php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #32852 Crash with singleton and __destruct when zend.ze1_compatibility_mode = On
Submitted: 2005-04-27 12:44 UTC Modified: 2005-07-11 01:00 UTC
Votes:10
Avg. Score:4.4 ± 0.9
Reproduced:9 of 9 (100.0%)
Same Version:7 (77.8%)
Same OS:8 (88.9%)
From: cox at idecnet dot com Assigned: dmitry
Status: No Feedback Package: Scripting Engine problem
PHP Version: 5CVS-2005-04-29 OS: *
Private report: No CVE-ID:
Have you experienced this issue?
Rate the importance of this bug to you:

 [2005-04-27 12:44 UTC] cox at idecnet dot com
Description:
------------
Crash with singleton() and __destruct(), see below.

Tomas V.V.Cox

Reproduce code:
---------------
<?php
class crashme {
    private static $instance = null;

    public function __construct() {
        self::$instance = $this;
    }

    public function __destruct() {
        echo "i'm called\n";
    }

    public static function singleton() {
        if (!isset(self::$instance)) {
            self::$instance = new crashme();
        }
        return self::$instance;
    }
}

crashme::singleton();
?>

Expected result:
----------------
i'm called

Actual result:
--------------
i'm called
i'm called
Segmentation fault (core dumped)


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-04-27 14:10 UTC] cox at idecnet dot com
I'm not very expert on gdb usage. Please tell me if you need extra info.

$ gdb /usr/bin/php5.0.5dev core.31085
GNU gdb 6.0-2mdk (Mandrake Linux)
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i586-mandrake-linux-gnu"...Using host libthread_db library "/lib/tls/libthread_db.so.1".
 
Core was generated by `/usr/bin/php5.0.5dev test.php'.
Program terminated with signal 11, Segmentation fault.
 
warning: current_sos: Can't read pathname for load map: Input/output error
 
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /usr/lib/libexpat.so.0...done.
Loaded symbols for /usr/lib/libexpat.so.0
Reading symbols from /usr/lib/libmysqlclient.so.12...done.
Loaded symbols for /usr/lib/libmysqlclient.so.12
Reading symbols from /lib/libz.so.1...done.
Loaded symbols for /lib/libz.so.1
Reading symbols from /lib/tls/libm.so.6...done.
Loaded symbols for /lib/tls/libm.so.6
Reading symbols from /usr/lib/libmhash.so.2...done.
Loaded symbols for /usr/lib/libmhash.so.2
Reading symbols from /usr/lib/libmcrypt.so.4...done.
Loaded symbols for /usr/lib/libmcrypt.so.4
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /usr/lib/libltdl.so.3...done.
Loaded symbols for /usr/lib/libltdl.so.3
Reading symbols from /lib/libpam.so.0...done.
Loaded symbols for /lib/libpam.so.0
Reading symbols from /usr/lib/libfreetype.so.6...done.
Loaded symbols for /usr/lib/libfreetype.so.6
Reading symbols from /usr/lib/libpng.so.3...done.
Loaded symbols for /usr/lib/libpng.so.3
Reading symbols from /usr/lib/libjpeg.so.62...done.
Loaded symbols for /usr/lib/libjpeg.so.62
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /usr/lib/libgssapi_krb5.so.2...done.
Loaded symbols for /usr/lib/libgssapi_krb5.so.2
Reading symbols from /usr/lib/libkrb5.so.3...done.
Loaded symbols for /usr/lib/libkrb5.so.3
Reading symbols from /usr/lib/libk5crypto.so.3...done.
Loaded symbols for /usr/lib/libk5crypto.so.3
Reading symbols from /lib/libcom_err.so.2...done.
Loaded symbols for /lib/libcom_err.so.2
Reading symbols from /usr/lib/libssl.so.0.9.7...done.
Loaded symbols for /usr/lib/libssl.so.0.9.7
Reading symbols from /usr/lib/libcrypto.so.0.9.7...done.
Loaded symbols for /usr/lib/libcrypto.so.0.9.7
Reading symbols from /usr/lib/libxml2.so.2...done.
Loaded symbols for /usr/lib/libxml2.so.2
Reading symbols from /lib/tls/libpthread.so.0...done.
Loaded symbols for /lib/tls/libpthread.so.0
Reading symbols from /lib/tls/libc.so.6...done.
Loaded symbols for /lib/tls/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
#0  0x08234e5a in zend_get_class_entry (zobject=0x844556c)
    at /usr/src/php5-STABLE-200504271035/Zend/zend_API.c:204
204             if (Z_OBJ_HT_P(zobject)->get_class_entry) {
(gdb) bt
#0  0x08234e5a in zend_get_class_entry (zobject=0x844556c)
    at /usr/src/php5-STABLE-200504271035/Zend/zend_API.c:204
#1  0x0825c021 in zend_assign_to_variable (result=0x845cefc, op1=0x845cf10,
    op2=0x845cf24, value=0x844556c, type=4, Ts=0xbfffcfb0)
    at /usr/src/php5-STABLE-200504271035/Zend/zend_execute.c:599
#2  0x0825c48f in zend_assign_handler (execute_data=0xbfffd0d0,
    opline=0x845cef8, op_array=0x845b884)
    at /usr/src/php5-STABLE-200504271035/Zend/zend_execute.c:2267
#3  0x082587a6 in execute (op_array=0x845b884)
    at /usr/src/php5-STABLE-200504271035/Zend/zend_execute.c:1411
#4  0x0825d759 in zend_do_fcall_common_helper (execute_data=0xbfffd1f0,
    opline=0x8459b10, op_array=0x84557f4)
    at /usr/src/php5-STABLE-200504271035/Zend/zend_execute.c:2761
#5  0x0825dd20 in zend_do_fcall_by_name_handler (execute_data=0xbfffd1f0,
    opline=0x8459b10, op_array=0x84557f4)
    at /usr/src/php5-STABLE-200504271035/Zend/zend_execute.c:2846
#6  0x082587a6 in execute (op_array=0x84557f4)
    at /usr/src/php5-STABLE-200504271035/Zend/zend_execute.c:1411
#7  0x082346fa in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /usr/src/php5-STABLE-200504271035/Zend/zend.c:1076
#8  0x081f3e9f in php_execute_script (primary_file=0xbffff600)
    at /usr/src/php5-STABLE-200504271035/main/main.c:1638
#9  0x08264ebf in main (argc=2, argv=0xbffff6c4)
    at /usr/src/php5-STABLE-200504271035/sapi/cli/php_cli.c:946
(gdb) frame 3
#3  0x082587a6 in execute (op_array=0x845b884)
    at /usr/src/php5-STABLE-200504271035/Zend/zend_execute.c:1411
1411                    if (EX(opline)->handler(&execute_data, EX(opline), op_array TSRMLS_CC)) {
(gdb) print (char *)(executor_globals.function_state_ptr->function)->common.function_name
$1 = 0x845b76c "singleton"
(gdb) print (char *)executor_globals.active_op_array->function_name
$2 = 0x845b76c "singleton"
 [2005-04-27 14:41 UTC] sniper@php.net
For some reason it doesn't crash for me..did you use --enable-debug ?

