|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #31106 4.3.10 - crashes with overloaded objects
Submitted: 2004-12-16 01:36 UTC Modified: 2004-12-24 07:29 UTC
Avg. Score:5.0 ± 0.0
Reproduced:10 of 10 (100.0%)
Same Version:8 (80.0%)
Same OS:7 (70.0%)
From: alan at akbkhome dot com Assigned: stas (profile)
Status: Closed Package: Reproducible crash
PHP Version: 4.3.10 OS: linux
Private report: No CVE-ID: None
 [2004-12-16 01:36 UTC] alan at akbkhome dot com


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2004-12-16 08:04 UTC] alan at akbkhome dot com
This fixes it.

--- zend_execute.c      2004-12-16 15:18:16.000000000 +0800
+++ zend_execute.c.fixed        2004-12-16 15:18:28.000000000 +0800
@@ -996,7 +996,6 @@
-       PZVAL_UNLOCK(T->;
 [2004-12-16 08:12 UTC]
change title to be more precise..
 [2004-12-16 09:57 UTC]
Actually both changes in this commit cause big problems with overloaded objects

removing 1st fixes crashes
removing 2nd fixes object properties getting destroyed/lost? when calling methods of overloaded objects.
 [2004-12-17 11:23 UTC]
Can you provide some example of the code that crashes? Of course I'd prefer the code that I could run, so that I can check what's the problem.

Removing unlock won't do good - it would just cause a memory leak.
 [2004-12-17 13:00 UTC]
I'll try and get a test case done over the weekend..

should be quite simple - create a overloaded object (with __call) - and assign some vars's then set it so something else.. (based on a rough guess)..

The real code is a bit to complex for a simple test case - but it broke both my devel servers. ;)
 [2004-12-17 17:58 UTC] alan at akbkhome dot com
nice simple test case .. - causes segfault

class DBO {
   function factory() {
        $x = new DBO;
        return $x;
   var $x;
   function w($s) {
        $this->x = $s;
   function __call($a,$b,&$c) {
        echo "$a";
        return FALSE;

$a = DBO::factory();
$a->bbb = 0;
 [2004-12-18 03:10 UTC]
nope - it affects cgi/cli/apache/apache2 all the same - segfault..
'connection lost' is the end user experience of the apache process segfaulting.
 [2004-12-21 11:38 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

Thanks for the test case. I believe I have fixed it.
 [2004-12-24 07:29 UTC]
Yeap - confirmed - this is fixed
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC