php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #38220 Crash on some object operations
Submitted: 2006-07-26 10:22 UTC Modified: 2006-07-26 15:30 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: ddk at krasn dot ru Assigned: dmitry (profile)
Status: Closed Package: Reproducible crash
PHP Version: 5.2.0-RC2dev OS: winxp sp2, freebsd 4.11
Private report: No CVE-ID: None
View Developer Edit
 [2006-07-26 10:22 UTC] ddk at krasn dot ru 
Description:
------------
Crash occurs when specified code is executed.

If uncomment line "$drv->obj = null;" everything works fine.


Reproduce code:
---------------
<?php


class drv {

	public $obj;

	function func1() {
		echo "func1(): {$this->obj->i}\n";
	}

	function close() {
		echo "close(): {$this->obj->i}\n";
	}
}

class A {

	public $i;

	function __construct($i) {
		$this->i = $i;
	}

	function __call($method, $args) {
		$drv = myserv::drv();

		$drv->obj = $this;

		echo "before call $method\n";
		print_r($this);
		call_user_func_array(array($drv, $method), $args);
		echo "after call $method\n";

		// Uncomment this line to work without crash
//		$drv->obj = null;
	}

	function __destruct() {
		echo "A::__destruct()\n";
		$this->close();
	}
}



class myserv {

	private static $drv = null;

	static function drv() {
		if (is_null(self::$drv))
			self::$drv = new drv;

		return self::$drv;

	}
}


$obj1 = new A(1);
$obj1->func1();

$obj2 = new A(2);

unset($obj1);

$obj2->func1();



?>

Expected result:
----------------
before call func1
A Object
(
    [i] => 1
)
func1(): 1
after call func1
A::__destruct()
before call close
A Object
(
    [i] => 1
)
close(): 1
after call close
before call func1
A Object
(
    [i] => 2
)
func1(): 2
after call func1
A::__destruct()
before call close
A Object
(
    [i] => 2
)
close(): 2
after call close


Actual result:
--------------
before call func1
A Object
(
    [i] => 1
)
func1(): 1
after call func1
A::__destruct()
before call close
... crash ...

backtrace:

