PHP :: Bug #31590 :: Circular Object Reference Segfaults Apache

Bug #31590	Circular Object Reference Segfaults Apache
Submitted:	2005-01-18 03:53 UTC	Modified:	2005-01-22 15:00 UTC
From:	mercury at penguincoder dot org	Assigned:
Status:	Not a bug	Package:	Reproducible crash
PHP Version:	5.0.3	OS:	Gentoo (Linux 2.6.9)
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	mercury at penguincoder dot org
New email:
PHP Version:		OS:

New Comment:

[2005-01-18 03:53 UTC] mercury at penguincoder dot org

Description:
------------
When trying to initialize one object, I had copy and pasted code for the factory methods into another object and didn't change the code. When one object holds a reference to another object, and when the referenced object returns a copy of the original object when instantiated, apache 2.0.52 segfaults.

Reproduce code:
---------------
http://www.penguincoder.org/phpnuke.phps

Expected result:
----------------
I had expected a reference to one of my objects which would contain a reference to a driver for the backend, but instead apache segfaulted. Nothing was printed to the screen, however the system error_log detailed that apache had segfaulted.

Actual result:
--------------
(gdb) run -X -D PHP5 -D SSL
Starting program: /usr/sbin/apache2 -X -D PHP5 -D SSL
[New Thread 16384 (LWP 21590)]
Detaching after fork from child process 21596.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 21590)]
0x40819917 in ?? ()
(gdb) bt
#0  0x40819917 in ?? ()
#1  0x00000000 in ?? ()
#2  0x00000000 in ?? ()
#3  0x00000000 in ?? ()
#4  0x00000000 in ?? ()
#5  0x00000000 in ?? ()
#6  0x00000000 in ?? ()
#7  0x00000000 in ?? ()
#8  0x00000000 in ?? ()
#9  0xbfe01030 in ?? ()
#10 0x00000000 in ?? ()
#11 0x00000000 in ?? ()
#12 0x40819b86 in ?? ()
#13 0x08307c78 in ?? ()
#14 0xbfe01030 in ?? ()
#15 0xbfe0102c in ?? ()
#16 0x00000000 in ?? ()
#17 0x00000000 in ?? ()
#18 0x00000000 in ?? ()
#19 0x00000000 in ?? ()
#20 0x00000000 in ?? ()
#21 0x00000000 in ?? ()
#22 0x00000000 in ?? ()
#23 0x00000000 in ?? ()
#24 0x00000000 in ?? ()
#25 0x40a7c008 in ?? ()
#26 0x08307c78 in ?? ()
#27 0xbfe01160 in ?? ()
#28 0x40819b42 in ?? ()
#29 0x407dee20 in ?? ()
#30 0x08307c78 in ?? ()
#31 0x00000000 in ?? ()
#32 0x00000000 in ?? ()
#33 0x00000000 in ?? ()
#34 0x00000000 in ?? ()
#35 0x40a7c008 in ?? ()
#36 0x40819496 in ?? ()
#37 0x08307c78 in ?? ()
#38 0x00000000 in ?? ()
#39 0x40a7c008 in ?? ()
#40 0x4083ef10 in ?? ()
#41 0x08307c78 in ?? ()
#42 0xbfe010ec in ?? ()
#43 0xbfe0109c in ?? ()
#44 0x00000000 in ?? ()
#45 0x403930fe in __pthread_alt_unlock () from /lib/libpthread.so.0
#46 0x40841274 in ?? ()
#47 0x08308fac in ?? ()
#48 0x00000000 in ?? ()
#49 0x00000000 in ?? ()
#50 0x40810020 in ?? ()
#51 0x00000000 in ?? ()
#52 0xbfe0124c in ?? ()
#53 0x40a7c008 in ?? ()
#54 0x40ae0e80 in ?? ()
#55 0x084a7904 in ?? ()
#56 0x082ee7b4 in ?? ()
#57 0x01000000 in ?? ()
#58 0x00000000 in ?? ()
#59 0x084a77b4 in ?? ()
#60 0x082edf9c in ?? ()
#61 0xbfe01400 in ?? ()
#62 0x40a7c008 in ?? ()
#63 0x40ae0e80 in ?? ()
#64 0x082edf9c in ?? ()
#65 0xbfe01338 in ?? ()
#66 0x40841564 in ?? ()
#67 0xbfe012e0 in ?? ()
#68 0x0830795c in ?? ()
#69 0x082ee484 in ?? ()
#70 0x40a7c008 in ?? ()
#71 0x40a7c008 in ?? ()
#72 0x40ae0e80 in ?? ()
#73 0x40a7c008 in ?? ()
#74 0x4083da5f in ?? ()
#75 0xbfe012e0 in ?? ()
#76 0x0830795c in ?? ()
#77 0x082ee484 in ?? ()
#78 0x00000000 in ?? ()
#79 0x00000000 in ?? ()
#80 0x00000000 in ?? ()
#81 0x00000000 in ?? ()
#82 0x00000000 in ?? ()
#83 0x00000000 in ?? ()
#84 0x00000000 in ?? ()
#85 0x00000000 in ?? ()
#86 0x00000000 in ?? ()
#87 0x00000000 in ?? ()
#88 0x082ee7b4 in ?? ()
#89 0x00000000 in ?? ()
#90 0x00000000 in ?? ()
#91 0x403930fe in __pthread_alt_unlock () from /lib/libpthread.so.0
---Type <return> to continue, or q <return> to quit---
#92 0x084a7a54 in ?? ()
#93 0x08308fac in ?? ()
#94 0x404eeff4 in ?? () from /lib/libc.so.6
#95 0x40a7c008 in ?? ()
#96 0x00000020 in ?? ()
#97 0x084a793c in ?? ()
#98 0x08308fac in ?? ()
#99 0x08308fac in ?? ()
#100 0x082ee484 in ?? ()
#101 0x084a796c in ?? ()
#102 0xbfe0124c in ?? ()
#103 0x40a7c001 in ?? ()
#104 0x082ee7b4 in ?? ()
#105 0xbfe01440 in ?? ()
#106 0x408209d2 in ?? ()
#107 0x00000008 in ?? ()
#108 0x00000004 in ?? ()
#109 0x0830916c in ?? ()
#110 0x40a7c008 in ?? ()
#111 0x08307d40 in ?? ()
#112 0x082edf9c in ?? ()
#113 0xbfe01440 in ?? ()
#114 0x40841274 in ?? ()
#115 0x082ee484 in ?? ()
#116 0x00000000 in ?? ()
#117 0x00000000 in ?? ()
#118 0x40810020 in ?? ()
#119 0x00000000 in ?? ()
#120 0x00000000 in ?? ()
#121 0x082ee484 in ?? ()
#122 0x40ae0e80 in ?? ()
#123 0x084a789c in ?? ()
#124 0x08307cf4 in ?? ()
#125 0x01e01440 in ?? ()
#126 0x00000001 in ?? ()
#127 0x084a77b4 in ?? ()
#128 0x082ee7b4 in ?? ()
#129 0xbfe01578 in ?? ()
#130 0x40a7c008 in ?? ()
#131 0x40ae0e80 in ?? ()
#132 0x082ee7b4 in ?? ()
#133 0xbfe01498 in ?? ()
#134 0x40841564 in ?? ()
#135 0xbfe01440 in ?? ()
#136 0x08307d40 in ?? ()
#137 0x08308fac in ?? ()
#138 0x40a7c008 in ?? ()
#139 0x40ae0e80 in ?? ()
#140 0x082ee7b4 in ?? ()
#141 0x40a7c008 in ?? ()
#142 0x4083da5f in ?? ()
#143 0xbfe01440 in ?? ()
#144 0x08307d40 in ?? ()
#145 0x08308fac in ?? ()
#146 0x40440450 in malloc () from /lib/libc.so.6
Previous frame inner to this frame (corrupt stack?)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-01-22 15:00 UTC] sniper@php.net

You can also crash PHP with simpler script:

function foo() { foo(); }; foo();

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Wed Sep 11 06:01:28 2024 UTC