php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #55382 Crash on GLOBALS inside traits
Submitted: 2011-08-08 15:17 UTC Modified: 2011-08-15 13:15 UTC
From: ava3ar at gmail dot com Assigned: gron (profile)
Status: Closed Package: Unknown/Other Function
PHP Version: 5.4SVN-2011-08-08 (SVN) OS: Gentoo
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: ava3ar at gmail dot com
New email:
PHP Version: OS:

 

 [2011-08-08 15:17 UTC] ava3ar at gmail dot com 
Description:
------------
if you use GLOBAL variables inside traits, e.g. $_COOKIE, it segfaults

Test script:
---------------
<?php
trait test {
 function tester($cCookie = false) { 
  if ($cCookie) {
   if (isset($_COOKIE[$cCookie])) {
    return $_COOKIE[$cCookie];
   }
  }
  return false;
 }
}

<?php
class asda {
 use test;
 function beep() {
  $this->tester("test");
 }
}

$a = new asda();
echo $a->beep();

Expected result:
----------------
false, or contents

Actual result:
--------------
Segfault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-08-08 15:18 UTC] ava3ar at gmail dot com 
If you change the test trait to

<?php
trait test {
 function tester($cCookie) { 
  if ($cCookie) {
   if (isset($_COOKIE[$cCookie])) {
    return $_COOKIE[$cCookie];
   }
  }
  return false;
 }
}

