PHP :: Bug #19010 :: debug build segfaults on property assignment

Bug #19010	debug build segfaults on property assignment
Submitted:	2002-08-21 03:02 UTC	Modified:	2002-10-17 22:57 UTC
From:	tater at potatoe dot com	Assigned:
Status:	Closed	Package:	Scripting Engine problem
PHP Version:	4CVS-2002-08-21	OS:	Mac OS X 10.1.5 / Darwin 5.5
Private report:	No	CVE-ID:	None

View Developer Edit

[2002-08-21 03:02 UTC] tater at potatoe dot com

A particular sequence of object creations and property assignment segfaults in ZE2 with --enable-debug.
I verified this on latest CVS, with a vanilla "configure --enable-debug" build, running the CLI version.

This causes the segfault:

php -r 'class x { var $y; function z(){}} $a = new x; $a->y=1; $b = new x; $b->y=2; echo "all ok\n";'

Just swapping two statements in there makes it work fine:

php -r 'class x { var $y; } $a = new x; $a->y=1; $b = new x; $b->y=2; echo "all ok\n";'

This is what I can see in gdb:

Program received signal EXC_BAD_ACCESS, Could not access memory.
0x0017532c in _efree (ptr=0x5a5a5a5a, __zend_filename=0x1cf824 "/usr/local/book/php4/Zend/zend_object_handlers.c", __zend_lineno=88, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/local/book/php4/Zend/zend_alloc.c:219
219             CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p->size);
(gdb) bt
#0  0x0017532c in _efree (ptr=0x5a5a5a5a, __zend_filename=0x1cf824 "/usr/local/book/php4/Zend/zend_object_handlers.c", __zend_lineno=88, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/local/book/php4/Zend/zend_alloc.c:219
#1  0x001a8ae0 in zend_std_write_property (object=0x5a36d8, member=0x5a222c, value=0x5a25a8) at /usr/local/book/php4/Zend/zend_object_handlers.c:88
#2  0x001b6384 in zend_assign_to_object (result=0x5a21f4, op1=0x5a220c, op2=0x5a2224, value=0x5a25a8, Ts=0xbffff1e8) at /usr/local/book/php4/Zend/zend_execute.c:304
#3  0x001af460 in execute (op_array=0x5a1978) at /usr/local/book/php4/Zend/zend_execute.c:1520
#4  0x00185eb8 in zend_eval_string (str=0xbffffc45 "class x { var $y; function z(){}} $a = new x; $a->y=1; $b = new x; $b->y=2; echo \"all ok\\n\";", retval_ptr=0x0, string_name=0x1d076c "Command line code") at /usr/local/book/php4/Zend/zend_execute_API.c:729
#5  0x001b9090 in main (argc=3, argv=0xbffffb78) at /usr/local/book/php4/sapi/cli/php_cli.c:725
#6  0x00002714 in _start ()
#7  0x00002544 in start ()

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-08-21 03:05 UTC] tater at potatoe dot com

Argh, cut & paste problem, sorry. This is the code that works.

php -r 'class x { var $y; function z(){}} $a = new x; $b = new x; $a->y=1; $b->y=2; echo "all ok\n";'

In other words, create the two objects first, and then make the assigments.

[2002-10-17 22:57 UTC] iliaa@php.net

This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2026 The PHP Group All rights reserved.	Last updated: Tue Feb 17 14:00:01 2026 UTC