php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #31233 Autoload Interceptor causing unexplained instability
Submitted: 2004-12-21 22:59 UTC Modified: 2005-03-12 01:00 UTC
From: smclean at gmail dot com Assigned:
Status: No Feedback Package: Scripting Engine problem
PHP Version: 5.0.3 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: smclean at gmail dot com
New email:
PHP Version: OS:

 

 [2004-12-21 22:59 UTC] smclean at gmail dot com
Description:
------------
Under special circumstances the autoload interceptor seems to cause instability. 

All instances of this crash I have been able to reproduce involve triggering the autoload interceptor by unserializing objects of undefined classes, with custom error handling configured.  By either disabling the error handling, the autoload interceptor, or not unserializing the object, the crash is prevented.  I titles this bug 'Autoload interceptor causing ...' because the crash always occurs within the autoload interceptor itself or soon after.

In the given example, the actual crash occurs when attempting to simply cast a GET variable to a bool and print it, but if you change the parameters of the test, the crash can occur in a multitude of other places, including within the autoload interceptor itself (this is the location of the crash when I originally discovered it, but the reproducing scripts I created caused it to crash elsewhere).  

I attempted to generate a gdb backtrace, but unfortunately --enable-debug seemed to prevent the crash from occuring.  I was able to duplicate this bug on three different Linux machines, each running php 5.0.3 on Slackware 10. 


Reproduce code:
---------------
Download the following tarball:

http://pio.longstair.com/misc/crash.tgz

Execute: 

tar zxvf crash.tgz
cd crash-2.0
php runme2.php

Explanation: 

runme2.php loads custom error handling and an autoload interceptor include.  It then attempts to unserialize a serialized undefined object, and print it out.  This succeeds, but the environment becomes unstable, and a simple boolean cast segfaults it.

runme1.php simply generates the serialized object string used in runme2.php


Expected result:
----------------
Normal program termination

Actual result:
--------------
Segmentation Violation

GDB:

Program received signal SIGSEGV, Segmentation fault.
zend_error (type=2056, format=0x21fd3500 <Address 0x21fd3500 out of bounds>)
    at /home/sean/instball/php-5.0.3/Zend/zend.c:985
985                                             if (Z_TYPE_P(retval) == IS_BOOL && Z_LVAL_P(retval) == 0) {


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-02-28 21:04 UTC] sniper@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip


 [2005-03-12 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 10:01:26 2024 UTC