PHP :: Bug #63219 :: Segfault when aliasing trait method when autoloader throws excpetion

Bug #63219	Segfault when aliasing trait method when autoloader throws excpetion
Submitted:	2012-10-04 18:43 UTC	Modified:	2012-10-08 07:06 UTC
From:	maciej dot sz at gmail dot com	Assigned:	laruence (profile)
Status:	Closed	Package:	Reproducible crash
PHP Version:	5.4Git-2012-10-04 (snap)	OS:	3.2.0-31-generic #50-Ubuntu
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	maciej dot sz at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2012-10-04 18:43 UTC] maciej dot sz at gmail dot com

Description:
------------
Class contains "use" statement of a trait. Method alias statement for that trait contains a typo in the trait name. The autoloader throws exception and then the segfault occurs.

(gdb) p zend_fetch_class(cur_method_ref->class_name, cur_method_ref->cname_len, 14)
$5 = (zend_class_entry *) 0x0

Test script:
---------------
---------------
file TFoo.php

<?php
trait TFoo
{
    public function fooMethod(){}
}

---------------
file C.php

<?php
class C
{
    use TFoo {
        TFoooo::fooMethod as tf; // typo
    }
}


----------------
file index.php

<?php
set_include_path(
    realpath(__DIR__ . '/..') . PATH_SEPARATOR . get_include_path()
);

spl_autoload_register(function($cname){
    $fname = $cname . '.php';
    if ( ! stream_resolve_include_path($fname) ) {
        throw new \Exception('could not load');
    }
    include $fname;
});

$C = new C();

Expected result:
----------------
zend_error(E_ERROR, "Cannot alias method of a trait not inclued in use statement");

This should occur prior to autoloading.

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x00000000009863c8 in _zend_is_inconsistent (ht=0x28, 
    file=0xfb0948 "/home/maciek/Downloads/php-5.4.7/Zend/zend_hash.c", line=969)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend_hash.c:54
54		if (ht->inconsistent==HT_OK) {



(gdb) bt
#0  0x00000000009863c8 in _zend_is_inconsistent (ht=0x28, 
    file=0xfb0948 "/home/maciek/Downloads/php-5.4.7/Zend/zend_hash.c", line=969)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend_hash.c:54
#1  0x00000000009890f5 in zend_hash_exists (ht=0x28, arKey=0x7ffff7fc5aa0 "foomethodd", nKeyLength=11)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend_hash.c:969
#2  0x0000000000952839 in zend_traits_init_trait_structures (ce=0x7ffff7fc5108)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend_compile.c:4037
#3  0x0000000000953a4a in zend_do_bind_traits (ce=0x7ffff7fc5108)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend_compile.c:4370
#4  0x00000000009b79ee in ZEND_BIND_TRAITS_SPEC_HANDLER (execute_data=0x7ffff7f88500)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend_vm_execute.h:1027
#5  0x00000000009b42f6 in execute (op_array=0x7ffff7fc0da8)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend_vm_execute.h:410
#6  0x00000000009639b8 in zend_call_function (fci=0x7fffffffa1a0, fci_cache=0x7fffffffa1f0)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend_execute_API.c:958
#7  0x00000000009956b5 in zend_call_method (object_pp=0x0, obj_ce=0x0, fn_proxy=0x7ffff7fc41e0, 
    function_name=0x7ffff7fc17f8 "closure::__invoke\001", function_name_len=22, 
    retval_ptr_ptr=0x7fffffffa2e0, param_count=1, arg1=0x7ffff7fbf5d0, arg2=0x0)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend_interfaces.c:97
#8  0x00000000007a087c in zif_spl_autoload_call (ht=1, return_value=0x7ffff7fc40d8, 
    return_value_ptr=0x7fffffffa728, this_ptr=0x0, return_value_used=1)
    at /home/maciek/Downloads/php-5.4.7/ext/spl/php_spl.c:436
#9  0x0000000000963b92 in zend_call_function (fci=0x7fffffffa670, fci_cache=0x7fffffffa6c0)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend_execute_API.c:980
#10 0x0000000000964520 in zend_lookup_class_ex (name=0x7ffff7eb72f8 "bar\\C", name_length=5, 
    key=0x7ffff7fc24d8, use_autoload=1, ce=0x7fffffffa7c0)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend_execute_API.c:1127
#11 0x0000000000965230 in zend_fetch_class_by_name (class_name=0x7ffff7eb72f8 "bar\\C", 
    class_name_len=5, key=0x7ffff7fc24d8, fetch_type=4)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend_execute_API.c:1607
#12 0x00000000009b8690 in ZEND_FETCH_CLASS_SPEC_CONST_HANDLER (execute_data=0x7ffff7f880e8)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend_vm_execute.h:1173
#13 0x00000000009b42f6 in execute (op_array=0x7ffff7fc04c8)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend_vm_execute.h:410
#14 0x0000000000976e13 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend.c:1286
#15 0x00000000008e9732 in php_execute_script (primary_file=0x7fffffffce40)
    at /home/maciek/Downloads/php-5.4.7/main/main.c:2473
#16 0x0000000000abfa95 in do_cli (argc=2, argv=0x7fffffffe228)
    at /home/maciek/Downloads/php-5.4.7/sapi/cli/php_cli.c:988
#17 0x0000000000ac0bce in main (argc=2, argv=0x7fffffffe228)
    at /home/maciek/Downloads/php-5.4.7/sapi/cli/php_cli.c:1364



