php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #36006 Problem with $this in __destruct()
Submitted: 2006-01-14 01:13 UTC Modified: 2006-01-16 11:13 UTC
From: php_nospam at ramihyn dot sytes dot net Assigned: dmitry
Status: Closed Package: Scripting Engine problem
PHP Version: 5.1.2 OS: Windows, Debian Sarge
Private report: No CVE-ID:
 [2006-01-14 01:13 UTC] php_nospam at ramihyn dot sytes dot net
Description:
------------
segfault caused by setting properties to null in __destruct()

Reproduce code:
---------------
<?php

class Person {
	public $dad;
	public function __destruct() {
		$this->dad = null; /* no segfault if this is commented out */
	}
}

class Dad extends Person {
	public $son;
	public function __construct() {
		$this->son = new Person;
		$this->son->dad = $this; /* no segfault if this is commented out */
	}
	public function __destruct() {
		$this->son = null;
		parent::__destruct(); /* segfault here */
	}
}

$o = new Dad;
unset($o);

?>

Expected result:
----------------
No segfault

Actual result:
--------------
PHP crashes due to a segfault (crashes apache worker thread when running as apache module)


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-01-14 01:19 UTC] tony2001@php.net
Dmitry, please check it out.
Looks like a chicken-and-egg problem to me.
 [2006-01-14 01:34 UTC] php_nospam at ramihyn dot sytes dot net
Verified this bug with all 5.0.x and 5.1.x versions on both OS (except 5.1.2 on Debian; currently compiling for a backtrace)
 [2006-01-14 01:54 UTC] php_nospam at ramihyn dot sytes dot net
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1078044800 (LWP 21090)]
zend_std_write_property (object=0xbfffefe0, member=0x860ed50, value=0x860424c)
    at /usr/src/php-5.1.2/Zend/zend_object_handlers.c:374
374             property_info = zend_get_property_info(zobj->ce, member, (zobj->ce->__set != NULL) TSRMLS_CC);
(gdb) bt
#0  zend_std_write_property (object=0xbfffefe0, member=0x860ed50, value=0x860424c)
    at /usr/src/php-5.1.2/Zend/zend_object_handlers.c:374
#1  0x082e2e5a in zend_assign_to_object (result=0x860ed24, object_ptr=0x8524c5c, op2=0x2, value_op=0x860ed84, Ts=0xbfffec9c,
    opcode=136) at /usr/src/php-5.1.2/Zend/zend_execute.c:607
#2  0x082bdfc9 in ZEND_ASSIGN_OBJ_SPEC_UNUSED_CONST_HANDLER (execute_data=0xbfffecd0) at zend_vm_execute.h:14644
#3  0x08299068 in execute (op_array=0x8610024) at zend_vm_execute.h:92
#4  0x08299531 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffede0) at zend_vm_execute.h:226
#5  0x08299068 in execute (op_array=0x860f474) at zend_vm_execute.h:92
#6  0x08276439 in zend_call_function (fci=0xbfffef50, fci_cache=0xbfffef30) at /usr/src/php-5.1.2/Zend/zend_execute_API.c:907
#7  0x082906e1 in zend_call_method (object_pp=0xbfffefdc, obj_ce=0x860ee64, fn_proxy=0x860ef54,
    function_name=0x8481e5f "__destruct", function_name_len=10, retval_ptr_ptr=0x0, param_count=2, arg1=0x0, arg2=0x0)
    at /usr/src/php-5.1.2/Zend/zend_interfaces.c:88
#8  0x08294cc9 in zend_objects_destroy_object (object=0x860eba4, handle=2) at /usr/src/php-5.1.2/Zend/zend_objects.c:78
#9  0x0829758d in zend_objects_store_call_destructors (objects=0x8524d1c) at /usr/src/php-5.1.2/Zend/zend_objects_API.c:55
#10 0x08275105 in shutdown_destructors () at /usr/src/php-5.1.2/Zend/zend_execute_API.c:191
#11 0x0827f9ca in zend_call_destructors () at /usr/src/php-5.1.2/Zend/zend.c:831
#12 0x082459c4 in php_request_shutdown (dummy=0x0) at /usr/src/php-5.1.2/main/main.c:1253
#13 0x082e4b20 in main (argc=2, argv=0xbffffae4) at /usr/src/php-5.1.2/sapi/cli/php_cli.c:1230
 [2006-01-16 11:13 UTC] dmitry@php.net
Fixed in CVS HEAD, PHP_5_1 and PHP_5_0.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 17 09:02:29 2014 UTC