php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #28589 Segfault in Reflection API
Submitted: 2004-05-31 09:43 UTC Modified: 2004-05-31 23:38 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: sb at sebastian-bergmann dot de Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 5CVS-2004-05-31 (dev) OS: Linux 2.4.23
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: sb at sebastian-bergmann dot de
New email:
PHP Version: OS:

 

 [2004-05-31 09:43 UTC] sb at sebastian-bergmann dot de 
Description:
------------
The code below causes PHP to segfault on Windows but not on Linux.

Reproduce code:
---------------
<?php
class UML_Class extends ReflectionClass {
}

print ReflectionClass::export('UML_Class');
?>


Expected result:
----------------
I expect the code not to cause a PHP segfault.

Actual result:
--------------
php5ts_debug.dll!_class_string(_string * str=0x0012e984, _zend_class_entry * ce=0x00bb2f20, _zval_struct * obj=0x00000000, char * indent=0x10631249, void * * * tsrm_ls=0x00a82800)  Zeile 271 + 0x9	C
php5ts_debug.dll!zif_reflection_class___toString(int ht=0, _zval_struct * return_value=0x00bb1ed8, _zval_struct * this_ptr=0x0012f308, int return_value_used=1, void * * * tsrm_ls=0x00a82800)  Zeile 2020 + 0x1d	C
php5ts_debug.dll!zend_call_function(_zend_fcall_info * fci=0x0012ed28, _zend_fcall_info_cache * fci_cache=0x00000000, void * * * tsrm_ls=0x00a82800)  Zeile 853 + 0x4b	C
php5ts_debug.dll!call_user_function_ex(_hashtable * function_table=0x00000000, _zval_struct * * object_pp=0x0012ee94, _zval_struct * function_name=0x00bb1cf8, _zval_struct * * retval_ptr_ptr=0x0012ee7c, unsigned int param_count=0, _zval_struct * * * params=0x00000000, int no_separation=0, _hashtable * symbol_table=0x00000000, void * * * tsrm_ls=0x00a82800)  Zeile 550 + 0xf	C
php5ts_debug.dll!zif_reflection_export(int ht=2, _zval_struct * return_value=0x00bb1d48, _zval_struct * this_ptr=0x00000000, int return_value_used=1, void * * * tsrm_ls=0x00a82800)  Zeile 1037 + 0x1f	C
php5ts_debug.dll!zend_call_function(_zend_fcall_info * fci=0x0012f260, _zend_fcall_info_cache * fci_cache=0x00000000, void * * * tsrm_ls=0x00a82800)  Zeile 853 + 0x4b	C
php5ts_debug.dll!_reflection_export(int ht=1, _zval_struct * return_value=0x00bb1c50, _zval_struct * this_ptr=0x00000000, int return_value_used=1, void * * * tsrm_ls=0x00a82800, _zend_class_entry * ce_ptr=0x00bed198, int ctor_argc=1)  Zeile 995 + 0x12	C
php5ts_debug.dll!zif_reflection_class_export(int ht=1, _zval_struct * return_value=0x00bb1c50, _zval_struct * this_ptr=0x00000000, int return_value_used=1, void * * * tsrm_ls=0x00a82800)  Zeile 1887 + 0x21	C
php5ts_debug.dll!zend_do_fcall_common_helper(_zend_execute_data * execute_data=0x0012f744, _zend_op * opline=0x00bb18c0, _zend_op_array * op_array=0x00bb1490, void * * * tsrm_ls=0x00a82800)  Zeile 2699 + 0x32	C
php5ts_debug.dll!zend_do_fcall_by_name_handler(_zend_execute_data * execute_data=0x0012f744, _zend_op * opline=0x00bb18c0, _zend_op_array * op_array=0x00bb1490, void * * * tsrm_ls=0x00a82800)  Zeile 2810 + 0x15	C
php5ts_debug.dll!execute(_zend_op_array * op_array=0x00bb1490, void * * * tsrm_ls=0x00a82800)  Zeile 1391 + 0x17	C
php5ts_debug.dll!zend_execute_scripts(int type=8, void * * * tsrm_ls=0x00a82800, _zval_struct * * retval=0x00000000, int file_count=3, ...)  Zeile 1061 + 0x21	C
php5ts_debug.dll!php_execute_script(_zend_file_handle * primary_file=0x0012ff2c, void * * * tsrm_ls=0x00a82800)  Zeile 1627 + 0x1b	C
php.exe!main(int argc=2, char * * argv=0x00a84fc0)  Zeile 943 + 0x13	C
php.exe!mainCRTStartup()  Zeile 398 + 0x11	C
kernel32.dll!77e614c7() 	
ntdll.dll!77f844a8()

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-05-31 09:53 UTC] sebastian@php.net 
The following simpler code causes a segfault, too:

<?php
class Test {}

print ReflectionClass::export('Test');
?>
 [2004-05-31 10:10 UTC] tony2001@php.net 
Tested second example under Linux.

