PHP :: Bug #45168 :: Method call causes a crash

Bug #45168

Method call causes a crash

Submitted:

2008-06-04 10:49 UTC

Modified:

2008-07-14 01:00 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

webtweakers at gmail dot com

Assigned:

Status:

No Feedback

Package:

Reproducible crash

PHP Version:

5.2.6

OS:

Vista

Private report:

CVE-ID:

None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	webtweakers at gmail dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2008-06-04 10:49 UTC] webtweakers at gmail dot com

Description:
------------
A method call that passes on an Int and an Object seems to let PHP crash Apache.

I'm running PHP 5.2.0, but tested and experienced the same in PHP 5.2.6. Also I'm running PHP as a module for Apache 2.0.

Sorry that the code below is more then 20 lines: I just needed to illustrate the structure, because the call in itself looks very harmless and has no real reason to crash. Note that this whole thing is loaded from within an MVC-framework (bases on TinyMVC) and makes use of PHP's class autoload functionality. Also, besides code posted below, other stuff is run, including MySQL queries, etc.

The method call that crashes PHP + Apache is marked in the code.


Reproduce code:
---------------
<?php

	// this code crashes php when inside the full mvc application

	// class Data ---------------------------------
	class Data {

		private $id;

		public function __construct($id = 1) {
			$this->id = $id;
		}

		public function getId() {
			return $this->id;
		}

	}

	// class Prop ---------------------------------
	class Prop {

		private $a;
		private $b;
		private $c;

		public function __construct() {
			$this->a = 1;
			$this->b = 2;
			$this->c = 3;
		}

		public function getA() { return $this->a; }
		public function getB() { return $this->b; }
		public function getC() { return $this->c; }

	}

	// class Stats --------------------------------
	class Stats {

		public static function insert($id, &$obj) {
			print "Do something with id $id and object: <pre>" . print_r($obj, 1) . "</pre>";
		}

	}

	// class Controller ---------------------------
	class Controller {

		public function action() {
			$data = new Data(123);
			$prop = new Prop();
			Stats::insert($data->getId(), $prop); // <-- this call crashes php!
		}

	}

	// bootstrap ----------------------------------
	$c = new Controller;
	$c->action();

?>


Expected result:
----------------
Unfortunately the code above runs fine on its own. But from within the application the marked line will crash PHP + Apache.

When commenting that line out, things run fine.

When changing the call to pass on several separate properties instead of the $prop object, things run fine.


Actual result:
--------------
Here is a crash report for PHP 5.2.0, but again: the same crash happens in PHP 5.2.6, so I'm sure you guys can handle this.

---

Thread 3 - System ID 316
Entry point   msvcrt!_endthreadex+6f 
Create time   4-6-2008 11:12:18 
Time spent in user mode   0 Days 0:0:0.234 
Time spent in kernel mode   0 Days 0:0:0.390 


Function     Arg 1     Arg 2     Arg 3   Source 
php5ts!zend_mm_alloc+13d     01597940     0000002f     00000000    
php5ts!emalloc+21     00000000     00000000     00000000    


PHP5TS!ZEND_MM_ALLOC+13DWARNING - DebugDiag was not able to locate debug symbols for php5ts.dll, so the information below may be incomplete.


In httpd__PID__2512__Date__06_04_2008__Time_11_48_34AM__171__Second_Chance_Exception_C0000005.dmp the assembly instruction at php5ts!zend_mm_alloc+13d in C:\bin\php-5.2.0\php5ts.dll from The PHP Group has caused an access violation exception (0xC0000005) when trying to write to memory location 0x10ddbfd0 on thread 3

Module Information 
Image Name: C:\bin\php-5.2.0\php5ts.dll   Symbol Type:  Export 
Base address: 0x00da0000   Time Stamp:  Thu Nov 02 11:54:41 2006  
Checksum: 0x00000000   Comments:   
COM DLL: False   Company Name:  The PHP Group 
ISAPIExtension: False   File Description:  PHP Script Interpreter 
ISAPIFilter: False   File Version:  5.2.0.0 
Managed DLL: False   Internal Name:  php5ts.dll 
VB DLL: False   Legal Copyright:  Copyright ? 1997-2006 The PHP Group 
Loaded Image Name:  php5ts.dll   Legal Trademarks:  PHP 
Mapped Image Name:  C:\bin\php-5.2.0\php5ts.dll   Original filename:  php5ts.dll 
Module name:  php5ts   Private Build:   
Single Threaded:  False   Product Name:  PHP Script Interpreter 
Module Size:  4,77 MBytes   Product Version:  5.2.0 
Symbol File Name:  php5ts.dll   Special Build:  & 

---

I hope the above is readable for you.

Best regards,
Bas van Gaalen

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-07-06 11:56 UTC] jani@php.net

Backtrace from PHP 5.2.0 is useless to us, please provide proper one using 5.2.6 and have the debug symbols installed too. More info on how to make a proper backtrace: 
 http://bugs.php.net/bugs-generating-backtrace-win32.php

[2008-07-14 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Jul 16 19:01:32 2025 UTC