PHP :: Bug #38461 :: Segfault with _

Bug #38461	Segfault with __set()
Submitted:	2006-08-15 07:28 UTC	Modified:	2006-08-15 13:20 UTC
From:	derick@php.net	Assigned:	tony2001 (profile)
Status:	Closed	Package:	Scripting Engine problem
PHP Version:	5CVS-2006-08-15 (CVS)	OS:	*
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	derick@php.net
New email:
PHP Version:		OS:

New Comment:

[2006-08-15 07:28 UTC] derick@php.net

Description:
------------
The following script crashes.

Reproduce code:
---------------
<?php

class Operation
{
    function __set( $var, $value )
    {
        $this->$var = $value;
    }
}

class ExtOperation extends Operation
{
    private $x;
}

$op = new ExtOperation;
$op->x = 'test';

?>

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1216329504 (LWP 14743)]
0x083c0de3 in zend_std_write_property (object=0xb77ce778, member=0xb77d0cbc,
    value=0xb77d0928)
    at /dat/dev/php/php-5.2dev/Zend/zend_object_handlers.c:440
440                             zend_hash_quick_update(zobj->properties, property_info->name, property_info->name_length+1, property_info->h, &value, sizeof(zval *), (void **) &foo);
(gdb) bt
#0  0x083c0de3 in zend_std_write_property (object=0xb77ce778,
    member=0xb77d0cbc, value=0xb77d0928)
    at /dat/dev/php/php-5.2dev/Zend/zend_object_handlers.c:440
#1  0x083e1405 in zend_assign_to_object (result=0xb77d01d8,
    object_ptr=0x869e4ac, op2=0xb77d0200, value_op=0xb77d0238, Ts=0xbfc25e50,
    opcode=136) at /dat/dev/php/php-5.2dev/Zend/zend_execute.c:614
#2  0x084010b8 in ZEND_ASSIGN_OBJ_SPEC_UNUSED_CV_HANDLER (
    execute_data=0xbfc25e84)
    at /dat/dev/php/php-5.2dev/Zend/zend_vm_execute.h:18886
#3  0x083c5062 in execute (op_array=0xb77d1418)
    at /dat/dev/php/php-5.2dev/Zend/zend_vm_execute.h:92
#4  0xb759f9d9 in xdebug_execute (op_array=0xb77d1418)
    at /dat/dev/php/xdebug/xdebug.c:1388
#5  0x08395673 in zend_call_function (fci=0xbfc26124, fci_cache=0xbfc260f8)
    at /dat/dev/php/php-5.2dev/Zend/zend_execute_API.c:952
#6  0x083b9457 in zend_call_method (object_pp=0xbfc261b0, obj_ce=0xb77d03a8,
    fn_proxy=0xb77d04b8, function_name=0x8627492 "__set", function_name_len=5,
    retval_ptr_ptr=0xbfc26198, param_count=2, arg1=0xb77d0cbc, arg2=0xb77d0928)
    at /dat/dev/php/php-5.2dev/Zend/zend_interfaces.c:88
#7  0x083bfc82 in zend_std_call_setter (object=0xb77ce778, member=0xb77d0cbc,
    value=0xb77d0928) at /dat/dev/php/php-5.2dev/Zend/zend_object_handlers.c:98
#8  0x083c0d11 in zend_std_write_property (object=0xb77ce778,
    member=0xb77ced70, value=0xb77d0928)
---Type <return> to continue, or q <return> to quit---
    at /dat/dev/php/php-5.2dev/Zend/zend_object_handlers.c:426
#9  0x083e1405 in zend_assign_to_object (result=0xb77ced44,
    object_ptr=0xb77d06dc, op2=0xb77ced6c, value_op=0xb77ceda4, Ts=0xbfc26330,
    opcode=136) at /dat/dev/php/php-5.2dev/Zend/zend_execute.c:614
#10 0x08408a3e in ZEND_ASSIGN_OBJ_SPEC_CV_CONST_HANDLER (
    execute_data=0xbfc263e4)
    at /dat/dev/php/php-5.2dev/Zend/zend_vm_execute.h:21518
#11 0x083c5062 in execute (op_array=0xb77ce7ac)
    at /dat/dev/php/php-5.2dev/Zend/zend_vm_execute.h:92
#12 0xb759f9d9 in xdebug_execute (op_array=0xb77ce7ac)
    at /dat/dev/php/xdebug/xdebug.c:1388
#13 0x083a27ff in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /dat/dev/php/php-5.2dev/Zend/zend.c:1095
#14 0x083526fc in php_execute_script (primary_file=0xbfc2885c)
    at /dat/dev/php/php-5.2dev/main/main.c:1759
#15 0x0841b1ef in main (argc=1, argv=0xbfc28984)
    at /dat/dev/php/php-5.2dev/sapi/cli/php_cli.c:1097
(gdb) quit
The program is running.  Exit anyway? (y or n) y

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-08-15 13:20 UTC] tony2001@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Jan 30 04:01:33 2025 UTC