php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #33966 wrong use of reflectionproperty causes a segfault
Submitted: 2005-08-02 14:23 UTC Modified: 2005-09-17 01:53 UTC
From: derick@php.net Assigned: helly
Status: Closed Package: Class/Object related
PHP Version: 5CVS-2005-08-02 OS: *
Private report: No CVE-ID:
 [2005-08-02 14:23 UTC] derick@php.net
Description:
------------
When (ab)using the ReflectionProperty class' methods as static, it segfaults.

Reproduce code:
---------------
<?php
class Base
{
    public $x = 1;

    function __get($name)
    {
        if ( !ReflectionProperty::isPublic() ) {
            /* throw error */
        }
    }
}

$b = new Base();
echo $b->foo;
?>


Actual result:
--------------
0x083c2bdb in _property_check_flag (ht=0, return_value=0x878cfd4,
    return_value_ptr=0x0, this_ptr=0x878c714, return_value_used=1, mask=256)
    at /dat/dev/php/php-5.1dev/Zend/zend_reflection_api.c:3359
3359            RETURN_BOOL(ref->prop->flags & mask);
(gdb) bt
#0  0x083c2bdb in _property_check_flag (ht=0, return_value=0x878cfd4,
    return_value_ptr=0x0, this_ptr=0x878c714, return_value_used=1, mask=256)
    at /dat/dev/php/php-5.1dev/Zend/zend_reflection_api.c:3359
#1  0x083c2c24 in zif_reflection_property_isPublic (ht=0,
    return_value=0x878cfd4, return_value_ptr=0x0, this_ptr=0x878c714,
    return_value_used=1)
    at /dat/dev/php/php-5.1dev/Zend/zend_reflection_api.c:3366
#2  0x083c6309 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffd090)
    at zend_vm_execute.h:184
#3  0x083c692d in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbfffd090)
    at zend_vm_execute.h:299
#4  0x083c5f8a in execute (op_array=0x878dd34) at zend_vm_execute.h:87
#5  0x0838edc6 in zend_call_function (fci=0xbfffd260, fci_cache=0xbfffd220)
    at /dat/dev/php/php-5.1dev/Zend/zend_execute_API.c:871
#6  0x083aee9d in zend_call_method (object_pp=0xbfffd2f0, obj_ce=0x878c36c,
    fn_proxy=0x878c44c, function_name=0x85cfd54 "__get", function_name_len=5,
    retval_ptr_ptr=0xbfffd2e4, param_count=1, arg1=0x878cea4, arg2=0x0)
    at /dat/dev/php/php-5.1dev/Zend/zend_interfaces.c:87
#7  0x083b4e26 in zend_std_call_getter (object=0x878c714, member=0x878cea4)
    at /dat/dev/php/php-5.1dev/Zend/zend_object_handlers.c:72
#8  0x083b576e in zend_std_read_property (object=0x878c714, member=0x878b148,
    type=0) at /dat/dev/php/php-5.1dev/Zend/zend_object_handlers.c:305
#9  0x083ff3f9 in zend_fetch_property_address_read_helper_SPEC_CV_CONST (
    type=0, execute_data=0xbfffd440) at zend_vm_execute.h:20491
#10 0x083ff510 in ZEND_FETCH_OBJ_R_SPEC_CV_CONST_HANDLER (
    execute_data=0xbfffd440) at zend_vm_execute.h:20513
#11 0x083c5f8a in execute (op_array=0x8786de4) at zend_vm_execute.h:87
#12 0x0839b2fb in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /dat/dev/php/php-5.1dev/Zend/zend.c:1087
#13 0x08350fc4 in php_execute_script (primary_file=0xbffff8b0)
    at /dat/dev/php/php-5.1dev/main/main.c:1672
#14 0x0841325c in main (argc=1, argv=0xbffff994)
    at /dat/dev/php/php-5.1dev/sapi/cli/php_cli.c:1039
(gdb) print *ref
Cannot access memory at address 0x2a8fcc84


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-08-02 20:52 UTC] tony2001@php.net
This happens because METHOD_NOTSTATIC just checks this_ptr presence and doesn't check it's class entry.
So I'd propose this patch:
http://tony2001.phpclub.net/dev/tmp/bug33966.diff
 [2005-09-17 01:53 UTC] tony2001@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 16 10:02:09 2014 UTC