php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #31828 Crash with zend.ze1_compatibility_mode=On
Submitted: 2005-02-03 13:25 UTC Modified: 2005-04-29 09:05 UTC
Votes:4
Avg. Score:5.0 ± 0.0
Reproduced:4 of 4 (100.0%)
Same Version:3 (75.0%)
Same OS:3 (75.0%)
From: jon dot williams at namtec dot co dot uk Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 5CVS-2005-02-28 OS: *
Private report: No CVE-ID:
 [2005-02-03 13:25 UTC] jon dot williams at namtec dot co dot uk
Description:
------------
Operating System: Windows 2000 Server
PHP Version: 5.0.3 and binary snapshot 200502030930
Apache versions: 2.0.52 and 1.3.31

I am using running the open source CMS system Mambo with the com_events component.  In some circumstances the code in this component would crash my installation.

After some tracing I narrowed the crash down to a small piece of code whereby the first element in a singleton array is re-assigned to a variable name the same as the originating array(See code example).  

By reassigning the array element to a new different variable name this crash can be avoided.


Reproduce code:
---------------
<?php
$o->id = 77;
$o->name = "Aerospace";
$a[] = $o;
$a = $a[0];
print_r($a);
?>

Expected result:
----------------
stdClass Object ( [id] => 77 [name] => Aerospace ) 

Actual result:
--------------
404 page not found error and Apache logs show a crash where Apache is forced to restart.

In Apache 2
child process exited with status 3221225477 -- Restarting.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-02-03 13:32 UTC] tony2001@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.0-win32-latest.zip

Can't reproduce it under Linux with latest snapshot.
 [2005-02-03 14:14 UTC] jon dot williams at namtec dot co dot uk
Okay, more research - I reverted back to the dist php.ini file and the crash no longer happens.  Regressing through the changes I had made I've discovered that this crash only happens if PHP 4.x compatibility is enabled. i.e.
zend.ze1_compatibility_mode = On
 [2005-02-03 14:21 UTC] tony2001@php.net
Oh, that was really useful hint, thanks.
Here is the bt:

0x0824fc6e in zend_get_class_entry (zobject=0x84d683c) at /home/dev/php-src_5_0/Zend/zend_API.c:204
204             if (Z_OBJ_HT_P(zobject)->get_class_entry) {
(gdb) bt
#0  0x0824fc6e in zend_get_class_entry (zobject=0x84d683c) at /home/dev/php-src_5_0/Zend/zend_API.c:204
#1  0x0827acc1 in zend_assign_to_variable (result=0x84df744, op1=0x84df758, op2=0x84df76c, value=0x84d683c, type=4,
    Ts=0xbfffb310) at /home/dev/php-src_5_0/Zend/zend_execute.c:600
#2  0x0827445d in zend_assign_handler (execute_data=0xbfffd410, opline=0x84df740, op_array=0x84d643c)
    at /home/dev/php-src_5_0/Zend/zend_execute.c:2252
#3  0x082723c8 in execute (op_array=0x84d643c) at /home/dev/php-src_5_0/Zend/zend_execute.c:1406
#4  0x0824f4ff in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/dev/php-src_5_0/Zend/zend.c:1068
#5  0x08210619 in php_execute_script (primary_file=0xbffff810) at /home/dev/php-src_5_0/main/main.c:1630
#6  0x0827dd59 in main (argc=2, argv=0xbffff8a4) at /home/dev/php-src_5_0/sapi/cli/php_cli.c:943
#7  0x420157a4 in __libc_start_main () from /lib/tls/libc.so.6

 [2005-02-28 20:51 UTC] sniper@php.net
See also bug #32080 

 [2005-04-29 09:05 UTC] dmitry@php.net
Fixed in CVS HEAD and PHP_5_0.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 17 03:01:55 2014 UTC