php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #31106 4.3.10 - crashes with overloaded objects
Submitted: 2004-12-16 01:36 UTC Modified: 2004-12-24 07:29 UTC
Votes:10
Avg. Score:5.0 ± 0.0
Reproduced:10 of 10 (100.0%)
Same Version:8 (80.0%)
Same OS:7 (70.0%)
From: alan at akbkhome dot com Assigned: stas
Status: Closed Package: Reproducible crash
PHP Version: 4.3.10 OS: linux
Private report: No CVE-ID:
 [2004-12-16 01:36 UTC] alan at akbkhome dot com

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-12-16 08:04 UTC] alan at akbkhome dot com
This fixes it.

--- zend_execute.c      2004-12-16 15:18:16.000000000 +0800
+++ zend_execute.c.fixed        2004-12-16 15:18:28.000000000 +0800
@@ -996,7 +996,6 @@
        }
        zend_llist_destroy(T->EA.data.overloaded_element.elements_list);
        efree(T->EA.data.overloaded_element.elements_list);
-       PZVAL_UNLOCK(T->EA.data.overloaded_element.object);
 }
 [2004-12-16 08:12 UTC] alan_k@php.net
change title to be more precise..
 [2004-12-16 09:57 UTC] alan_k@php.net
Actually both changes in this commit cause big problems with overloaded objects

http://cvs.php.net/diff.php/Zend/Attic/zend_execute.c?sa=1&r1=1.316.2.41&r2=1.316.2.42&ty=u

removing 1st fixes crashes
removing 2nd fixes object properties getting destroyed/lost? when calling methods of overloaded objects.
 [2004-12-17 11:23 UTC] stas@php.net
Can you provide some example of the code that crashes? Of course I'd prefer the code that I could run, so that I can check what's the problem.

Removing unlock won't do good - it would just cause a memory leak.
 [2004-12-17 13:00 UTC] alan_k@php.net
I'll try and get a test case done over the weekend..

should be quite simple - create a overloaded object (with __call) - and assign some vars's then set it so something else.. (based on a rough guess)..

The real code is a bit to complex for a simple test case - but it broke both my devel servers. ;)
 [2004-12-17 17:58 UTC] alan at akbkhome dot com
nice simple test case .. - causes segfault

<?php
class DBO {
   function factory() {
        $x = new DBO;
        return $x;
   }
   var $x;
   function w($s) {
        $this->x = $s;
   }
   function __call($a,$b,&$c) {
        echo "$a";
        return FALSE;
   }
}
overload('DBO');

$a = DBO::factory();
$a->w('test');
$a->bbb = 0;
 [2004-12-18 03:10 UTC] alan_k@php.net
nope - it affects cgi/cli/apache/apache2 all the same - segfault..
'connection lost' is the end user experience of the apache process segfaulting.
 [2004-12-21 11:38 UTC] stas@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Thanks for the test case. I believe I have fixed it.
 [2004-12-24 07:29 UTC] alan_k@php.net
Yeap - confirmed - this is fixed
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 16 13:02:46 2014 UTC