PHP :: Bug #27997 :: SPL: Crash with getInnerIterator()

Bug #27997	SPL: Crash with getInnerIterator()
Submitted:	2004-04-14 16:28 UTC	Modified:	2004-04-14 19:26 UTC
From:	adam at trachtenberg dot com	Assigned:	helly (profile)
Status:	Closed	Package:	Reproducible crash
PHP Version:	5CVS-2004-04-14 (dev)	OS:	*
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	adam at trachtenberg dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2004-04-14 16:28 UTC] adam at trachtenberg dot com

Description:
------------
SPL crashes PHP when the developer misuses 
getInnerIterator().

This test case triggers the crash, but it probably not 
the smallest such test case. Sorry.

Reproduce code:
---------------
class CrashIterator extends FilterIterator implements RecursiveIterator {
    function accept() { 
        return true;
    }

    function hasChildren() {
        return $this->getInnerIterator()->hasChildren();
    }

    function getChildren() {
        return new RecursiveDirectoryIterator($this->getInnerIterator()->getPath());
    }
}


$dir = new RecursiveIteratorIterator(new CrashIterator(
        new RecursiveDirectoryIterator($argv[1])), 1);
foreach ($dir as $file) {
        print "$file\n";
}

Expected result:
----------------
No crash.

Actual result:
--------------
Core dump. Let me know if you want a bt.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-04-14 17:11 UTC] amt@php.net

Here's a bt. Don't know what's up with xmlLastError:

#0  0x00173bf8 in xmlLastError ()
(gdb) bt
#0  0x00173bf8 in xmlLastError ()
#1  0x00173be0 in xmlLastError ()
#2  0x0030e260 in zend_make_printable_zval 
(expr=0x30e260, expr_copy=0xd081d8, use_copy=0x5) at /
usr/local/cvs/php-src/Zend/zend.c:229
#3  0x0034593c in zend_add_var_handler 
(execute_data=0xbfffec10, opline=0xd06a44, 
op_array=0xd05d08) at /usr/local/cvs/php-src/Zend/
zend_execute.c:2401
#4  0x00341314 in execute (op_array=0xd05d08) at /usr/
local/cvs/php-src/Zend/zend_execute.c:1391
#5  0x003104dc in zend_execute_scripts (type=8, 
retval=0x0, file_count=3) at /usr/local/cvs/php-src/
Zend/zend.c:1058
#6  0x002aecb0 in php_execute_script 
(primary_file=0xbffff680) at /usr/local/cvs/php-src/
main/main.c:1630
#7  0x003540bc in main (argc=3, argv=0xbffffbec) at /
usr/local/cvs/php-src/sapi/cli/php_cli.c:943

[2004-04-14 19:26 UTC] helly@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Oct 27 11:00:01 2025 UTC