php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #32686 Require/include file in destructor causes segfault
Submitted: 2005-04-12 19:08 UTC Modified: 2005-04-24 16:49 UTC
Votes:3
Avg. Score:4.3 ± 0.5
Reproduced:3 of 3 (100.0%)
Same Version:1 (33.3%)
Same OS:0 (0.0%)
From: spam at cimmanon dot org Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 5.0.* OS: *
Private report: No CVE-ID: None
 [2005-04-12 19:08 UTC] spam at cimmanon dot org
Description:
------------
Including a file inside the destructor of a class causes Apache to segfault, if the file is attempting to print properties of the object.  This did not happen in 5.0.3 (stable).

The problem seems to be in the included file itself.  Setting and printing local variables seems to work just fine, it's the printing of the object's properties that causes the segfault.

Reproduce code:
---------------
<?
/* main script */
class a {
	var $foo = '';
	var $bar = '';
	
	function __construct() {
		$this->foo = 5;
		$this->bar = 'boo';
	}

	function __destruct() {
		print $this->bar;
		include('include.php');
	}
}

$test = new a;
?>

<?
/* include.php */
print $this->foo;
?>

Expected result:
----------------
This should print "boo", then "5".

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x09d63402 in yy_push_state (new_state=6) at
Zend/zend_language_scanner.c:5990 5990           
yy_start_stack[yy_start_stack_ptr++] = YY_START;(gdb) bt
#0  0x09d63402 in yy_push_state (new_state=6) at
Zend/zend_language_scanner.c:5990#1  0x09d6025f in lex_scan
(zendlval=0xcfbf40c4) at Zend/zend_language_scanner.c:4021#2  
0x09d6d975
in zendlex (zendlval=0xcfbf40c0)    at
/usr/ports/www/php5/core/w-php5-core-5.0.4/php-5.0.4/Zend/
zend_compile.
c:3688#3  0x09d5effd in zendparse () at Zend/
zend_language_parser.c:2221
#4  0x09d5f4a2 in compile_file (file_handle=<incomplete type>,
 type=2)
    at Zend/zend_language_scanner.c:3157
#5  0x09d5f632 in compile_filename (type=2, 
filename=0x3c147324) at
Zend/zend_language_scanner.c:3202#6  0x09da0dad in
zend_include_or_eval_handler (execute_data=0xcfbf4310,
opline=0x3c147308,     op_array=0x3c082f24) at
/usr/ports/www/php5/core/w-php5-core-5.0.4/php-5.0.4/Zend/
zend_execute.
c:3551#7  0x09d9b2ea in execute (op_array=0x3c082f24)
    at
/usr/ports/www/php5/core/w-php5-core-5.0.4/php-5.0.4/Zend/
zend_execute.
c:1406#8  0x09d701b0 in zend_call_function (fci=0xcfbf44b0,
fci_cache=0xcfbf4490)    at
/usr/ports/www/php5/core/w-php5-core-5.0.4/php-5.0.4/Zend/
zend_execute_
API.c:852#9  0x09d890b6 in zend_call_method 
(object_pp=0xcfbf453c,
obj_ce=0x3c111c24, fn_proxy=0x0,     function_name=0x29c61fb6
"__destruct", function_name_len=10, retval_ptr_ptr=0x0, 
param_count=0,  
  arg1=0x0, arg2=0x0) at
/usr/ports/www/php5/core/w-php5-core-5.0.4/php-5.0.4/Zend/
zend_interfac
es.c:86#10 0x09d8cf64 in zend_objects_destroy_object 
(object=0x3c137ce4,
handle=1)    at
/usr/ports/www/php5/core/w-php5-core-5.0.4/php-5.0.4/Zend/
zend_objects.
c:78#11 0x09d8f218 in zend_objects_store_call_destructors
(objects=0x29c874d0)    at
/usr/ports/www/php5/core/w-php5-core-5.0.4/php-5.0.4/Zend/
zend_objects_
API.c:54#12 0x09d6ecbd in shutdown_executor ()
    at
/usr/ports/www/php5/core/w-php5-core-5.0.4/php-5.0.4/Zend/
zend_execute_
API.c:207#13 0x09d79ede in zend_deactivate ()
    at
/usr/ports/www/php5/core/w-php5-core-5.0.4/php-5.0.4/Zend/
zend.c:817#14
0x09d40077 in php_request_shutdown (dummy=0x0)    at
/usr/ports/www/php5/core/w-php5-core-5.0.4/php-5.0.4/main/
main.c:1216#15
0x09da5d0a in apache_php_module_main (r=0x3c07b034,
display_source_mode=0)    at
/usr/ports/www/php5/core/w-php5-core-5.0.4/php-5.0.4/sapi/
apache/sapi_a
pache.c:60#16 0x09da679e in send_php (r=0x3c07b034,
display_source_mode=0, filename=0x0)    at
/usr/ports/www/php5/core/w-php5-core-5.0.4/php-5.0.4/sapi/
apache/mod_ph
p5.c:622#17 0x09da6932 in send_parsed_php (r=0x3c07b034)
    at
/usr/ports/www/php5/core/w-php5-core-5.0.4/php-5.0.4/sapi/
apache/mod_ph
p5.c:637#18 0x1c036732 in ap_invoke_handler ()
---Type <return> to continue, or q <return> to quit---
#19 0x1c046e57 in ap_some_auth_required ()
#20 0x1c047007 in ap_process_request ()
#21 0xcfbf4bb0 in ?? ()
#22 0x00000003 in ?? ()
#23 0x3c07b034 in ?? ()
#24 0x3c07b034 in ?? ()
#25 0x3c078044 in ?? ()
#26 0xcfbf4be8 in ?? ()
#27 0x1c03fdbd in ap_child_terminate ()

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-04-22 14:44 UTC] sniper@php.net
I can not reproduce this with latest CVS HEAD.

 [2005-04-22 15:05 UTC] sniper@php.net
This patch fixes it:
http://www.php.net/~jani/patches/bug32686.patch

 [2005-04-24 16:49 UTC] sniper@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 08:01:27 2024 UTC