PHP :: Bug #27884 :: Segfault on overloading

Bug #27884	Segfault on overloading
Submitted:	2004-04-06 05:33 UTC	Modified:	2004-04-07 05:58 UTC
From:	s dot dehaan at lobbes dot biz	Assigned:
Status:	Closed	Package:	Class/Object related
PHP Version:	4.3.6RC1	OS:	Linux debian 2.2.20-idepci
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	s dot dehaan at lobbes dot biz
New email:
PHP Version:		OS:

New Comment:

[2004-04-06 05:33 UTC] s dot dehaan at lobbes dot biz

Description:
------------
Overloading a class called 'Configuration' tends to segfault on 4.3.5, 4.3.6RC1 & 4.3.6RC3 (snaps.php.net). 

Reproduce code:
---------------
class Configuration {
	
	var $elem = Array();
	
	function elements() {
		return $this->elem;
	}
	
	function __get($prop_name, &$prop_value) {
		if(isset($this->elem[$prop_name])) {
			$prop_value = $this->elem[$prop_name];
			return true;
		} else {
			return false;
		}
	}
	
	function __set($prop_name, $prop_value) {
		$this->elem[$prop_name] = $prop_value;
		return true;
	}
}
 
overload('Configuration');

$_CONFIG->db_type = 'mysql';
$_CONFIG->db_host = 'localhost';
$_CONFIG->db_user = 'user';
$_CONFIG->db_password = 'passwd';
$_CONFIG->db_name = 'database';

cause's segfault & abnormal termination of script.


Expected result:
----------------
No output, just storing the called fields in an array & being able to fetch those values in the same manner as i've stored them using overloading.

Actual result:
--------------
(gdb) bt
#0  0x401c09c7 in memcpy () from /lib/libc.so.6
#1  0x404886cf in _mem_block_check (ptr=0xbfffb21c, silent=0,
    __zend_filename=0x4054bac0 "/root/source/php4-STABLE-200404060830/Zend/zend_execute.h", __zend_lineno=44, __zend_orig_filename=0x0, __zend_orig_lineno=0)
    at /root/source/php4-STABLE-200404060830/Zend/zend_alloc.c:675
#2  0x40488691 in _mem_block_check (ptr=0xbfffb21c, silent=1,
    __zend_filename=0x4054bac0 "/root/source/php4-STABLE-200404060830/Zend/zend_execute.h", __zend_lineno=44, __zend_orig_filename=0x0, __zend_orig_lineno=0)
    at /root/source/php4-STABLE-200404060830/Zend/zend_alloc.c:667
#3  0x40487847 in _efree (ptr=0xbfffb21c,
    __zend_filename=0x4054bac0 "/root/source/php4-STABLE-200404060830/Zend/zend_execute.h", __zend_lineno=44, __zend_orig_filename=0x0, __zend_orig_lineno=0)
    at /root/source/php4-STABLE-200404060830/Zend/zend_alloc.c:243
#4  0x40492522 in safe_free_zval_ptr (p=0xbfffb21c) at zend_execute.h:44
#5  0x40490a96 in _zval_ptr_dtor (zval_ptr=0x828a4d0,
    __zend_filename=0x4054c400 "/root/source/php4-STABLE-200404060830/Zend/zend_variables.c", __zend_lineno=167)
    at /root/source/php4-STABLE-200404060830/Zend/zend_execute_API.c:292
#6  0x4049a811 in _zval_ptr_dtor_wrapper (zval_ptr=0x828a4d0)
    at /root/source/php4-STABLE-200404060830/Zend/zend_variables.c:167
#7  0x404a281d in zend_hash_destroy (ht=0x82313e4)
    at /root/source/php4-STABLE-200404060830/Zend/zend_hash.c:553
#8  0x40491b47 in call_user_function_ex (function_table=0xbfffab98,
    object_pp=0xbfffac30, function_name=0xbfffab60, retval_ptr_ptr=0xbfffab4c,
    param_count=2, params=0xbfffab50, no_separation=0, symbol_table=0x0)
    at /root/source/php4-STABLE-200404060830/Zend/zend_execute_API.c:569
#9  0x4038c92f in call_set_handler (object=0x8292214, prop_name=0x8292680,
    value=0xbfffb21c)
    at /root/source/php4-STABLE-200404060830/ext/overload/overload.c:307
#10 0x4038cfd6 in overload_set_property (property_reference=0xbfffb1d4,
    value=0xbfffb21c)
    at /root/source/php4-STABLE-200404060830/ext/overload/overload.c:468
#11 0x404acb11 in set_overloaded_property (T=0xbfffb1c8, value=0xbfffb21c)
    at /root/source/php4-STABLE-200404060830/Zend/zend_execute.c:977
#12 0x404b455b in zend_assign_to_variable (result=0x820f8f8, op1=0x820f908,
    op2=0x820f918, value=0xbfffb21c, type=2, Ts=0xbfffad4c)
    at /root/source/php4-STABLE-200404060830/Zend/zend_execute.c:338
#13 0x404aecd2 in execute (op_array=0x8332fcc)
    at /root/source/php4-STABLE-200404060830/Zend/zend_execute.c:1378
#14 0x404b2157 in execute (op_array=0x82928f4)
    at /root/source/php4-STABLE-200404060830/Zend/zend_execute.c:2200
#15 0x4049c3f0 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /root/source/php4-STABLE-200404060830/Zend/zend.c:889
#16 0x40460ec9 in php_execute_script (primary_file=0xbffff8d0)
    at /root/source/php4-STABLE-200404060830/main/main.c:1731
#17 0x404b6727 in php_handler (r=0x823c148)
    at /root/source/php4-STABLE-200404060830/sapi/apache2handler/sapi_apache2.c:561
#18 0x08082439 in ap_run_handler (r=0x823c148) at config.c:194
#19 0x08082983 in ap_invoke_handler (r=0x823c148) at config.c:401
#20 0x0806c633 in ap_internal_redirect (
    new_uri=0x823c0f8 "/thimbletoys_com/application/category/browse.php?c=17&p=&n=Cooking/Kochen", r=0x81c9e78) at http_request.c:498
#21 0x0807bd4b in handler_redirect (r=0x81c9e78) at mod_rewrite.c:1729
#22 0x08082439 in ap_run_handler (r=0x81c9e78) at config.c:194
#23 0x08082983 in ap_invoke_handler (r=0x81c9e78) at config.c:401
#24 0x0806c126 in ap_process_request (r=0x81c9e78) at http_request.c:288
#25 0x0806819a in ap_process_http_connection (c=0x81bb658) at http_core.c:293
#26 0x0808b518 in ap_run_process_connection (c=0x81bb658) at connection.c:85
#27 0x0808b7bc in ap_process_connection (c=0x81bb658, csd=0x81bb580)
    at connection.c:211
#28 0x08081110 in child_main (child_num_arg=0) at prefork.c:694
#29 0x080811cc in make_child (s=0x80c0770, slot=0) at prefork.c:734
#30 0x080812c1 in startup_children (number_to_start=5) at prefork.c:806
#31 0x080815bc in ap_mpm_run (_pconf=0x80bde98, plog=0x80f5f78, s=0x80c0770)
    at prefork.c:1022
#32 0x08086c4e in main (argc=2, argv=0xbffffda4) at main.c:660

