php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #30725 PHP segfaults when an exception is thrown in getIterator() within foreach
Submitted: 2004-11-09 00:47 UTC Modified: 2005-01-24 21:05 UTC
Votes:2
Avg. Score:4.5 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: benjcarson at digitaljunkies dot ca Assigned: helly
Status: Closed Package: Reproducible crash
PHP Version: 5.0.3 OS: *
Private report: No CVE-ID:
 [2004-11-09 00:47 UTC] benjcarson at digitaljunkies dot ca
Description:
------------
When an object implementing IteratorAggregate is used within a foreach loop, PHP will segfault if an exception is thrown within getIterator().

Reproduce code:
---------------
<?php

class Iter implements IteratorAggregate {
  function getIterator() {
    throw new Exception('exception');
  }
}

$test = new Iter();
foreach($test as $val)
  echo "foo";

?>

Expected result:
----------------
Fatal error: Uncaught exception 'Exception' with message 'exception' in /home/benj/projects/bugs/spl_foreach.php:5
Stack trace:
#0 {main}
  thrown in /home/benj/projects/bugs/spl_foreach.php on line 5


Actual result:
--------------
Segmentation fault (core dumped)

Here's a backtrace:

#0  zend_user_it_get_new_iterator (ce=0x8515b64, object=0x850622c) at /usr/src/php/php-src/Zend/zend_interfaces.c:273
#1  0x08251d8c in ZEND_FE_RESET_SPEC_CV_HANDLER (execute_data=0xbfffd590) at zend_vm_execute.h:18131
#2  0x0821b448 in execute (op_array=0x851068c) at zend_vm_execute.h:58
#3  0x081f981f in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/php/php-src/Zend/zend.c:1053
#4  0x081bd5bf in php_execute_script (primary_file=0xbffff990) at /usr/src/php/php-src/main/main.c:1634
#5  0x0828704e in main (argc=2, argv=0xbffffa54) at /usr/src/php/php-src/sapi/cli/php_cli.c:943

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-01-24 21:05 UTC] helly@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Mon Apr 21 00:02:04 2014 UTC