php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #30856 ReflectionClass::getStaticProperties segfaults
Submitted: 2004-11-21 13:53 UTC Modified: 2004-11-24 21:01 UTC
From: nlopess@php.net Assigned: helly
Status: Closed Package: Scripting Engine problem
PHP Version: 5.0.2 OS: *
Private report: No CVE-ID:
 [2004-11-21 13:53 UTC] nlopess@php.net
Description:
------------
When using certain default values for static vars, ReflectionClass::getStaticProperties segfaults

Reproduce code:
---------------
<?
class bogus {
	const C = 'test';
	static $a = bogus::C;
}

$class = new ReflectionClass('bogus');

print_r($class->getStaticProperties());
?>

Actual result:
--------------
(gdb) run bug.php
Starting program: /usr/local/bin/php bug.php
warning: Unable to find dynamic linker breakpoint function.
GDB will be unable to debug shared library initializers
and track explicitly loaded dynamic code.
Array
(
    [a] =>
Program received signal SIGSEGV, Segmentation fault.
0x40341391 in _IO_file_xsputn () from /lib/libc.so.6
(gdb) bt
#0  0x40341391 in _IO_file_xsputn () from /lib/libc.so.6
#1  0x403386d6 in fwrite () from /lib/libc.so.6
#2  0x0826db76 in sapi_cli_ub_write (str=0x0, str_length=8)
    at /cvs/php-src/sapi/cli/php_cli.c:192
#3  0x081ca3cd in php_ub_body_write_no_header (str=0x0, str_length=8)
    at /cvs/php-src/main/output.c:684
#4  0x081c9323 in php_body_write (str=0x0, str_length=8)
    at /cvs/php-src/main/output.c:119
#5  0x081bc8a0 in php_body_write_wrapper (str=0x0, str_length=8)
    at /cvs/php-src/main/main.c:1242
#6  0x081f3fd9 in zend_print_zval_ex (
    write_func=0x81bc880 <php_body_write_wrapper>, expr=0xbfffd260, indent=0)
    at /cvs/php-src/Zend/zend.c:289
#7  0x081f3f68 in zend_print_zval (expr=0x83e59ac, indent=0)
    at /cvs/php-src/Zend/zend.c:270
#8  0x081f398e in zend_print_variable (var=0x83e59ac)
    at /cvs/php-src/Zend/zend_variables.c:150
#9  0x081f41d4 in zend_print_zval_r_ex (
    write_func=0x81bc880 <php_body_write_wrapper>, expr=0x83e59ac, indent=8)
    at /cvs/php-src/Zend/zend.c:391
#10 0x081f4198 in zend_print_zval_r (expr=0x83e59ac, indent=8)
    at /cvs/php-src/Zend/zend.c:346
#11 0x081f3b27 in print_hash (ht=0x83db21c, indent=4, is_object=0 '\0')
    at /cvs/php-src/Zend/zend.c:148
#12 0x081f42df in zend_print_zval_r_ex (
    write_func=0x81bc880 <php_body_write_wrapper>, expr=0x83db1bc, indent=0)
    at /cvs/php-src/Zend/zend.c:360
#13 0x081f4198 in zend_print_zval_r (expr=0x83db1bc, indent=0)
    at /cvs/php-src/Zend/zend.c:346
#14 0x0815f2cc in zif_print_r (ht=1, return_value=0x83db1dc, this_ptr=0x0,
    return_value_used=0) at /cvs/php-src/ext/standard/basic_functions.c:2755
#15 0x0821431b in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffd560)
    at zend_vm_execute.h:155
#16 0x08216f05 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbfffd560)
    at zend_vm_execute.h:1514
#17 0x08213b49 in execute (op_array=0x83e5fec) at zend_vm_execute.h:58
#18 0x081f531a in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /cvs/php-src/Zend/zend.c:1053
#19 0x081bd0cf in php_execute_script (primary_file=0xbffff940)
    at /cvs/php-src/main/main.c:1634
#20 0x0826ebc0 in main (argc=2, argv=0xbffff9d4)
    at /cvs/php-src/sapi/cli/php_cli.c:943

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-11-21 18:41 UTC] helly@php.net
i cannot reproduce or find problems with memcheck
 [2004-11-23 17:15 UTC] nlopess@php.net
I've reproduced this both on linux and windows.
 [2004-11-23 18:37 UTC] tony2001@php.net
#valgrind --skin=memcheck --leak-check=yes ./sapi/cli/php -f /www/index.php
Array
(
    [a] => ==19772== Syscall param write(buf) contains uninitialised or unaddressable byte(s)
==19772==    at 0x40ED6DD8: __libc_write (in /lib/libc-2.3.2.so)
==19772==    by 0x8204696: sapi_cli_single_write (php_cli.c:184)
==19772==    by 0x8202FA8: sapi_cli_ub_write (php_cli.c:205)
==19772==    by 0x8162BB7: php_ub_body_write_no_header (output.c:684)
 [2004-11-23 19:09 UTC] rrichards@php.net
zval type IS_CONSTANT is not handled, so when it gets passed to convert_to_string from zend_make_printable_zval it gets clobbered by the calls to zval_dtor(op); and ZVAL_BOOL(op, 0);. This ultimately causes the segfault. 
 [2004-11-24 21:01 UTC] helly@php.net
Thanks for the info Rob!
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 14:01:50 2014 UTC