PHP :: Bug #38019 :: segfault extending mysqli class.

Bug #38019	segfault extending mysqli class.
Submitted:	2006-07-05 23:11 UTC	Modified:	2006-07-10 10:06 UTC
From:	judas dot iscariote at gmail dot com	Assigned:	dmitry (profile)
Status:	Closed	Package:	Reproducible crash
PHP Version:	5CVS-2006-07-05 (CVS)	OS:	Linux 64 bit
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	judas dot iscariote at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2006-07-05 23:11 UTC] judas dot iscariote at gmail dot com

Description:
------------
the following code segfaults in current PHP 5_2 and PHP 6 CVS in **debug** mode.(just checked from the CVS, no need to try snapshots)

./configure --enable-debug --with-libdir=lib64 --with-mysqli=/usr/bin/mysql_config --with-zlib=/usr --disable-cgi

not sure if this is related with bug #38003..

  	

Reproduce code:
---------------
<?php

class DB extends mysqli {

     private function __construct() {

         echo "bug";

     }

}

$DB = new DB();
?>



Expected result:
----------------
Fatal error: Call to private DB::__construct() from invalid context in /srv/www/htdocs/singleton.php

Actual result:
--------------
Fatal error: Call to private DB::__construct() from invalid context in /srv/www/htdocs/singleton.php on line 13

Program received signal SIGSEGV, Segmentation fault.
0x00000000005dd76a in instanceof_function_ex (instance_ce=0xa289b0, ce=0x9ed4f0, interfaces_only=0 '\0')
    at /local/local/bodegon/php-debug/Zend/zend_operators.c:1600
1600                    if (instanceof_function(instance_ce->interfaces[i], ce TSRMLS_CC)) {
(gdb) bt
#0  0x00000000005dd76a in instanceof_function_ex (instance_ce=0xa289b0, ce=0x9ed4f0, interfaces_only=0 '\0')
    at /local/local/bodegon/php-debug/Zend/zend_operators.c:1600
#1  0x00000000005dd7ab in instanceof_function (instance_ce=<value optimized out>, ce=<value optimized out>)
    at /local/local/bodegon/php-debug/Zend/zend_operators.c:1618
#2  0x000000000049e5d9 in mysqli_objects_free_storage (object=<value optimized out>)
    at /local/local/bodegon/php-debug/ext/mysqli/mysqli.c:143
#3  0x000000000060329e in zend_objects_store_free_object_storage (objects=0x8be600)
    at /local/local/bodegon/php-debug/Zend/zend_objects_API.c:86
#4  0x00000000005d8e8c in shutdown_executor () at /local/local/bodegon/php-debug/Zend/zend_execute_API.c:281
#5  0x00000000005e5ab3 in zend_deactivate () at /local/local/bodegon/php-debug/Zend/zend.c:854
#6  0x00000000005a417b in php_request_shutdown (dummy=<value optimized out>)
    at /local/local/bodegon/php-debug/main/main.c:1300
#7  0x00000000006821ea in main (argc=2, argv=0x7fffffd96a48) at /local/local/bodegon/php-debug/sapi/cli/php_cli.c:1250

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-07-06 07:36 UTC] tony2001@php.net

Dmitry, we've already discussed it - the problem is that shutdown_executor() destroys classes first and then runs objects destructors (in this case - it's mysqli_objects_free_storage()) which can access already destroyed class entries.

Here is what valgrind says about it: http://gcov.php.net/PHP_5_2/tests/ext/mysqli/tests/bug33491.mem
Though, no crash here, even with Zend MM disabled.

This patch: http://tony2001.phpclub.net/dev/tmp/bug38019.diff
fixes the problem for me and I don't see any new ones.

[2006-07-10 10:06 UTC] dmitry@php.net

Fixed in CVS HEAD and PHP_5_2.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 13:01:29 2024 UTC