php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #48248 SIGSEGV when access to private property via &__get
Submitted: 2009-05-12 17:09 UTC Modified: 2009-05-12 23:39 UTC
From: ladislav at marek dot su Assigned: felipe (profile)
Status: Closed Package: Reproducible crash
PHP Version: 5.2CVS-2009-05-12 OS: * 64bit
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: ladislav at marek dot su
New email:
PHP Version: OS:

 

 [2009-05-12 17:09 UTC] ladislav at marek dot su 
Description:
------------
Attempt to access private property of extended class when the parent class has method '__get' which returns reference, causing segmentation fault.

Compiled only with --enable-debug.

Reproduce code:
---------------
class A
{
    public function & __get($name)
    {
        return $this->test;
    }
}

class B extends A
{
    private $test;
}


$b = new B;
var_dump($b->test);

Expected result:
----------------
NULL

Actual result:
--------------
#0  0x00000000007b4859 in zend_std_get_property_ptr_ptr (object=0x29d83c8, member=0x29dbca8) at /root/php/php5.3-200905121430/Zend/zend_object_handlers.c:588
#1  0x00000000007b9b2e in zend_fetch_property_address (result=0x7f0590a24350, container_ptr=0xdd73c0, prop_ptr=0x29dbca8, type=1)
    at /root/php/php5.3-200905121430/Zend/zend_execute.c:1156
#2  0x000000000082e580 in ZEND_FETCH_OBJ_W_SPEC_UNUSED_CONST_HANDLER (execute_data=0x7f0590a242a8)
    at /root/php/php5.3-200905121430/Zend/zend_vm_execute.h:17494
#3  0x00000000007ba081 in execute (op_array=0x29ddae0) at /root/php/php5.3-200905121430/Zend/zend_vm_execute.h:104
#4  0x000000000077bcd3 in zend_call_function (fci=0x7fff98bb4d10, fci_cache=0x7fff98bb4ca0) at /root/php/php5.3-200905121430/Zend/zend_execute_API.c:936
#5  0x00000000007a684b in zend_call_method (object_pp=0x7fff98bb4db8, obj_ce=0x29dbe18, fn_proxy=0x29dbfd8, function_name=0xb4dd62 "__get",
    function_name_len=5, retval_ptr_ptr=0x7fff98bb4dc8, param_count=1, arg1=0x29dca60, arg2=0x0) at /root/php/php5.3-200905121430/Zend/zend_interfaces.c:97
#6  0x00000000007b29e9 in zend_std_call_getter (object=0x29d83c8, member=0x29dca60) at /root/php/php5.3-200905121430/Zend/zend_object_handlers.c:81
#7  0x00000000007b383a in zend_std_read_property (object=0x29d83c8, member=0x29d98c0, type=0)
    at /root/php/php5.3-200905121430/Zend/zend_object_handlers.c:350
#8  0x000000000084944b in zend_fetch_property_address_read_helper_SPEC_CV_CONST (type=0, execute_data=0x7f0590a24090)
    at /root/php/php5.3-200905121430/Zend/zend_vm_execute.h:23769
#9  0x0000000000849574 in ZEND_FETCH_OBJ_R_SPEC_CV_CONST_HANDLER (execute_data=0x7f0590a24090) at /root/php/php5.3-200905121430/Zend/zend_vm_execute.h:23794
#10 0x00000000007ba081 in execute (op_array=0x29d8f90) at /root/php/php5.3-200905121430/Zend/zend_vm_execute.h:104
#11 0x000000000078b381 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/php/php5.3-200905121430/Zend/zend.c:1188
#12 0x0000000000719fad in php_execute_script (primary_file=0x7fff98bb7620) at /root/php/php5.3-200905121430/main/main.c:2182
#13 0x000000000086fd03 in main (argc=2, argv=0x7fff98bb7868) at /root/php/php5.3-200905121430/sapi/cli/php_cli.c:1188

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-05-12 23:21 UTC] felipe@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Fixed in 5.2, 5.3 and HEAD.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 11:01:29 2024 UTC