PHP :: Bug #27589 :: When creating a new Object inside another class called by the first , Segfault

[2004-03-13 18:19 UTC] keith at aphore dot com

Description:
------------
PHP Segfaults When running the Following Piece of Code .

Yes i know its Bad Code , and you should never do that , but it should at best Error out , not Segfault .

Keith



Reproduce code:
---------------
 class rah {
         function __construct ()
         {
                 $bleh = new bleh();
        }
   }

$rah = new rah;

class bleh {

function __construct()
{
        $rah = new rah();

}
}

Expected result:
----------------
It Should at best Error out , not Segfault !

Actual result:
--------------
output obtained via  

gdb ~/bin/php core.15982

#0  0x081d9788 in zend_lookup_class (name=0x42279fe4 "rah", name_length=3, ce=0xb4bcd034)
    at /home/archer/php-5.0.0b4/Zend/zend_execute_API.c:806
806             zval class_name, *class_name_ptr = &class_name;
(gdb) bt
#0  0x081d9788 in zend_lookup_class (name=0x42279fe4 "rah", name_length=3, ce=0xb4bcd034)
    at /home/archer/php-5.0.0b4/Zend/zend_execute_API.c:806
#1  0x081d9fce in zend_fetch_class (class_name=0x42279fe4 "rah", class_name_len=3, fetch_type=0)
    at /home/archer/php-5.0.0b4/Zend/zend_execute_API.c:1195
#2  0x08204723 in zend_fetch_class_handler (execute_data=0xb4bcd100, opline=0x42285838, op_array=0x42279dc0)
    at /home/archer/php-5.0.0b4/Zend/zend_execute.c:2382
#3  0x08201ed6 in execute (op_array=0x42279dc0) at /home/archer/php-5.0.0b4/Zend/zend_execute.c:1339
#4  0x0820521b in zend_do_fcall_common_helper (execute_data=0xb4bcd240, opline=0x42285684, op_array=0x42279730)
    at /home/archer/php-5.0.0b4/Zend/zend_execute.c:2671
#5  0x08205625 in zend_do_fcall_by_name_handler (execute_data=0xb4bcd240, opline=0x42285684, op_array=0x42279730)
    at /home/archer/php-5.0.0b4/Zend/zend_execute.c:2753
#6  0x08201ed6 in execute (op_array=0x42279730) at /home/archer/php-5.0.0b4/Zend/zend_execute.c:1339
#7  0x0820521b in zend_do_fcall_common_helper (execute_data=0xb4bcd380, opline=0x42285968, op_array=0x42279dc0)
    at /home/archer/php-5.0.0b4/Zend/zend_execute.c:2671
#8  0x08205625 in zend_do_fcall_by_name_handler (execute_data=0xb4bcd380, opline=0x42285968, op_array=0x42279dc0)
    at /home/archer/php-5.0.0b4/Zend/zend_execute.c:2753
#9  0x08201ed6 in execute (op_array=0x42279dc0) at /home/archer/php-5.0.0b4/Zend/zend_execute.c:1339
#10 0x0820521b in zend_do_fcall_common_helper (execute_data=0xb4bcd4c0, opline=0x42285684, op_array=0x42279730)
    at /home/archer/php-5.0.0b4/Zend/zend_execute.c:2671
#11 0x08205625 in zend_do_fcall_by_name_handler (execute_data=0xb4bcd4c0, opline=0x42285684, op_array=0x42279730)
    at /home/archer/php-5.0.0b4/Zend/zend_execute.c:2753

[2004-03-15 09:57 UTC] sniper@php.net

With HEAD today:

#0  0x4061e6af in tolower () from /lib/i686/libc.so.6
#1  0x0834ebd9 in zend_str_tolower_copy (dest=0xbf800060 "", source=0x40e44884 "rah", length=3)
    at /usr/src/web/php/php5/Zend/zend_operators.c:1732
#2  0x0834673e in zend_lookup_class (name=0x40e44884 "rah", name_length=3, ce=0xbf8000f0)
    at /usr/src/web/php/php5/Zend/zend_execute_API.c:855
#3  0x08347136 in zend_fetch_class (class_name=0x40e44884 "rah", class_name_len=3, fetch_type=0)
    at /usr/src/web/php/php5/Zend/zend_execute_API.c:1231
#4  0x083778f4 in zend_fetch_class_handler (execute_data=0xbf8001c0, opline=0x40e456c8, op_array=0x40e44660)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2388
#5  0x083747f8 in execute (op_array=0x40e44660) at /usr/src/web/php/php5/Zend/zend_execute.c:1339
#6  0x08378570 in zend_do_fcall_common_helper (execute_data=0xbf800310, opline=0x40e44140, op_array=0x40e453a8)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2677
#7  0x08378a19 in zend_do_fcall_by_name_handler (execute_data=0xbf800310, opline=0x40e44140, op_array=0x40e453a8)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2759
#8  0x083747f8 in execute (op_array=0x40e453a8) at /usr/src/web/php/php5/Zend/zend_execute.c:1339
#9  0x08378570 in zend_do_fcall_common_helper (execute_data=0xbf800460, opline=0x40e457f8, op_array=0x40e44660)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2677
#10 0x08378a19 in zend_do_fcall_by_name_handler (execute_data=0xbf800460, opline=0x40e457f8, op_array=0x40e44660)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2759
#11 0x083747f8 in execute (op_array=0x40e44660) at /usr/src/web/php/php5/Zend/zend_execute.c:1339
#12 0x08378570 in zend_do_fcall_common_helper (execute_data=0xbf8005b0, opline=0x40e44140, op_array=0x40e453a8)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2677
#13 0x08378a19 in zend_do_fcall_by_name_handler (execute_data=0xbf8005b0, opline=0x40e44140, op_array=0x40e453a8)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2759

[2004-03-15 10:25 UTC] sniper@php.net

Infinite recursion -> stack corrupted. (bogus, don't do stuff like this :)

[2004-03-15 20:17 UTC] keith at aphore dot com

This is not bogus .

yes i know this shouldn't be done , but the point is , it should error, not segfault :)

Broken code != Broken engine.

Regardless of how the bad the Code is , PHP should be able to handle it correctly .

[2004-03-16 03:19 UTC] derick@php.net

Might be, but we are not going to fix this. It was brought up numerous times on the mailinglist AND in the bug system, but it is quite impossible to guard for this in an efficient way.

Patches

Pull Requests

History

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Apr 28 23:01:32 2024 UTC