 [2005-04-27 16:52 UTC] cox at idecnet dot com
Versions and compile options for the two that crashes for me. In case it says something for you, if I remove the __destructor() function the code works good (also you see in the output this function is being called twice).

5.0.4
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

PHP 5.0.4 (cli) (built: Apr 27 2005 11:48:13)
Configure Command =>  './configure' '--prefix=/usr' '--with-config-file-path=/etc/php5' '--with-xml' '--with-zlib' '--with-gd' '--enable-gd-native-ttf' '--with-freetype-dir' '--with-png-dir' '--with-jpeg-dir' '--disable-pear' '--with-mysql=/usr' '--with-imap=/usr/include/imap' '--with-imap-ssl' '--with-kerberos' '--with-gettext' '--enable-ftp' '--with-dom' '--with-mhash' '--with-mcrypt' '--enable-cli' '--enable-sockets' '--enable-sigchild' '--enable-pcntl' '--enable-shmop' '--enable-posix' '--enable-bcmath' '--with-xmlrpc' '--with-mime-magic' '--disable-cgi'

5.0.5 Snapshot Stable
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

PHP 5.0.5-dev (cli) (built: Apr 27 2005 13:47:32) (DEBUG)
Configure Command =>  './configure' '--prefix=/usr' '--with-config-file-path=/etc/php5' '--with-xml' '--with-zlib' '--with-gd' '--enable-gd-native-ttf' '--with-freetype-dir' '--with-png-dir' '--with-jpeg-dir' '--disable-pear' '--with-mysql=/usr' '--with-imap=/usr/include/imap' '--with-imap-ssl' '--with-kerberos' '--with-gettext' '--enable-ftp' '--with-dom' '--with-mhash' '--with-mcrypt' '--enable-cli' '--enable-sockets' '--enable-sigchild' '--enable-pcntl' '--enable-shmop' '--enable-posix' '--enable-bcmath' '--with-xmlrpc' '--with-mime-magic' '--disable-cgi' '--enable-debug'
 [2005-04-27 23:25 UTC] tony2001@php.net
Still works fine here.
Both with HEAD and 5.0.x.
 [2005-04-28 00:25 UTC] sniper@php.net
If you configure with --enable-debug (rm config.cache && ./configure + your options + --enable-debug && make clean && make) does it still crash? Are you sure you ARE using the latest CVS? (the snapshots might not be updated again..)