(gdb) f 2
#2  0x0000000000952839 in zend_traits_init_trait_structures (ce=0x7ffff7fc5108)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend_compile.c:4037
4037					method_exists = zend_hash_exists(&cur_method_ref->ce->function_table,



(gdb) p *cur_method_ref 
$1 = {method_name = 0x7ffff7fc1558 "fooMethod", mname_len = 10, ce = 0x0, 
  class_name = 0x7ffff7fc5798 "foo\\TFooo", cname_len = 9}



(gdb) p zend_fetch_class(cur_method_ref->class_name, cur_method_ref->cname_len, 14)
$2 = (zend_class_entry *) 0x0

Patches

bug63219.patch (last revision 2012-10-05 01:56 UTC by laruence@php.net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-10-05 01:56 UTC] laruence@php.net

The following patch has been added/updated:

Patch Name: bug63219.patch
Revision:   1349402169
URL:        https://bugs.php.net/patch-display.php?bug=63219&patch=bug63219.patch&revision=1349402169

[2012-10-05 01:57 UTC] laruence@php.net

I think there is no need to call autoload in USE block, and it should check the 
fetch result, I have attached a patch, 

but I am not sure what the warning message should be...

[2012-10-05 01:58 UTC] laruence@php.net

-Assigned To: +Assigned To: dmitry

[2012-10-08 07:06 UTC] dmitry@php.net

-Assigned To: dmitry +Assigned To: laruence

[2012-10-08 07:06 UTC] dmitry@php.net

I think you patch is OK. Please commit it.

[2012-10-08 15:00 UTC] laruence@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=67611c67fa5a3b2c199d41ef7df3307308c56faa
Log: Fixed bug #63219 (Segfault when aliasing trait method when autoloader throws excpetion)

[2012-10-08 15:00 UTC] laruence@php.net

-Status: Assigned +Status: Closed

[2012-10-08 15:01 UTC] laruence@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=67611c67fa5a3b2c199d41ef7df3307308c56faa
Log: Fixed bug #63219 (Segfault when aliasing trait method when autoloader throws excpetion)

[2014-10-07 23:21 UTC] stas@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=67611c67fa5a3b2c199d41ef7df3307308c56faa
Log: Fixed bug #63219 (Segfault when aliasing trait method when autoloader throws excpetion)

[2014-10-07 23:32 UTC] stas@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=67611c67fa5a3b2c199d41ef7df3307308c56faa
Log: Fixed bug #63219 (Segfault when aliasing trait method when autoloader throws excpetion)

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Jul 07 19:01:34 2025 UTC