php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #41633 Crash instantiating classes with self-referencing constants
Submitted: 2007-06-08 13:35 UTC Modified: 2007-06-13 16:49 UTC
From: m dot stach at ewerk dot com Assigned: dmitry (profile)
Status: Closed Package: Reproducible crash
PHP Version: 5.2.3 OS: Windows/MacOSX
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: m dot stach at ewerk dot com
New email:
PHP Version: OS:

 

 [2007-06-08 13:35 UTC] m dot stach at ewerk dot com 
Description:
------------
When instantiating classes with self-referencing constants PHP crashes.

It is reproducable on Windows (5.2.3), Mac (5.2.2) and Linux (5.2.0).

Reproduce code:
---------------
class b {
  const FOO = self::FOO;
}

new b();

echo "1";

Expected result:
----------------
1

Actual result:
--------------
No output, segmentation fault instead. Since I don't have MSVC available for backtrace, I tried on a mac and linux box, same result (but Versions were 5.2.2 and 5.2.0).

Looks like an endless recursion.


Crash-Report:

Date/Time:      2007-06-08 14:55:00.261 +0200
OS Version:     10.4.9 (Build 8P135)
Report Version: 4

Command: php
Path:    /usr/local/bin/php
Parent:  bash [7590]

Version: ??? (???)

PID:    7604
Thread: 0

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_INVALID_ADDRESS (0x0001) at 0xbf7ffff0

Thread 0 Crashed:
0   php 	0x004ae698 _zend_mm_alloc_int + 12
1   php 	0x004afd48 _emalloc + 100
2   php 	0x004b0410 _estrndup + 44
3   php 	0x004c158c zend_get_constant_ex + 256
4   php 	0x004c3470 zval_update_constant_ex + 340
5   php 	0x004c3ca8 zval_update_constant + 44
6   php 	0x004c171c zend_get_constant_ex + 656

lines 4-6 repeated

506 php 	0x004c3ca8 zval_update_constant + 44
507 php 	0x004c171c zend_get_constant_ex + 656
508 php 	0x004c3470 zval_update_constant_ex + 340

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-06-08 13:38 UTC] m dot stach at ewerk dot com 
Sorry, the expected result I specified was wrong.

Expected Result
---------------

I would expect error message (parse, compile or runtime/fatal error).
 [2007-06-08 22:00 UTC] judas dot iscariote at gmail dot com 
This is the expected behaviuor, as your code produced infinite recursion FOO = self::FOO -> FOO = self::FOO -> FOO = self::FOO and the interpreter ends crashing ( as expected)

However I suspect in this particular case, something can be done to avoid this, maybe zval_update_constant_ex() can check if we ar trying to assign a constant to the same constant and emit a nice fatal error, not sure..though.
 [2007-06-09 00:17 UTC] stas@php.net 
Just checking same constant wouldn't help since you could have:

const self::FOO = self::BAR;
const self::BAR = self::FOO;

but we can try and look into how to detect looping and either limit the depth or just break the loop one way or another.
 [2007-06-11 08:50 UTC] m dot stach at ewerk dot com 
Interestingly the following code gives an (however misleading) fatal error:

class b {
	const FOO = self::FOO;
}

$a = b::FOO;

Fatal error: Cannot access self:: when no class scope is active in ...


I wonder why constants are processed at runtime not parse/compile time. But that's not a bug but an architectural issue.

BTW: I would never expect the interpreter to crash.
 [2007-06-13 16:49 UTC] dmitry@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat Nov 01 23:00:01 2025 UTC