PHP :: Bug #26268 :: An overload()ed class with __set() and another object contained crashes PHP

Bug #26268

An overload()ed class with __set() and another object contained crashes PHP

Submitted:

2003-11-15 19:26 UTC

Modified:

2004-04-13 12:47 UTC

Votes:	4
Avg. Score:	4.8 ± 0.4
Reproduced:	4 of 4 (100.0%)
Same Version:	2 (50.0%)
Same OS:	1 (25.0%)

From:

l dot barnaba at openssl dot it

Assigned:

Status:

Wont fix

Package:

Class/Object related

PHP Version:

4CVS-2004-02-11

OS:

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	l dot barnaba at openssl dot it
New email:
PHP Version:		OS:

New Comment:

[2003-11-15 19:26 UTC] l dot barnaba at openssl dot it

Description:
------------
If you have an overloaded class containing:
* The three __call(), __get() and __set() methods;
* An associated object instantiated in the constructor;
* A call to call_user_func() or call_user_func_array() on the newly created object;

PHP will crash with signal 11.

I have noticed that removing the __set() magic method makes all behave correctly, and also not using auxiliary variables in the call_user_func_array() call (e.g, using:
$obj = new Obj(); call_user_func_array(array(&$obj, $method), $params); $this->_obj = $obj; instead of:
$this->_obj = new Obj(); call_user_func_array(array(&$this->_obj, $method), $params); makes things work, but at the end of execution of large scripts I get memory allocation errors in Unknown Line 0.

Configure line:
'./configure' '--enable-versioning' '--enable-memory-limit' '--with-layout=GNU' '--with-zlib-dir=/usr' '--disable-all' '--with-regex=php' '--with-pear' '--enable-ctype' '--enable-ftp' '--with-gd' '--enable-gd-native-ttf' '--enable-gd-jis-conv' '--with-freetype-dir=/usr/local' '--with-jpeg-dir=/usr/local' '--with-png-dir=/usr/local' '--enable-gd-lzw-gif' '--with-gmp=/usr/local' '--with-mcal=/usr/local' '--with-mcrypt=/usr/local' '--with-mhash=/usr/local' '--with-mime-magic=/usr/share/misc/magic.mime' '--with-mysql=/usr/local' '--with-openssl-dir=/usr' '--with-openssl=/usr' '--enable-overload' '--with-pcre-regex=yes' '--with-pdflib=/usr/local' '--enable-posix' '--enable-session' '--enable-sockets' '--with-sybase-ct=/usr/local' '--enable-sysvsem' '--enable-sysvshm' '--enable-tokenizer' '--enable-wddx' '--with-expat-dir=/usr/local' '--enable-xml' '--with-zip=/usr/local' '--with-zlib=yes' '--with-apxs=/usr/local/sbin/apxs' '--with-imap=/usr/local' '--with-imap-ssl=/usr/local' '--with-ncurses=/usr' '--prefix=/usr/local' 'i386-portbld-freebsd4.9'

Running under apache 1.3.28, with no special flags added, also using the -dist php.ini.

Backtrace:
#0  0x81989ec in execute (op_array=0x82b8e24) at /usr/ports/lang/php4-cli/work/php-4.3.4/Zend/zend_execute.c:2004
2004                                                    expr_ptr = *expr_ptr_ptr;
(gdb) bt
#0  0x81989ec in execute (op_array=0x82b8e24) at /usr/ports/lang/php4-cli/work/php-4.3.4/Zend/zend_execute.c:2004
#1  0x817bdfc in call_user_function_ex (function_table=0x82c7418, object_pp=0xbfbfe21c, function_name=0x82c7330, retval_ptr_ptr=0xbfbfe220, param_count=0, params=0x82ca2a4, no_separation=0, 
    symbol_table=0x0) at /usr/ports/lang/php4-cli/work/php-4.3.4/Zend/zend_execute_API.c:567
#2  0x80cd812 in overload_call_method (ht=0, return_value=0x82b7664, this_ptr=0x82b7fe4, return_value_used=1, property_reference=0xbfbfe37c)
    at /usr/ports/lang/php4-cli/work/php-4.3.4/ext/overload/overload.c:590
#3  0x8190230 in call_overloaded_function (T=0xbfbfe370, arg_count=0, return_value=0x82b7664) at /usr/ports/lang/php4-cli/work/php-4.3.4/Zend/zend_execute.c:978
#4  0x819559b in execute (op_array=0x82b85a4) at /usr/ports/lang/php4-cli/work/php-4.3.4/Zend/zend_execute.c:1682
#5  0x81838ad in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/ports/lang/php4-cli/work/php-4.3.4/Zend/zend.c:884
#6  0x815c5f3 in php_execute_script (primary_file=0xbfbffb1c) at /usr/ports/lang/php4-cli/work/php-4.3.4/main/main.c:1729
#7  0x819c585 in main (argc=2, argv=0xbfbffb84) at /usr/ports/lang/php4-cli/work/php-4.3.4/sapi/cli/php_cli.c:819

Thanks if you fix this bug :>.


Reproduce code:
---------------
class Base
{
    function Example() {
        print("Object instantiated\n");
    }
}

class Test
{
    var $_obj;

    function Test() {
        $this->_obj = new Base();
        call_user_func(array(&$this->_obj, 'Example'));
    }

    function __call($method, $params, &$return) { }
    function __get($property, &$value) { }
    function __set($property, $value) {
        $this->$property = $value;
        return true;
    }
}

overload('Test');
$t = new Test();


Expected result:
----------------
"Object Instantiated"

Actual result:
--------------
PHP Crashes with signal 11.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-11-25 04:22 UTC] sniper@php.net

Just FYI: This works fine with PHP 5..

[2004-03-31 03:38 UTC] ruust at lavtech dot ru

Same situation on PHP 4.3.3.
We can not use PHP 5 on production server.

[2004-04-13 12:47 UTC] sniper@php.net

Overload support in PHP 4 is experimental at best and won't be touched anymore. (to get really working OO support, switch to PHP 5)

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Jan 05 05:01:28 2025 UTC