Program received signal SIGSEGV, Segmentation fault.
0x403f1d8c in _class_string (str=0xbfffbd80, ce=0x80e8e10, obj=0x0, indent=0x4044889c "")
    at /home/tony/CVS/php-src_debug/Zend/zend_reflection_api.c:271
271                     string_printf(str, ":%s", ce->module->name);
(gdb) bt
#0  0x403f1d8c in _class_string (str=0xbfffbd80, ce=0x80e8e10, obj=0x0, indent=0x4044889c "")
    at /home/tony/CVS/php-src_debug/Zend/zend_reflection_api.c:271
#1  0x403f7d43 in zif_reflection_class___toString (ht=0, return_value=0x80e5968, this_ptr=0xbfffc110, return_value_used=1)
    at /home/tony/CVS/php-src_debug/Zend/zend_reflection_api.c:2020
#2  0x403ca2bf in zend_call_function (fci=0xbfffbec0, fci_cache=0x0) at /home/tony/CVS/php-src_debug/Zend/zend_execute_API.c:853
#3  0x403c904c in call_user_function_ex (function_table=0x0, object_pp=0xbfffbf3c, function_name=0x80e41d4,
    retval_ptr_ptr=0xbfffbf34, param_count=0, params=0x0, no_separation=0, symbol_table=0x0)
    at /home/tony/CVS/php-src_debug/Zend/zend_execute_API.c:550
#4  0x403f4560 in zif_reflection_export (ht=2, return_value=0x80e6ff0, this_ptr=0x0, return_value_used=1)
    at /home/tony/CVS/php-src_debug/Zend/zend_reflection_api.c:1037
#5  0x403ca2bf in zend_call_function (fci=0xbfffc0a0, fci_cache=0x0) at /home/tony/CVS/php-src_debug/Zend/zend_execute_API.c:853
#6  0x403f42aa in _reflection_export (ht=1, return_value=0x80e1dd4, this_ptr=0x0, return_value_used=1, ce_ptr=0x811d9a0,
    ctor_argc=1) at /home/tony/CVS/php-src_debug/Zend/zend_reflection_api.c:995
#7  0x403f74a1 in zif_reflection_class_export (ht=1, return_value=0x80e1dd4, this_ptr=0x0, return_value_used=1)
    at /home/tony/CVS/php-src_debug/Zend/zend_reflection_api.c:1887
#8  0x40402508 in zend_do_fcall_common_helper (execute_data=0xbfffcf80, opline=0x80f07e4, op_array=0x80e654c)
    at /home/tony/CVS/php-src_debug/Zend/zend_execute.c:2699
#9  0x40402be4 in zend_do_fcall_by_name_handler (execute_data=0xbfffcf80, opline=0x80f07e4, op_array=0x80e654c)
    at /home/tony/CVS/php-src_debug/Zend/zend_execute.c:2810
#10 0x403fe5d2 in execute (op_array=0x80e654c) at /home/tony/CVS/php-src_debug/Zend/zend_execute.c:1391
#11 0x403d70d6 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/tony/CVS/php-src_debug/Zend/zend.c:1058
#12 0x4038a07a in php_execute_script (primary_file=0xbffff310) at /home/tony/CVS/php-src_debug/main/main.c:1632
#13 0x4040b39e in apache_php_module_main (r=0x81abd14, display_source_mode=0)
    at /home/tony/CVS/php-src_debug/sapi/apache/sapi_apache.c:54
#14 0x4040c419 in send_php (r=0x81abd14, display_source_mode=0, filename=0x81ac27c "/www/index.php")
    at /home/tony/CVS/php-src_debug/sapi/apache/mod_php5.c:621
#15 0x4040c4aa in send_parsed_php (r=0x81abd14) at /home/tony/CVS/php-src_debug/sapi/apache/mod_php5.c:636
#16 0x08074542 in ap_invoke_handler ()
#17 0x0808a56a in process_request_internal ()
#18 0x0808a9d4 in ap_internal_redirect ()
#19 0x0806024a in handle_dir ()
#20 0x08074542 in ap_invoke_handler ()
#21 0x0808a56a in process_request_internal ()
#22 0x0808a5c7 in ap_process_request ()
#23 0x08080f80 in child_main ()
#24 0x08081132 in make_child ()
#25 0x080812b1 in startup_children ()
#26 0x0808199b in standalone_main ()
#27 0x08082235 in main ()
#28 0x4010faf7 in __libc_start_main () from /lib/i686/libc.so.6
 [2004-05-31 23:38 UTC] helly@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Jul 03 08:01:34 2025 UTC