php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #30562 Segmentation fault with __call()
Submitted: 2004-10-26 12:28 UTC Modified: 2004-12-17 23:26 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:3 (100.0%)
Same OS:0 (0.0%)
From: guth at fiifo dot u-psud dot fr Assigned: andi (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 5.0.2 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: guth at fiifo dot u-psud dot fr
New email:
PHP Version: OS:

 

 [2004-10-26 12:28 UTC] guth at fiifo dot u-psud dot fr 
Description:
------------
hello,

Another segmentation fault in PHP when using method __call().
See the following code...

Reproduce code:
---------------
<?php
class XmlGenerator {

	private $stock;

	public function set($item) {
		$this->stock = $item;
	}

	public function get() {
		return $this->stock;
	}
	
}

class MyClass {
	
	public function __call($method, $args) {
		
		$iLovePHP = $method;

		/*
		// Uncomment this code and this will work properly
		$iLovePHP = "";
		for($i = 0, $count = strlen($method); $i < $count; $i++) {
			$iLovePHP .= $method{$i};
		}
		*/
	
		$xml = new XmlGenerator();
		$xml->set($iLovePHP);
		return $xml;
		
	}
	
}

$object = new MyClass;
$xml = $object->plip();

echo $xml->get();
?>

Expected result:
----------------
plip

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1075737248 (LWP 3866)]
0x403d7879 in _get_zval_ptr (node=0x16b9f040, Ts=0xffccb008, should_free=0xffcc8cbf)
    at /usr/src/php5/Zend/zend_execute.c:102
102                                     *should_free = 0;
(gdb) bt
#0  0x403d7879 in _get_zval_ptr (node=0x16b9f040, Ts=0xffccb008, should_free=0xffcc8cbf)
    at /usr/src/php5/Zend/zend_execute.c:102
#1  0x3d01acbf in ?? ()
#2  0x16b9f040 in ?? ()
#3  0xffccb008 in ?? ()
#4  0xffcc8cbf in ?? ()
#5  0x3d018cbf in ?? ()
#6  0x00000140 in ?? ()


I get an other segfault with a different code :

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1075737248 (LWP 3722)]
0x403d1862 in zend_init_string_handler (execute_data=0xbfffcbe0, opline=0x8171630, op_array=0x816f57c)
    at /usr/src/php/Zend/zend_execute.c:2377
2377            EX_T(opline->result.u.var).tmp_var.value.str.val = emalloc(1);
(gdb) bt
#0  0x403d1862 in zend_init_string_handler (execute_data=0xbfffcbe0, opline=0x8171630, op_array=0x816f57c)
    at /usr/src/php/Zend/zend_execute.c:2377
#1  0x403cebee in execute (op_array=0x816f57c) at /usr/src/php/Zend/zend_execute.c:1400
#2  0x403d2791 in zend_do_fcall_common_helper (execute_data=0xbfffce20, opline=0x816b98c, op_array=0x816706c)
    at /usr/src/php/Zend/zend_execute.c:2740
#3  0x403d2c63 in zend_do_fcall_by_name_handler (execute_data=0xbfffce20, opline=0x816b98c, op_array=0x816706c)
    at /usr/src/php/Zend/zend_execute.c:2825
#4  0x403cebee in execute (op_array=0x816706c) at /usr/src/php/Zend/zend_execute.c:1400
#5  0x403a9f5d in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /usr/src/php/Zend/zend.c:1060
#6  0x40362a94 in php_execute_script (primary_file=0xbffff190) at /usr/src/php/main/main.c:1628
#7  0x403dab14 in apache_php_module_main (r=0x815c29c, display_source_mode=0)
    at /usr/src/php/sapi/apache/sapi_apache.c:54
#8  0x403dba9f in send_php (r=0x815c29c, display_source_mode=0, filename=0x815cd84 "/www/test.php")
    at /usr/src/php/sapi/apache/mod_php5.c:622
#9  0x403dbb18 in send_parsed_php (r=0x815c29c) at /usr/src/php/sapi/apache/mod_php5.c:637
#10 0x08071e77 in ap_invoke_handler ()
#11 0x08086ebd in process_request_internal ()
#12 0x08086f1c in ap_process_request ()
#13 0x0807df40 in child_main ()
#14 0x0807e0e8 in make_child ()
#15 0x0807e24e in startup_children ()
#16 0x0807e90e in standalone_main ()
#17 0x0807f12c in main ()

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-10-26 12:36 UTC] guth at fiifo dot u-psud dot fr 
More informations :

<?php
class XmlGenerator {

	private $stock;

	public function set($item) {
		$this->stock['plip'] = $item;
		var_dump($this->stock);
	}

	public function get() {
		var_dump($this->stock);
	}
	
}

class MyClass {
	
	public function __call($method, $args) {
	
		$xml = new XmlGenerator();
		$xml->set($method);
		return $xml;
		
	}
	
}

$object = new MyClass;
$xml = $object->plip();

$xml->get();
?>


Expected result:

array(1) { ["plip"]=>  string(4) "plip" } array(1) { ["plip"]=>  string(4) "plip" }

Actual result:

array(1) { ["plip"]=>  string(4) "plip" } array(1) { ["plip"]=>  &UNKNOWN:0 }
 [2004-11-27 16:47 UTC] phpbugs at w-wins dot com 
--- Simpler test case ---
<?php
class callee{
	public $function_last;
	function __call($func,$args){
		$this->function_last=$func;
	}
}

$object=new callee;
$object->bad();
var_dump($object->function_last);
?>
--- Expected output ---
string(3) "bad"
--- Produced output ---
UNKNOWN:0
 [2004-12-17 23:26 UTC] andi@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Jul 09 23:01:33 2025 UTC