|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #31233 Autoload Interceptor causing unexplained instability
Submitted: 2004-12-21 22:59 UTC Modified: 2005-03-12 01:00 UTC
From: smclean at gmail dot com Assigned:
Status: No Feedback Package: Scripting Engine problem
PHP Version: 5.0.3 OS: Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2004-12-21 22:59 UTC] smclean at gmail dot com
Under special circumstances the autoload interceptor seems to cause instability. 

All instances of this crash I have been able to reproduce involve triggering the autoload interceptor by unserializing objects of undefined classes, with custom error handling configured.  By either disabling the error handling, the autoload interceptor, or not unserializing the object, the crash is prevented.  I titles this bug 'Autoload interceptor causing ...' because the crash always occurs within the autoload interceptor itself or soon after.

In the given example, the actual crash occurs when attempting to simply cast a GET variable to a bool and print it, but if you change the parameters of the test, the crash can occur in a multitude of other places, including within the autoload interceptor itself (this is the location of the crash when I originally discovered it, but the reproducing scripts I created caused it to crash elsewhere).  

I attempted to generate a gdb backtrace, but unfortunately --enable-debug seemed to prevent the crash from occuring.  I was able to duplicate this bug on three different Linux machines, each running php 5.0.3 on Slackware 10. 

Reproduce code:
Download the following tarball:


tar zxvf crash.tgz
cd crash-2.0
php runme2.php


runme2.php loads custom error handling and an autoload interceptor include.  It then attempts to unserialize a serialized undefined object, and print it out.  This succeeds, but the environment becomes unstable, and a simple boolean cast segfaults it.

runme1.php simply generates the serialized object string used in runme2.php

Expected result:
Normal program termination

Actual result:
Segmentation Violation


Program received signal SIGSEGV, Segmentation fault.
zend_error (type=2056, format=0x21fd3500 <Address 0x21fd3500 out of bounds>)
    at /home/sean/instball/php-5.0.3/Zend/zend.c:985
985                                             if (Z_TYPE_P(retval) == IS_BOOL && Z_LVAL_P(retval) == 0) {


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2005-02-28 21:04 UTC]
Please try using this CVS snapshot:
For Windows:

 [2005-03-12 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Tue Sep 27 20:03:57 2022 UTC