php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #23039 Apache CRASH with illegal code (C++ style)
Submitted: 2003-04-03 13:33 UTC Modified: 2003-04-03 14:15 UTC
From: a dot eibach at gmx dot net Assigned:
Status: Wont fix Package: Reproducible crash
PHP Version: 4.3.1 OS: Win98 SE
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: a dot eibach at gmx dot net
New email:
PHP Version: OS:

 

 [2003-04-03 13:33 UTC] a dot eibach at gmx dot net
Hi.
What is illegal code? Code with the intention to break something. But sometimes it's even a bad mistake causing this (inheriting a wrong class or deriving from an illegal class or...)
The following stuff is really ILLEGAL code. YOU SHOULD NEVER PROGRAM LIKE THIS. ;) But Apache shouldn't GPF, too. The Apache people warped me over here because they said that this is no Apache issue. May they be right.

As you can see...
The code is *very* narrowed down. It's definitely not _that_ simple IRL.
Main class is 'db_entry'. Class 'contact' is derived from employer, which is derived itself from db_entry.
Now we get ILLEGAL. We create a new 'contact' member object by directly (!!!) instantiating contact from the db_entry constructor. (Of course, we should instantiate 'employer', because contact is created inside too. But we want the crash, don't we :))
Crazy thing is that PHP doesn't complain about anything if this is done with *existing* 'contact()' constructor.
If this is missing or disabled ('//' part), Apache crashes.

OS: Win98 SE
Apache: 1.3.27
PHP: 4.3.1 (stable)


--script--

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 FINAL//EN">
<HTML>
<HEAD>
</HEAD>
<BODY BGCOLOR="#FFFFFF" LINK="#990000" VLINK="#003366" TEXT="#000000" 
TOPMARGIN=16 LEFTMARGIN=10 MARGINWIDTH=10 MARGINHEIGHT=16>
<font face="Arial">

<?php
class employer extends db_entry
{
  var $contactman;

   function employer()  /* constructor */
   {
    $this->contactman = new contact();
   }
}
class contact extends employer
{
 // function contact()   // this is the constructor and it's MISSING!!!
 // {                // --> crash
 // }
}

class db_entry
{

    var $ct_entry;

    function db_entry()
    {
     /* generate indirect member object by illegally 
     instantiating an object TWO hierarchy steps below!!! */
      $this->ct_entry  = new contact();
      // -> crash!
    }
}

  $newentr = new db_entry();
 echo "OK";
?>
</font>
</BODY>
</HTML>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-04-03 14:15 UTC] jay@php.net
It's not so crazy. You've just got some endless recursion 
there, which is why it doesn't happen when you uncomment 
the contact constructor. When the contact object is 
instantiated, the employer constructor is called in the 
absence of a contact constructor. Since a new contact 
object is instanitated in the employer constructor, you 
get recursion, as the employer constructor is effectively 
calling itself. You'll eventually run out of memory or 
something similarly strange will happen, hence the 
segfault. You'll get the same results if you do "function 
foo() { return foo(); } foo();" 
 
I don't imagine this will be fixed. It's not PHP's fault 
is somebody codes an endless recursion loop. 
 
J 
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 09 07:01:27 2024 UTC