 [2005-04-28 10:53 UTC] cox at idecnet dot com
With today's CVS (5.1), it does not crash. But the output is:

Output:
i'm called
i'm called
i'm called
i'm called

The __destruct() function is called 4 times.

With php5-STABLE-200504271035 (5.0.5dev):
$ make distclean
$ ./configure \
--prefix=/usr \
--with-config-file-path=/etc/php5 \
--enable-cli \
--disable-cgi \
--disable-pear \
--enable-debug

Still the same output and same crash.
 [2005-04-28 13:52 UTC] sniper@php.net
I still can't reproduce this. I get same result with both HEAD and PHP_5_0 branches and also with the snapshot.

Does it give same result if you make sure you don't load any php.ini: sapi/cli/php -n file.php
What bison version do you have installed?
What compiler (and version) ?

 [2005-04-28 16:03 UTC] cox at idecnet dot com
Not using my php.ini doesn't crash in 5.0.4, 5.0.5dev or 5.1cvs and the output match the expected.

So investigating my modified settings from the original php.ini-dist, I've found that ze1_compat generates the problem:

zend.ze1_compatibility_mode = On

(turning it Off does not crash, well, afterall it's php5 only syntax).

The other requested data:

gcc-3.4.1
bison-1.875
glibc-2.3.3
 [2005-04-29 03:29 UTC] sniper@php.net
Dmitry, if you have time, can you look into these reports with problems with zend.ze1_compatibility_mode?

Some of them happen with only PHP_5_0 and some with both it and HEAD. Here's list (this bug excluded):

bug #30332
bug #31828
bug #32080


 [2005-04-29 09:05 UTC] dmitry@php.net
Fixed in CVS HEAD and PHP_5_0.
 [2005-07-01 11:42 UTC] sniper@php.net
Now I get this crash with Zend/tests/bug32852.phpt:

(gdb) bt
#0  add_stack_frame (zdata=0xbfff8440, op_array=0x99d121c, type=1) at /usr/src/xdebug-cvs/xdebug.c:885
#1  0x00f805bd in xdebug_execute (op_array=0x99d121c) at /usr/src/xdebug-cvs/xdebug.c:1123
#2  0x0818a75a in zend_call_function (fci=0xbfff8540, fci_cache=0xbfff8500) at /usr/src/php5/Zend/zend_execute_API.c:855
#3  0x081a6c40 in zend_call_method (object_pp=0xbfff85ec, obj_ce=0x99d0874, fn_proxy=0x99d094c, function_name=0x825a5bb "__destruct", function_name_len=10, 
    retval_ptr_ptr=0x0, param_count=0, arg1=0x0, arg2=0x0) at /usr/src/php5/Zend/zend_interfaces.c:87
#4  0x081abc4f in zend_objects_destroy_object (object=0x99d004c, handle=1) at /usr/src/php5/Zend/zend_objects.c:78
#5  0x081ae6d8 in zend_objects_store_del_ref (zobject=0x99d000c) at /usr/src/php5/Zend/zend_objects_API.c:155
#6  0x08193dd8 in _zval_dtor_func (zvalue=0x99d000c, __zend_filename=0x8257204 "/usr/src/php5/Zend/zend_variables.h", __zend_lineno=35)
    at /usr/src/php5/Zend/zend_variables.c:52
#7  0x08188d11 in _zval_dtor (zvalue=0x99d000c, __zend_filename=0x82571b0 "/usr/src/php5/Zend/zend_execute_API.c", __zend_lineno=386) at zend_variables.h:35
#8  0x08188ec4 in _zval_ptr_dtor (zval_ptr=0xbfff875c, __zend_filename=0x825bf80 "/usr/src/php5/Zend/zend_vm_execute.h", __zend_lineno=222)
    at /usr/src/php5/Zend/zend_execute_API.c:386
#9  0x081bbbe2 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfff8780) at zend_vm_execute.h:222
#10 0x081bc223 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbfff8780) at zend_vm_execute.h:299
#11 0x081bb69b in execute (op_array=0x99cb15c) at zend_vm_execute.h:87
#12 0x00f8072c in xdebug_execute (op_array=0x99cb15c) at /usr/src/xdebug-cvs/xdebug.c:1158
#13 0x08195c59 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/php5/Zend/zend.c:1087
#14 0x0815512b in php_execute_script (primary_file=0xbfffac10) at /usr/src/php5/main/main.c:1671
#15 0x08200287 in main (argc=4, argv=0xbffface4) at /usr/src/php5/sapi/cli/php_cli.c:1039

 [2005-07-03 12:44 UTC] dmitry@php.net
I assume this is xdebug bug. I don't see any problems without it.
 [2005-07-11 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Mon Apr 21 10:02:10 2014 UTC