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-04-06 05:39 UTC] s dot dehaan at lobbes dot biz

The warning PHP prints is the following: 

Warning: String is not zero-terminated (ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ?̏*) (source: /root/source/php4-STABLE-200404060830/Zend/zend_execute.c:341)

[2004-04-06 06:25 UTC] alan_k@php.net

Do you have the zend optimizer running?? = there are known problems with this.

[2004-04-06 07:17 UTC] s dot dehaan at lobbes dot biz

No, it's just the default PHP installation from http://snaps.php.net, php_info() says it's 4.3.6RC3-dev but i've seen this bug since i upgraded to 4.3.5 from 4.3.4.

Here's my installation config:

'./configure' '--with-apxs2=/usr/local/apache2/bin/apxs' '--disable-cgi' '--enable-safe-mode' '--with-openssl' '--with-pear' '--with-zlib' '--enable-bcmath' '--enable-calendar' '--with-curl=/usr/local/curl' '--enable-dba' '--enable-dbase' '--with-dom=/usr/local' '--with-dom-xslt=/usr/local' '--with-dom-exslt=/usr/local' '--enable-ftp' '--with-gd' '--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--with-ttf=/usr' '--enable-gd-native-ttf' '--with-mcrypt' '--with-mhash' '--with-mysql' '--enable-wddx' '--enable-xslt' '--with-xslt-sablot=/usr/local' '--enable-exif' '--with-freetype-dir=/usr/local' '--with-xmlrpc' '--with-gettext' '--with-imap=../imap-2002e' '--enable-shmop' '--enable-debug'

[2004-04-07 05:09 UTC] sniper@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

And make SURE you don't have ANY extensions (php or zend) loaded in you php.ini (try running the script with CLI binary, e.g. # php -n test.php )

[2004-04-07 05:48 UTC] s dot dehaan at lobbes dot biz

I am unable to recreate the bug so I think it's fixed! Thanks!
I ran the test using CLI php -n & no extensions loaded in php.ini 

Thanks again.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri May 09 21:01:27 2025 UTC