php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #38019 segfault extending mysqli class.
Submitted: 2006-07-05 23:11 UTC Modified: 2006-07-10 10:06 UTC
From: judas dot iscariote at gmail dot com Assigned: dmitry
Status: Closed Package: Reproducible crash
PHP Version: 5CVS-2006-07-05 (CVS) OS: Linux 64 bit
Private report: No CVE-ID:
 [2006-07-05 23:11 UTC] judas dot iscariote at gmail dot com
Description:
------------
the following code segfaults in current PHP 5_2 and PHP 6 CVS in **debug** mode.(just checked from the CVS, no need to try snapshots)

./configure --enable-debug --with-libdir=lib64 --with-mysqli=/usr/bin/mysql_config --with-zlib=/usr --disable-cgi

not sure if this is related with bug #38003..

  	

Reproduce code:
---------------
<?php

class DB extends mysqli {

     private function __construct() {

         echo "bug";

     }

}

$DB = new DB();
?>



Expected result:
----------------
Fatal error: Call to private DB::__construct() from invalid context in /srv/www/htdocs/singleton.php

Actual result:
--------------
Fatal error: Call to private DB::__construct() from invalid context in /srv/www/htdocs/singleton.php on line 13

Program received signal SIGSEGV, Segmentation fault.
0x00000000005dd76a in instanceof_function_ex (instance_ce=0xa289b0, ce=0x9ed4f0, interfaces_only=0 '\0')
    at /local/local/bodegon/php-debug/Zend/zend_operators.c:1600
1600                    if (instanceof_function(instance_ce->interfaces[i], ce TSRMLS_CC)) {
(gdb) bt
#0  0x00000000005dd76a in instanceof_function_ex (instance_ce=0xa289b0, ce=0x9ed4f0, interfaces_only=0 '\0')
    at /local/local/bodegon/php-debug/Zend/zend_operators.c:1600
#1  0x00000000005dd7ab in instanceof_function (instance_ce=<value optimized out>, ce=<value optimized out>)
    at /local/local/bodegon/php-debug/Zend/zend_operators.c:1618
#2  0x000000000049e5d9 in mysqli_objects_free_storage (object=<value optimized out>)
    at /local/local/bodegon/php-debug/ext/mysqli/mysqli.c:143
#3  0x000000000060329e in zend_objects_store_free_object_storage (objects=0x8be600)
    at /local/local/bodegon/php-debug/Zend/zend_objects_API.c:86
#4  0x00000000005d8e8c in shutdown_executor () at /local/local/bodegon/php-debug/Zend/zend_execute_API.c:281
#5  0x00000000005e5ab3 in zend_deactivate () at /local/local/bodegon/php-debug/Zend/zend.c:854
#6  0x00000000005a417b in php_request_shutdown (dummy=<value optimized out>)
    at /local/local/bodegon/php-debug/main/main.c:1300
#7  0x00000000006821ea in main (argc=2, argv=0x7fffffd96a48) at /local/local/bodegon/php-debug/sapi/cli/php_cli.c:1250




Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-07-06 07:36 UTC] tony2001@php.net
Dmitry, we've already discussed it - the problem is that shutdown_executor() destroys classes first and then runs objects destructors (in this case - it's mysqli_objects_free_storage()) which can access already destroyed class entries.

Here is what valgrind says about it: http://gcov.php.net/PHP_5_2/tests/ext/mysqli/tests/bug33491.mem
Though, no crash here, even with Zend MM disabled.

This patch: http://tony2001.phpclub.net/dev/tmp/bug38019.diff
fixes the problem for me and I don't see any new ones.
 [2006-07-10 10:06 UTC] dmitry@php.net
Fixed in CVS HEAD and PHP_5_2.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 17 16:02:22 2014 UTC