php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #27589 When creating a new Object inside another class called by the first , Segfault
Submitted: 2004-03-13 18:19 UTC Modified: 2004-03-16 03:19 UTC
Votes:6
Avg. Score:4.5 ± 0.5
Reproduced:4 of 6 (66.7%)
Same Version:3 (75.0%)
Same OS:3 (75.0%)
From: keith at aphore dot com Assigned:
Status: Wont fix Package: Scripting Engine problem
PHP Version: 5CVS-2004-03-15 OS: *
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: keith at aphore dot com
New email:
PHP Version: OS:

 

 [2004-03-13 18:19 UTC] keith at aphore dot com 
Description:
------------
PHP Segfaults When running the Following Piece of Code .

Yes i know its Bad Code , and you should never do that , but it should at best Error out , not Segfault .

Keith



Reproduce code:
---------------
 class rah {
         function __construct ()
         {
                 $bleh = new bleh();
        }
   }

$rah = new rah;

class bleh {

function __construct()
{
        $rah = new rah();

}
}

Expected result:
----------------
It Should at best Error out , not Segfault !

Actual result:
--------------
output obtained via  

gdb ~/bin/php core.15982

#0  0x081d9788 in zend_lookup_class (name=0x42279fe4 "rah", name_length=3, ce=0xb4bcd034)
    at /home/archer/php-5.0.0b4/Zend/zend_execute_API.c:806
806             zval class_name, *class_name_ptr = &class_name;
(gdb) bt
#0  0x081d9788 in zend_lookup_class (name=0x42279fe4 "rah", name_length=3, ce=0xb4bcd034)
    at /home/archer/php-5.0.0b4/Zend/zend_execute_API.c:806
#1  0x081d9fce in zend_fetch_class (class_name=0x42279fe4 "rah", class_name_len=3, fetch_type=0)
    at /home/archer/php-5.0.0b4/Zend/zend_execute_API.c:1195
#2  0x08204723 in zend_fetch_class_handler (execute_data=0xb4bcd100, opline=0x42285838, op_array=0x42279dc0)
    at /home/archer/php-5.0.0b4/Zend/zend_execute.c:2382
#3  0x08201ed6 in execute (op_array=0x42279dc0) at /home/archer/php-5.0.0b4/Zend/zend_execute.c:1339
#4  0x0820521b in zend_do_fcall_common_helper (execute_data=0xb4bcd240, opline=0x42285684, op_array=0x42279730)
    at /home/archer/php-5.0.0b4/Zend/zend_execute.c:2671
#5  0x08205625 in zend_do_fcall_by_name_handler (execute_data=0xb4bcd240, opline=0x42285684, op_array=0x42279730)
    at /home/archer/php-5.0.0b4/Zend/zend_execute.c:2753
#6  0x08201ed6 in execute (op_array=0x42279730) at /home/archer/php-5.0.0b4/Zend/zend_execute.c:1339
#7  0x0820521b in zend_do_fcall_common_helper (execute_data=0xb4bcd380, opline=0x42285968, op_array=0x42279dc0)
    at /home/archer/php-5.0.0b4/Zend/zend_execute.c:2671
#8  0x08205625 in zend_do_fcall_by_name_handler (execute_data=0xb4bcd380, opline=0x42285968, op_array=0x42279dc0)
    at /home/archer/php-5.0.0b4/Zend/zend_execute.c:2753
#9  0x08201ed6 in execute (op_array=0x42279dc0) at /home/archer/php-5.0.0b4/Zend/zend_execute.c:1339
#10 0x0820521b in zend_do_fcall_common_helper (execute_data=0xb4bcd4c0, opline=0x42285684, op_array=0x42279730)
    at /home/archer/php-5.0.0b4/Zend/zend_execute.c:2671
#11 0x08205625 in zend_do_fcall_by_name_handler (execute_data=0xb4bcd4c0, opline=0x42285684, op_array=0x42279730)
    at /home/archer/php-5.0.0b4/Zend/zend_execute.c:2753

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-03-15 09:57 UTC] sniper@php.net 
With HEAD today:

#0  0x4061e6af in tolower () from /lib/i686/libc.so.6
#1  0x0834ebd9 in zend_str_tolower_copy (dest=0xbf800060 "", source=0x40e44884 "rah", length=3)
    at /usr/src/web/php/php5/Zend/zend_operators.c:1732
#2  0x0834673e in zend_lookup_class (name=0x40e44884 "rah", name_length=3, ce=0xbf8000f0)
    at /usr/src/web/php/php5/Zend/zend_execute_API.c:855
#3  0x08347136 in zend_fetch_class (class_name=0x40e44884 "rah", class_name_len=3, fetch_type=0)
    at /usr/src/web/php/php5/Zend/zend_execute_API.c:1231
#4  0x083778f4 in zend_fetch_class_handler (execute_data=0xbf8001c0, opline=0x40e456c8, op_array=0x40e44660)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2388
#5  0x083747f8 in execute (op_array=0x40e44660) at /usr/src/web/php/php5/Zend/zend_execute.c:1339
#6  0x08378570 in zend_do_fcall_common_helper (execute_data=0xbf800310, opline=0x40e44140, op_array=0x40e453a8)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2677
#7  0x08378a19 in zend_do_fcall_by_name_handler (execute_data=0xbf800310, opline=0x40e44140, op_array=0x40e453a8)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2759
#8  0x083747f8 in execute (op_array=0x40e453a8) at /usr/src/web/php/php5/Zend/zend_execute.c:1339
#9  0x08378570 in zend_do_fcall_common_helper (execute_data=0xbf800460, opline=0x40e457f8, op_array=0x40e44660)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2677
#10 0x08378a19 in zend_do_fcall_by_name_handler (execute_data=0xbf800460, opline=0x40e457f8, op_array=0x40e44660)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2759
#11 0x083747f8 in execute (op_array=0x40e44660) at /usr/src/web/php/php5/Zend/zend_execute.c:1339
#12 0x08378570 in zend_do_fcall_common_helper (execute_data=0xbf8005b0, opline=0x40e44140, op_array=0x40e453a8)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2677
#13 0x08378a19 in zend_do_fcall_by_name_handler (execute_data=0xbf8005b0, opline=0x40e44140, op_array=0x40e453a8)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2759
 [2004-03-15 10:25 UTC] sniper@php.net 
Infinite recursion -> stack corrupted. (bogus, don't do stuff like this :)
 [2004-03-15 20:17 UTC] keith at aphore dot com 
This is not bogus .

yes i know this shouldn't be done , but the point is , it should error, not segfault :)

Broken code != Broken engine.

Regardless of how the bad the Code is , PHP should be able to handle it correctly .
 [2004-03-16 03:19 UTC] derick@php.net 
Might be, but we are not going to fix this. It was brought up numerous times on the mailinglist AND in the bug system, but it is quite impossible to guard for this in an efficient way.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue May 14 10:01:33 2024 UTC