#0  zend_std_object_get_class_name (object=0xbfbfdd70, class_name=0xbfbfd6d8, class_name_len=0xbfbfd6dc, parent=0)
    at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend_object_handlers.c:1019
1019			ce = zobj->ce;
#0  zend_std_object_get_class_name (object=0xbfbfdd70, class_name=0xbfbfd6d8, class_name_len=0xbfbfd6dc, parent=0)
    at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend_object_handlers.c:1019
#1  0x813b69a in zend_print_zval_r_ex (write_func=0x81047c4 <php_body_write_wrapper>, expr=0xbfbfdd70, indent=0)
    at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend.c:383
#2  0x813b606 in zend_print_zval_r (expr=0xbfbfdd70, indent=0) at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend.c:359
#3  0x80ace08 in zif_print_r (ht=1, return_value=0x832d5e4, return_value_ptr=0x0, this_ptr=0x0, return_value_used=0)
    at /usr/ports/lang/php5/work/php-5.1.4/ext/standard/basic_functions.c:2807
#4  0x8155bef in zend_do_fcall_common_helper_SPEC (execute_data=0xbfbfd8f0) at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend_vm_execute.h:200
#5  0x815b728 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbfbfd8f0) at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend_vm_execute.h:1640
#6  0x815555f in execute (op_array=0x832c124) at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend_vm_execute.h:92
#7  0x8131e0d in zend_call_function (fci=0xbfbfda3c, fci_cache=0xbfbfda1c) at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend_execute_API.c:938
#8  0x814c98b in zend_call_method (object_pp=0xbfbfdad4, obj_ce=0x8314a24, fn_proxy=0x8314b40, function_name=0x8222c40 "__call", function_name_len=6, 
    retval_ptr_ptr=0xbfbfdabc, param_count=2, arg1=0x832dae4, arg2=0x832dba4) at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend_interfaces.c:88
#9  0x81527f4 in zend_std_call_user_call (ht=0, return_value=0x832db24, return_value_ptr=0x0, this_ptr=0xbfbfdd70, return_value_used=0)
    at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend_object_handlers.c:634
#10 0x8155bef in zend_do_fcall_common_helper_SPEC (execute_data=0xbfbfdbb0) at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend_vm_execute.h:200
#11 0x8156104 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbfbfdbb0) at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend_vm_execute.h:322
#12 0x815555f in execute (op_array=0x832c324) at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend_vm_execute.h:92
#13 0x8131e0d in zend_call_function (fci=0xbfbfdcfc, fci_cache=0xbfbfdcdc) at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend_execute_API.c:938
#14 0x814c98b in zend_call_method (object_pp=0xbfbfdd6c, obj_ce=0x8314a24, fn_proxy=0x8314b28, function_name=0x8222777 "__destruct", function_name_len=10, 
    retval_ptr_ptr=0x0, param_count=0, arg1=0x0, arg2=0x0) at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend_interfaces.c:88
#15 0x8150bef in zend_objects_destroy_object (object=0x831f564, handle=1) at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend_objects.c:98
#16 0x81538d2 in zend_objects_store_del_ref (zobject=0x832d5e4) at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend_objects_API.c:166
#17 0x813ab9c in _zval_dtor_func (zvalue=0x832d5e4, __zend_filename=0x821cca0 "/usr/ports/lang/php5/work/php-5.1.4/Zend/zend_variables.h", __zend_lineno=35)
    at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend_variables.c:52
#18 0x8130701 in _zval_ptr_dtor (zval_ptr=0x832a6b0, __zend_filename=0x821e5a0 "/usr/ports/lang/php5/work/php-5.1.4/Zend/zend_variables.c", 
    __zend_lineno=175) at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend_variables.h:35
#19 0x813adaf in _zval_ptr_dtor_wrapper (zval_ptr=0x832a6b0) at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend_variables.c:175
#20 0x8143b64 in _zend_hash_quick_add_or_update (ht=0x832a5a4, arKey=0x831f6a4 "obj", nKeyLength=4, h=2090572832, pData=0xbfbfdee0, nDataSize=4, 
    pDest=0xbfbfdeb4, flag=1, __zend_filename=0x82229c0 "/usr/ports/lang/php5/work/php-5.1.4/Zend/zend_object_handlers.c", __zend_lineno=419)
    at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend_hash.c:294
#21 0x8151c25 in zend_std_write_property (object=0x832d964, member=0x832e268, value=0x832d8a4)
    at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend_object_handlers.c:419
#22 0x81b9f62 in ZEND_ASSIGN_OBJ_SPEC_CV_CONST_HANDLER (execute_data=0xbfbfe060) at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend_execute.c:617
#23 0x815555f in execute (op_array=0x832c124) at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend_vm_execute.h:92
#24 0x8131e0d in zend_call_function (fci=0xbfbfe1ac, fci_cache=0xbfbfe18c) at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend_execute_API.c:938
#25 0x814c98b in zend_call_method (object_pp=0xbfbfe244, obj_ce=0x8314a24, fn_proxy=0x8314b40, function_name=0x8222c40 "__call", function_name_len=6, 
    retval_ptr_ptr=0xbfbfe22c, param_count=2, arg1=0x832db64, arg2=0x832dbe4) at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend_interfaces.c:88
#26 0x81527f4 in zend_std_call_user_call (ht=0, return_value=0x832d264, return_value_ptr=0x0, this_ptr=0x832d8a4, return_value_used=0)
    at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend_object_handlers.c:634
#27 0x8155bef in zend_do_fcall_common_helper_SPEC (execute_data=0xbfbfe430) at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend_vm_execute.h:200
#28 0x8156104 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbfbfe430) at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend_vm_execute.h:322
#29 0x815555f in execute (op_array=0x830cc24) at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend_vm_execute.h:92
#30 0x813c609 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/ports/lang/php5/work/php-5.1.4/Zend/zend.c:1109
#31 0x8105008 in php_execute_script (primary_file=0xbfbffb3c) at /usr/ports/lang/php5/work/php-5.1.4/main/main.c:1732
#32 0x81dbf91 in main (argc=2, argv=0xbfbffbb4) at /usr/ports/lang/php5/work/php-5.1.4/sapi/cli/php_cli.c:1092

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-07-26 15:30 UTC] dmitry@php.net 
Fixed in CVS HEAD and PHP_5_2.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri Oct 24 05:00:02 2025 UTC