PHP :: Bug #31086 :: Type hinting in constructor crashes php

Bug #31086

Type hinting in constructor crashes php

Submitted:

2004-12-14 12:49 UTC

Modified:

2005-06-06 08:48 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

junkmail at konvergencia dot hu

Assigned:

Status:

Closed

Package:

Scripting Engine problem

PHP Version:

5CVS-2005-02-14

OS:

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	junkmail at konvergencia dot hu
New email:
PHP Version:		OS:

New Comment:

[2004-12-14 12:49 UTC] junkmail at konvergencia dot hu

Description:
------------
If class B's constructor is defined as __construct(A $anObject), calling new B(new A) without taking the return value causes a crash (SIGBUS).
Not using type hinting or assigning the result to a variable seems to work around the problem.
E.g. $tmp = new B(new A()) does not produce the crash.




Reproduce code:
---------------
<?php
Class A {
        function __construct(){}
}

Class B {
        function __construct(A $a){}
}
new B(new A());
echo 'OK';
?>


Expected result:
----------------
A simple OK would be nice ;)


Actual result:
--------------
Program terminated with signal 10, Bus error.
(gdb) bt
#0  zend_std_object_get_class (object=0x84591cc) at /usr/local/src/php-5.0.2/Zend/zend_object_handlers.c:905
#1  0x81b66dd in zend_get_class_entry (zobject=0x84591cc) at /usr/local/src/php-5.0.2/Zend/zend_API.c:205
#2  0x81e9d5b in zend_recv_handler (execute_data=0xbfbfe094, opline=0x8443e58, op_array=0x83a6c0c)
    at /usr/local/src/php-5.0.2/Zend/zend_execute.c:345
#3  0x81d0805 in execute (op_array=0x83a6c0c) at /usr/local/src/php-5.0.2/Zend/zend_execute.c:1400
#4  0x81e8193 in zend_do_fcall_common_helper (execute_data=0xbfbfe254, opline=0x845a39c, op_array=0x83a660c)
    at /usr/local/src/php-5.0.2/Zend/zend_execute.c:2740
#5  0x81e84ed in zend_do_fcall_by_name_handler (execute_data=0xbfbfe254, opline=0x845a39c, op_array=0x83a660c)
    at /usr/local/src/php-5.0.2/Zend/zend_execute.c:2825
#6  0x81d0805 in execute (op_array=0x83a660c) at /usr/local/src/php-5.0.2/Zend/zend_execute.c:1400
#7  0x81b6195 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/src/php-5.0.2/Zend/zend.c:1060
#8  0x8187dbb in php_execute_script (primary_file=0xbfbff8d0) at /usr/local/src/php-5.0.2/main/main.c:1629
#9  0x81f1120 in main (argc=2, argv=0xbfbff948) at /usr/local/src/php-5.0.2/sapi/cgi/cgi_main.c:1568
(gdb) print zobj
$1 = (zend_object *) 0xffffffff

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-01-11 23:40 UTC] tony2001@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.0-win32-latest.zip

I can't reproduce it with latest 5.0.x-CVS version.

[2005-01-21 16:23 UTC] junkmail at konvergencia dot hu

I can reproduce the error with the latest -STABLE snapshot (php5-STABLE-200501211330).

php -v output:

PHP 5.0.4-dev (cgi) (built: Jan 21 2005 15:44:03)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v2.0.4-dev, Copyright (c) 1998-2004 Zend Technologies

The backtrace is the same.

I've tried to compile with different optimization levels (from none to -O2, with and without -fno-strict-aliasing) and with gcc 2.95 (the default compiler on FreeBSD 4.x, and gcc 3.3) The result is always the same :/

[2005-01-23 20:32 UTC] moriyoshi@php.net

Confirmed both on Linux and OSX.

It seems presence of a type hint doesn't matter.

----
<?php
class A {
}
class B {
  function __construct(A $a) {
    var_dump($a);
  }
}

new B(new A());
?>
----

#0  zend_std_object_get_class (object=0xffffffff)
    at /home/moriyoshi/src/php-src-5/Zend/zend_object_handlers.c:825
#1  0x0823a597 in zend_get_class_entry (zobject=0x8557dd4)
    at /home/moriyoshi/src/php-src-5/Zend/zend_API.c:227
#2  0x082bbde0 in zend_verify_arg_type (zf=0xffffffff, arg_num=1,
    arg=0x8556e94) at /home/moriyoshi/src/php-src-5/Zend/zend_execute.c:614
#3  0x0825c75a in ZEND_RECV_SPEC_HANDLER (execute_data=0xbfffd190)
    at zend_vm_execute.h:343
#4  0x0825bbe8 in execute (op_array=0x8568984) at zend_vm_execute.h:78
#5  0x0825c179 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffd320)
    at zend_vm_execute.h:204
#6  0x0825bbe8 in execute (op_array=0x8561c04) at zend_vm_execute.h:78
#7  0x08239e1f in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/moriyoshi/src/php-src-5/Zend/zend.c:1058
#8  0x081fd08f in php_execute_script (primary_file=0xbffff720)
    at /home/moriyoshi/src/php-src-5/main/main.c:1636
#9  0x082be3ae in main (argc=2, argv=0xbffff7e4)

[2005-01-23 20:36 UTC] moriyoshi@php.net

On the other hand this script fully works.

<?php
class A {
}
class B {
  function __construct(A $a) {
    var_dump($a);
  }
}

$a = new A();
new B($a);
?>

Therefore I think some wrong assumption is made for the temporary variable received in the handler specific to constructors.

[2005-01-23 21:09 UTC] helly@php.net

Funny, while the first works:
php -r 'class A{} class B { function __construct(A $x){}} $b=new B(new A);'

the second does not:
php -r 'class A{} class B { function __construct(A $x){}} new B(new A);'
Fatal error: Argument 1 must be an object of class A in Command line code on line 1

[2005-06-06 08:48 UTC] dmitry@php.net

This is the same as #30080, that is already fixed in CVS HEAD and PHP_5_0.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Sep 19 14:01:28 2024 UTC