//
you get a zend_mm_corrupt
 [2011-08-08 22:18 UTC] felipe@php.net
-Status: Open +Status: Feedback
 [2011-08-08 22:18 UTC] felipe@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.
 [2011-08-09 08:33 UTC] ava3ar at gmail dot com
-Status: Feedback +Status: Open
 [2011-08-09 08:33 UTC] ava3ar at gmail dot com 
bt
#0  0x00007f6435389737 in kill () from /lib64/libc.so.6
#1  0x000000000099d97e in zend_mm_panic (message=0xf81c80 "zend_mm_heap 
corrupted") at /root/ape/php/php-src-5.4/Zend/zend_alloc.c:92
#2  0x00000000009a0fc9 in _zend_mm_alloc_int (heap=0x123bfb0, size=8, 
__zend_filename=0xf823b8 "/root/ape/php/php-src-5.4/Zend/zend_compile.c", 
__zend_lineno=3508,
    __zend_orig_filename=0xf85e20 "/root/ape/php/php-src-
5.4/Zend/zend_variables.c", __zend_orig_lineno=121) at /root/ape/php/php-src-
5.4/Zend/zend_alloc.c:2014
#3  0x00000000009a2dc3 in _emalloc (size=8, __zend_filename=0xf823b8 
"/root/ape/php/php-src-5.4/Zend/zend_compile.c", __zend_lineno=3508,
    __zend_orig_filename=0xf85e20 "/root/ape/php/php-src-
5.4/Zend/zend_variables.c", __zend_orig_lineno=121) at /root/ape/php/php-src-
5.4/Zend/zend_alloc.c:2425
#4  0x00000000009a3593 in _estrndup (s=0x7f643b992ad0 "_COOKIE", length=7, 
__zend_filename=0xf823b8 "/root/ape/php/php-src-5.4/Zend/zend_compile.c", 
__zend_lineno=3508,
    __zend_orig_filename=0xf85e20 "/root/ape/php/php-src-
5.4/Zend/zend_variables.c", __zend_orig_lineno=121) at /root/ape/php/php-src-
5.4/Zend/zend_alloc.c:2596
#5  0x00000000009e252f in _zval_copy_ctor_func (zvalue=0x7f643b997bb0, 
__zend_filename=0xf823b8 "/root/ape/php/php-src-5.4/Zend/zend_compile.c", 
__zend_lineno=3508)
    at /root/ape/php/php-src-5.4/Zend/zend_variables.c:121
#6  0x00000000009b8215 in _zval_copy_ctor (fe=0x7fffcd339c00, 
target_ce=0x7f643b993360, newname=0x7f643b997d88 "getCookie", tsrm_ls=0x12390c0)
    at /root/ape/php/php-src-5.4/Zend/zend_variables.h:45
#7  zend_traits_duplicate_function (fe=0x7fffcd339c00, target_ce=0x7f643b993360, 
newname=0x7f643b997d88 "getCookie", tsrm_ls=0x12390c0) at /root/ape/php/php-src-
5.4/Zend/zend_compile.c:3508
#8  0x00000000009b8f58 in zend_traits_merge_functions_to_class (fn=0x1553350, 
tsrm_ls=0x12390c0, num_args=1, args=0x7fffcd339d70, hash_key=0x7fffcd339d50)
    at /root/ape/php/php-src-5.4/Zend/zend_compile.c:3650
#9  0x00000000009fb2b2 in zend_hash_apply_with_arguments (ht=0x1553010, 
tsrm_ls=0x12390c0, apply_func=0x9b8c5e <zend_traits_merge_functions_to_class>, 
num_args=1)
    at /root/ape/php/php-src-5.4/Zend/zend_hash.c:772
#10 0x00000000009ba160 in zend_do_traits_method_binding (ce=0x7f643b993360, 
tsrm_ls=0x12390c0) at /root/ape/php/php-src-5.4/Zend/zend_compile.c:3876
#11 0x00000000009ba83a in zend_do_bind_traits (ce=0x7f643b993360, 
tsrm_ls=0x12390c0) at /root/ape/php/php-src-5.4/Zend/zend_compile.c:4017
#12 0x0000000000a35184 in ZEND_BIND_TRAITS_SPEC_HANDLER 
(execute_data=0x7f643b95e288, tsrm_ls=0x12390c0) at /root/ape/php/php-src-
5.4/Zend/zend_vm_execute.h:1027
#13 0x0000000000a3002e in execute (op_array=0x7f643b993100, tsrm_ls=0x12390c0) 
at /root/ape/php/php-src-5.4/Zend/zend_vm_execute.h:410
#14 0x00000000009e7761 in zend_execute_scripts (type=8, tsrm_ls=0x12390c0, 
retval=0x7fffcd33a300, file_count=1) at /root/ape/php/php-src-
5.4/Zend/zend.c:1262
#15 0x0000000000b796a1 in php_cli_server_dispatch_router (server=0x12375e0, 
client=0x15523b0, tsrm_ls=0x12390c0) at /root/ape/php/php-src-
5.4/sapi/cli/php_cli_server.c:1723
#16 0x0000000000b797ee in php_cli_server_dispatch (server=0x12375e0, 
client=0x15523b0, tsrm_ls=0x12390c0) at /root/ape/php/php-src-
5.4/sapi/cli/php_cli_server.c:1751
#17 0x0000000000b79f9c in php_cli_server_recv_event_read_request 
(server=0x12375e0, client=0x15523b0, tsrm_ls=0x12390c0) at /root/ape/php/php-
src-5.4/sapi/cli/php_cli_server.c:1926
#18 0x0000000000b7a372 in php_cli_server_do_event_for_each_fd_callback 
(_params=0x7fffcd33a500, fd=5, event=1) at /root/ape/php/php-src-
5.4/sapi/cli/php_cli_server.c:2017
#19 0x0000000000b758cd in php_cli_server_poller_iter_on_active 
(poller=0x12375e8, opaque=0x7fffcd33a500, callback=0xb7a10d 
<php_cli_server_do_event_for_each_fd_callback>)
    at /root/ape/php/php-src-5.4/sapi/cli/php_cli_server.c:671
#20 0x0000000000b7a3fb in php_cli_server_do_event_for_each_fd (server=0x12375e0, 
rhandler=0xb79e83 <php_cli_server_recv_event_read_request>, whandler=0xb79fc8 
<php_cli_server_send_event>,
    tsrm_ls=0x12390c0) at /root/ape/php/php-src-
5.4/sapi/cli/php_cli_server.c:2038
#21 0x0000000000b7a454 in php_cli_server_do_event_loop (server=0x12375e0, 
tsrm_ls=0x12390c0) at /root/ape/php/php-src-5.4/sapi/cli/php_cli_server.c:2048
#22 0x0000000000b7a789 in do_cli_server (argc=4, argv=0x7fffcd33b928, 
tsrm_ls=0x12390c0) at /root/ape/php/php-src-5.4/sapi/cli/php_cli_server.c:2149
#23 0x0000000000b6efd1 in main (argc=4, argv=0x7fffcd33b928) at 
/root/ape/php/php-src-5.4/sapi/cli/php_cli.c:1359

//
seems to frame 7 that it starts to go wrong, which is a line that was added in 
the last 8 days
 [2011-08-09 10:54 UTC] ava3ar at gmail dot com 
I noticed a bug in my bug report

test(trait) should be a seperate file, 
and should be included by the main file

this then causes the segfault
 [2011-08-10 00:23 UTC] felipe@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: gron
 [2011-08-13 09:53 UTC] paddelman at hotmail dot com 
https://bugs.php.net/bug.php?id=55410

Perhaps even more isolated problem.
 [2011-08-15 10:02 UTC] gron@php.net 
I think it was a problem with handling literals.
Which would make it a duplicate of https://bugs.php.net/bug.php?id=55372.

Could you please verify whether it works as of SVN rev 314933?

Thanks
Stefan
 [2011-08-15 13:15 UTC] ava3ar at gmail dot com
-Status: Assigned +Status: Closed
 [2011-08-15 13:15 UTC] ava3ar at gmail dot com 
This now seems to work
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Feb 05 20:01:30 2025 UTC