php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #39445 Calling debug_backtrace() in the __toString() function produces a crash
Submitted: 2006-11-09 10:54 UTC Modified: 2006-11-15 16:06 UTC
From: daan at parse dot nl Assigned: dmitry (profile)
Status: Closed Package: Reproducible crash
PHP Version: 5.2.0 OS: Slackware 10.2
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: daan at parse dot nl
New email:
PHP Version: OS:

 

 [2006-11-09 10:54 UTC] daan at parse dot nl
Description:
------------
Calling debug_backtrace() in an __toString() function produces a crash, but only when the __toString() function is triggered by a native php string function.


Reproduce code:
---------------
<?php
class test
{
	public function __toString()
	{
		debug_backtrace();
		return 'lowercase';
	}
}

	$test = new test();
	echo strtoupper($test);
?>

Expected result:
----------------
An echoed "LOWERCASE"

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 28346)]
zend_objects_store_del_ref_by_handle (handle=1089634572)
   at /usr/src/php-5.2.0/Zend/zend_objects_API.c:187
187             if (EG(objects_store).object_buckets[handle].valid) {
(gdb) bt
#0  zend_objects_store_del_ref_by_handle (handle=1089634572)
   at /usr/src/php-5.2.0/Zend/zend_objects_API.c:187
#1  0x40656015 in zend_objects_store_del_ref (zobject=0x40f27e10)
   at /usr/src/php-5.2.0/Zend/zend_objects_API.c:165
#2  0x40636a52 in _convert_to_string (op=0x40f27e10)
   at /usr/src/php-5.2.0/Zend/zend_variables.h:35
#3  0x405c8b79 in zif_strtoupper (ht=1, return_value=0x40f27df8,
   return_value_ptr=0x0, this_ptr=0x0, return_value_used=0)
   at /usr/src/php-5.2.0/ext/standard/string.c:1132
#4  0x40658d64 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffb260)
   at /usr/src/php-5.2.0/Zend/zend_vm_execute.h:200
#5  0x40658499 in execute (op_array=0x40f24184)
   at /usr/src/php-5.2.0/Zend/zend_vm_execute.h:92
#6  0x4063ec0c in zend_execute_scripts (type=8, retval=0x0, file_count=3)
   at /usr/src/php-5.2.0/Zend/zend.c:1097
#7  0x40604e3a in php_execute_script (primary_file=0xbfffd5c0)
   at /usr/src/php-5.2.0/main/main.c:1758
#8  0x406bf8d2 in apache_php_module_main (r=0x80cb5bc, display_source_mode=0)
   at /usr/src/php-5.2.0/sapi/apache/sapi_apache.c:53
#9  0x406c02e6 in send_php (r=0x80cb5bc, display_source_mode=0, filename=0x0)
   at /usr/src/php-5.2.0/sapi/apache/mod_php5.c:660
#10 0x406c04f6 in send_parsed_php (r=0x80cb5bc)
   at /usr/src/php-5.2.0/sapi/apache/mod_php5.c:675
#11 0x08053ff7 in ap_invoke_handler ()
#12 0x08069039 in process_request_internal ()
#13 0x08069098 in ap_process_request ()
#14 0x080600ba in child_main ()
#15 0x08060262 in make_child ()
#16 0x080603c8 in startup_children ()
#17 0x08060a88 in standalone_main ()
#18 0x080612a6 in main ()


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-11-09 17:57 UTC] iliaa@php.net
This patch seems to fix the problem:
http://bb.prohost.org/patch/ze.txt

But I am not 100% certain of its validity.
 [2006-11-15 16:06 UTC] dmitry@php.net
Fixed in CVS HEAD and PHP_5_2.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Dec 11 12:01:29 2024 UTC