PHP :: Bug #23039 :: Apache CRASH with illegal code (C++ style)

Bug #23039	Apache CRASH with illegal code (C++ style)
Submitted:	2003-04-03 13:33 UTC	Modified:	2003-04-03 14:15 UTC
From:	a dot eibach at gmx dot net	Assigned:
Status:	Wont fix	Package:	Reproducible crash
PHP Version:	4.3.1	OS:	Win98 SE
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!

Your email address: MUST BE VALID
Solve the problem: 22 - 8 = ?
Subscribe to this entry?

[2003-04-03 13:33 UTC] a dot eibach at gmx dot net

Hi.
What is illegal code? Code with the intention to break something. But sometimes it's even a bad mistake causing this (inheriting a wrong class or deriving from an illegal class or...)
The following stuff is really ILLEGAL code. YOU SHOULD NEVER PROGRAM LIKE THIS. ;) But Apache shouldn't GPF, too. The Apache people warped me over here because they said that this is no Apache issue. May they be right.

As you can see...
The code is *very* narrowed down. It's definitely not _that_ simple IRL.
Main class is 'db_entry'. Class 'contact' is derived from employer, which is derived itself from db_entry.
Now we get ILLEGAL. We create a new 'contact' member object by directly (!!!) instantiating contact from the db_entry constructor. (Of course, we should instantiate 'employer', because contact is created inside too. But we want the crash, don't we :))
Crazy thing is that PHP doesn't complain about anything if this is done with *existing* 'contact()' constructor.
If this is missing or disabled ('//' part), Apache crashes.

OS: Win98 SE
Apache: 1.3.27
PHP: 4.3.1 (stable)


--script--

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 FINAL//EN">
<HTML>
<HEAD>
</HEAD>
<BODY BGCOLOR="#FFFFFF" LINK="#990000" VLINK="#003366" TEXT="#000000" 
TOPMARGIN=16 LEFTMARGIN=10 MARGINWIDTH=10 MARGINHEIGHT=16>
<font face="Arial">

<?php
class employer extends db_entry
{
  var $contactman;

   function employer()  /* constructor */
   {
    $this->contactman = new contact();
   }
}
class contact extends employer
{
 // function contact()   // this is the constructor and it's MISSING!!!
 // {                // --> crash
 // }
}

class db_entry
{

    var $ct_entry;

    function db_entry()
    {
     /* generate indirect member object by illegally 
     instantiating an object TWO hierarchy steps below!!! */
      $this->ct_entry  = new contact();
      // -> crash!
    }
}

  $newentr = new db_entry();
 echo "OK";
?>
</font>
</BODY>
</HTML>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-04-03 14:15 UTC] jay@php.net

It's not so crazy. You've just got some endless recursion 
there, which is why it doesn't happen when you uncomment 
the contact constructor. When the contact object is 
instantiated, the employer constructor is called in the 
absence of a contact constructor. Since a new contact 
object is instanitated in the employer constructor, you 
get recursion, as the employer constructor is effectively 
calling itself. You'll eventually run out of memory or 
something similarly strange will happen, hence the 
segfault. You'll get the same results if you do "function 
foo() { return foo(); } foo();" 
 
I don't imagine this will be fixed. It's not PHP's fault 
is somebody codes an endless recursion loop. 
 
J

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Wed Apr 24 08:01:29 2024 UTC