|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #26866 segfault while exception was raised in __get
Submitted: 2004-01-10 18:44 UTC Modified: 2004-02-11 04:38 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: davojan at mail dot ru Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 5CVS-2004-02-10 OS: *
Private report: No CVE-ID: None
 [2004-01-10 18:44 UTC] davojan at mail dot ru
As I imagine, PHP must not check bar's type in $foo->bar->get_name() call, if bar is a result of __get() function and an exception was raised in it. However it does so.

The example below works fine, if we comment the "throw" line - the result in browser is 'bar'.

Reproduce code:
class bar {
	function get_name() {
		return 'bar';
class foo {
	function __get($sName) {
		throw new Exception('Exception!');
		return new bar();
$foo = new foo();
try {
	echo $foo->bar->get_name();
catch (Exception $E) {
	echo 'Exception raised!';

Expected result:
Exception raised!

Actual result:
Fatal error: Call to a member function get_name() on a non-object in /usr/local/www/data-dist/ils/admin/test/get_ex.php on line 15


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2004-02-09 11:46 UTC]
The example script causess a segfault now:

0x082c1cc9 in _zend_is_inconsistent (ht=0x1b, file=0x84030a0 "/usr/src/web/php/php5/Zend/zend_hash.c", line=841)
    at /usr/src/web/php/php5/Zend/zend_hash.c:53
53              if (ht->inconsistent==HT_OK) {
(gdb) bt
#0  0x082c1cc9 in _zend_is_inconsistent (ht=0x1b, file=0x84030a0 "/usr/src/web/php/php5/Zend/zend_hash.c", line=841)
    at /usr/src/web/php/php5/Zend/zend_hash.c:53
#1  0x082c3df8 in zend_hash_find (ht=0x1b, arKey=0x40e44a48 "__get", nKeyLength=6, pData=0xbfffd478)
    at /usr/src/web/php/php5/Zend/zend_hash.c:841
#2  0x082b24b5 in zend_call_function (fci=0xbfffd520, fci_cache=0x0)
    at /usr/src/web/php/php5/Zend/zend_execute_API.c:619
#3  0x082b205f in call_user_function_ex (function_table=0x0, object_pp=0xbfffd5c0, function_name=0xbfffd590, 
    retval_ptr_ptr=0xbfffd5a8, param_count=1, params=0xbfffd5ac, no_separation=0, symbol_table=0x0)
    at /usr/src/web/php/php5/Zend/zend_execute_API.c:517
#4  0x082cbf70 in zend_std_call_getter (object=0x40e44910, member=0x40e42c40)
    at /usr/src/web/php/php5/Zend/zend_object_handlers.c:78
#5  0x082cc31f in zend_std_read_property (object=0x40e44910, member=0x40e42c40, silent=0 '\0')
    at /usr/src/web/php/php5/Zend/zend_object_handlers.c:291
#6  0x082d9cdf in zend_fetch_property_address_read (result=0x40e42c14, op1=0x40e42c28, op2=0x40e42c3c, Ts=0xbfffd6a0, 
    type=0) at /usr/src/web/php/php5/Zend/zend_execute.c:1064
#7  0x082dbde5 in zend_fetch_obj_r_handler (execute_data=0xbfffd7c0, opline=0x40e42c10, op_array=0x40e42674)
    at /usr/src/web/php/php5/Zend/zend_execute.c:1960
#8  0x082da498 in execute (op_array=0x40e42674) at /usr/src/web/php/php5/Zend/zend_execute.c:1272
#9  0x082bcad3 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/web/php/php5/Zend/zend.c:1051
#10 0x08285fd8 in php_execute_script (primary_file=0xbffffbc0) at /usr/src/web/php/php5/main/main.c:1641
#11 0x080b776c in main (argc=2, argv=0xbffffc54) at /usr/src/web/php/php5/sapi/cli/php_cli.c:941

 [2004-02-11 04:38 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat May 18 21:01:33 2024 UTC