php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #27589 When creating a new Object inside another class called by the first , Segfault
Submitted: 2004-03-13 18:19 UTC Modified: 2004-03-16 03:19 UTC
Votes:6
Avg. Score:4.5 ± 0.5
Reproduced:4 of 6 (66.7%)
Same Version:3 (75.0%)
Same OS:3 (75.0%)
From: keith at aphore dot com Assigned:
Status: Wont fix Package: Scripting Engine problem
PHP Version: 5CVS-2004-03-15 OS: *
Private report: No CVE-ID: None
View Developer Edit
 [2004-03-13 18:19 UTC] keith at aphore dot com 
Description:
------------
PHP Segfaults When running the Following Piece of Code .

Yes i know its Bad Code , and you should never do that , but it should at best Error out , not Segfault .

Keith



Reproduce code:
---------------
 class rah {
         function __construct ()
         {
                 $bleh = new bleh();
        }
   }

$rah = new rah;

class bleh {

function __construct()
{
        $rah = new rah();

}
}

Expected result:
----------------
It Should at best Error out , not Segfault !

Actual result:
--------------
output obtained via  

gdb ~/bin/php core.15982

#0  0x081d9788 in zend_lookup_class (name=0x42279fe4 "rah", name_length=3, ce=0xb4bcd034)
    at /home/archer/php-5.0.0b4/Zend/zend_execute_API.c:806
806             zval class_name, *class_name_ptr = &class_name;
(gdb) bt
#0  0x081d9788 in zend_lookup_class (name=0x42279fe4 "rah", name_length=3, ce=0xb4bcd034)
    at /home/archer/php-5.0.0b4/Zend/zend_execute_API.c:806
#1  0x081d9fce in zend_fetch_class (class_name=0x42279fe4 "rah", class_name_len=3, fetch_type=0)
    at /home/archer/php-5.0.0b4/Zend/zend_execute_API.c:1195
#2  0x08204723 in zend_fetch_class_handler (execute_data=0xb4bcd100, opline=0x42285838, op_array=0x42279dc0)
    at /home/archer/php-5.0.0b4/Zend/zend_execute.c:2382
#3  0x08201ed6 in execute (op_array=0x42279dc0) at /home/archer/php-5.0.0b4/Zend/zend_execute.c:1339
#4  0x0820521b in zend_do_fcall_common_helper (execute_data=0xb4bcd240, opline=0x42285684, op_array=0x42279730)
    at /home/archer/php-5.0.0b4/Zend/zend_execute.c:2671
#5  0x08205625 in zend_do_fcall_by_name_handler (execute_data=0xb4bcd240, opline=0x42285684, op_array=0x42279730)
    at /home/archer/php-5.0.0b4/Zend/zend_execute.c:2753
#6  0x08201ed6 in execute (op_array=0x42279730) at /home/archer/php-5.0.0b4/Zend/zend_execute.c:1339
#7  0x0820521b in zend_do_fcall_common_helper (execute_data=0xb4bcd380, opline=0x42285968, op_array=0x42279dc0)
    at /home/archer/php-5.0.0b4/Zend/zend_execute.c:2671
#8  0x08205625 in zend_do_fcall_by_name_handler (execute_data=0xb4bcd380, opline=0x42285968, op_array=0x42279dc0)
    at /home/archer/php-5.0.0b4/Zend/zend_execute.c:2753
#9  0x08201ed6 in execute (op_array=0x42279dc0) at /home/archer/php-5.0.0b4/Zend/zend_execute.c:1339
#10 0x0820521b in zend_do_fcall_common_helper (execute_data=0xb4bcd4c0, opline=0x42285684, op_array=0x42279730)
    at /home/archer/php-5.0.0b4/Zend/zend_execute.c:2671
#11 0x08205625 in zend_do_fcall_by_name_handler (execute_data=0xb4bcd4c0, opline=0x42285684, op_array=0x42279730)
    at /home/archer/php-5.0.0b4/Zend/zend_execute.c:2753

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-03-15 09:57 UTC] sniper@php.net 
With HEAD today:

#0  0x4061e6af in tolower () from /lib/i686/libc.so.6
#1  0x0834ebd9 in zend_str_tolower_copy (dest=0xbf800060 "", source=0x40e44884 "rah", length=3)
    at /usr/src/web/php/php5/Zend/zend_operators.c:1732
#2  0x0834673e in zend_lookup_class (name=0x40e44884 "rah", name_length=3, ce=0xbf8000f0)
    at /usr/src/web/php/php5/Zend/zend_execute_API.c:855
#3  0x08347136 in zend_fetch_class (class_name=0x40e44884 "rah", class_name_len=3, fetch_type=0)
    at /usr/src/web/php/php5/Zend/zend_execute_API.c:1231
#4  0x083778f4 in zend_fetch_class_handler (execute_data=0xbf8001c0, opline=0x40e456c8, op_array=0x40e44660)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2388
#5  0x083747f8 in execute (op_array=0x40e44660) at /usr/src/web/php/php5/Zend/zend_execute.c:1339
#6  0x08378570 in zend_do_fcall_common_helper (execute_data=0xbf800310, opline=0x40e44140, op_array=0x40e453a8)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2677
#7  0x08378a19 in zend_do_fcall_by_name_handler (execute_data=0xbf800310, opline=0x40e44140, op_array=0x40e453a8)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2759
#8  0x083747f8 in execute (op_array=0x40e453a8) at /usr/src/web/php/php5/Zend/zend_execute.c:1339
#9  0x08378570 in zend_do_fcall_common_helper (execute_data=0xbf800460, opline=0x40e457f8, op_array=0x40e44660)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2677
#10 0x08378a19 in zend_do_fcall_by_name_handler (execute_data=0xbf800460, opline=0x40e457f8, op_array=0x40e44660)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2759
#11 0x083747f8 in execute (op_array=0x40e44660) at /usr/src/web/php/php5/Zend/zend_execute.c:1339
#12 0x08378570 in zend_do_fcall_common_helper (execute_data=0xbf8005b0, opline=0x40e44140, op_array=0x40e453a8)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2677
#13 0x08378a19 in zend_do_fcall_by_name_handler (execute_data=0xbf8005b0, opline=0x40e44140, op_array=0x40e453a8)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2759
 [2004-03-15 10:25 UTC] sniper@php.net 
Infinite recursion -> stack corrupted. (bogus, don't do stuff like this :)
 [2004-03-15 20:17 UTC] keith at aphore dot com 
This is not bogus .

yes i know this shouldn't be done , but the point is , it should error, not segfault :)

Broken code != Broken engine.

Regardless of how the bad the Code is , PHP should be able to handle it correctly .
 [2004-03-16 03:19 UTC] derick@php.net 
Might be, but we are not going to fix this. It was brought up numerous times on the mailinglist AND in the bug system, but it is quite impossible to guard for this in an efficient way.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri Jul 04 14:01:35 2025 UTC