PHP :: Bug #65291 :: get_defined_constants() causes PHP to crash in a very limited case.

Bug #65291	get_defined_constants() causes PHP to crash in a very limited case.
Submitted:	2013-07-18 17:54 UTC	Modified:	2013-07-20 10:07 UTC
From:	gregbenner1 at gmail dot com	Assigned:
Status:	Closed	Package:	Reproducible crash
PHP Version:	5.4.17	OS:	CentOS 6.4
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	gregbenner1 at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2013-07-18 17:54 UTC] gregbenner1 at gmail dot com

Description:
------------
The function get_defined_constants(); (with or without the bool parameter) causes 
PHP to segfault when used in the same script as a Class that uses a Trait which 
has the __CLASS__ magic constant somewhere in it.

If you replace __CLASS__ with get_called_class() it works fine.

Test script:
---------------
<?php

trait TestTrait
{
    public static function testStaticFunction()
    {
        return __CLASS__;
    }
}
class Tester
{
    use TestTrait;
}
$tester = Tester::testStaticFunction();

get_defined_constants();
echo "It Worked!";

Expected result:
----------------
The text "It Worked!" output.

Actual result:
--------------
PHP crashes and the following is left in my Apache error log:
[Thu Jul 18 13:22:33 2013] [notice] child pid ##### exit signal Segmentation fault 
(11)

Patches

Patch-for-65291 (last revision 2013-07-20 03:50 UTC by reeze@php.net)

Pull Requests

Pull requests:

Fixed bug #65291 - get_defined_constants() crash with __CLASS__ in trait (php-src/389)

History

AllCommentsChangesGit/SVN commitsRelated reports

[2013-07-18 20:27 UTC] arpad@php.net

-Status: Open +Status: Verified

[2013-07-18 20:27 UTC] arpad@php.net

Program received signal SIGSEGV, Segmentation fault.
add_assoc_zval_ex (arg=0x7ffff7fbe4e8, key=0x0, key_len=0, value=0x7ffff69a7398) at /home/arpad/w/php/php-src/Zend/zend_API.c:1275
1275		return zend_symtable_update(Z_ARRVAL_P(arg), key, key_len, (void *) &value, sizeof(zval *), NULL);
(gdb) bt
#0  add_assoc_zval_ex (arg=0x7ffff7fbe4e8, key=0x0, key_len=0, value=0x7ffff69a7398)
    at /home/arpad/w/php/php-src/Zend/zend_API.c:1275
#1  0x0000000000588a38 in add_constant_info (constant=0xa8df70, arg=0x7ffff7fbe4e8)
    at /home/arpad/w/php/php-src/Zend/zend_builtin_functions.c:1933
#2  0x0000000000585e8a in zend_hash_apply_with_argument (ht=0x99ccb0, apply_func=0x5889b0 <add_constant_info>, 
    argument=0x7ffff7fbe4e8) at /home/arpad/w/php/php-src/Zend/zend_hash.c:740
#3  0x000000000058b0b4 in zif_get_defined_constants (ht=<optimised out>, return_value=0x7ffff7fbe4e8, 
    return_value_ptr=<optimised out>, this_ptr=<optimised out>, return_value_used=<optimised out>)
    at /home/arpad/w/php/php-src/Zend/zend_builtin_functions.c:2023
#4  0x000000000061a51d in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7f8b060)
    at /home/arpad/w/php/php-src/Zend/zend_vm_execute.h:643
#5  0x00000000005d69dc in execute (op_array=0x7ffff7fc0c90) at /home/arpad/w/php/php-src/Zend/zend_vm_execute.h:410
#6  0x0000000000579a69 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/arpad/w/php/php-src/Zend/zend.c:1315
#7  0x000000000051a6b8 in php_execute_script (primary_file=0x7fffffffcee0) at /home/arpad/w/php/php-src/main/main.c:2497
#8  0x000000000061cc44 in do_cli (argc=2, argv=0x7fffffffe2d8) at /home/arpad/w/php/php-src/sapi/cli/php_cli.c:989
#9  0x0000000000418ab3 in main (argc=2, argv=0x7fffffffe2d8) at /home/arpad/w/php/php-src/sapi/cli/php_cli.c:1365

[2013-07-20 03:50 UTC] reeze@php.net

The following patch has been added/updated:

Patch Name: Patch-for-65291
Revision:   1374292240
URL:        https://bugs.php.net/patch-display.php?bug=65291&patch=Patch-for-65291&revision=1374292240

[2013-07-20 03:51 UTC] reeze@php.net

There is one more case  get_defined_constants(true) :)

[2013-07-20 10:07 UTC] arpad@php.net

Oops, good point, updated PR.

[2013-07-21 08:19 UTC] laruence@php.net

Automatic comment on behalf of arraypad@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=b963249456b043dba4a73cc6591d0eef11cebfbb
Log: Fixed bug #65291 - get_defined_constants() crash with __CLASS__ in trait

[2013-07-21 08:19 UTC] laruence@php.net

-Status: Verified +Status: Closed

[2013-07-21 08:19 UTC] laruence@php.net

Automatic comment on behalf of arraypad@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a015fa83a735da7342dd7ae172c4516265bed41d
Log: Fixed bug #65291 - get_defined_constants() crash with __CLASS__ in trait

[2014-10-07 23:18 UTC] stas@php.net

Automatic comment on behalf of arraypad@gmail.com
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=b963249456b043dba4a73cc6591d0eef11cebfbb
Log: Fixed bug #65291 - get_defined_constants() crash with __CLASS__ in trait

[2014-10-07 23:18 UTC] stas@php.net

Automatic comment on behalf of arraypad@gmail.com
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=a015fa83a735da7342dd7ae172c4516265bed41d
Log: Fixed bug #65291 - get_defined_constants() crash with __CLASS__ in trait

[2014-10-07 23:29 UTC] stas@php.net

Automatic comment on behalf of arraypad@gmail.com
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=b963249456b043dba4a73cc6591d0eef11cebfbb
Log: Fixed bug #65291 - get_defined_constants() crash with __CLASS__ in trait

[2014-10-07 23:29 UTC] stas@php.net

Automatic comment on behalf of arraypad@gmail.com
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=a015fa83a735da7342dd7ae172c4516265bed41d
Log: Fixed bug #65291 - get_defined_constants() crash with __CLASS__ in trait

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 15:01:30 2024 UTC