {0x821936e, 0x83bf954, 0x82a2d60, 0x61}}, fbc = 0x83c5554, ce = 0x0, object = { ptr = 0x83beda4}, Ts = 0xbfffd410, original_in_execution = 0 '\0', op_array = 0x83bf8cc, prev_execute_data = 0x0}