php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #41633 Crash instantiating classes with self-referencing constants
Submitted: 2007-06-08 13:35 UTC Modified: 2007-06-13 16:49 UTC
From: m dot stach at ewerk dot com Assigned: dmitry
Status: Closed Package: Reproducible crash
PHP Version: 5.2.3 OS: Windows/MacOSX
Private report: No CVE-ID:
 [2007-06-08 13:35 UTC] m dot stach at ewerk dot com
Description:
------------
When instantiating classes with self-referencing constants PHP crashes.

It is reproducable on Windows (5.2.3), Mac (5.2.2) and Linux (5.2.0).

Reproduce code:
---------------
class b {
  const FOO = self::FOO;
}

new b();

echo "1";

Expected result:
----------------
1

Actual result:
--------------
No output, segmentation fault instead. Since I don't have MSVC available for backtrace, I tried on a mac and linux box, same result (but Versions were 5.2.2 and 5.2.0).

Looks like an endless recursion.


Crash-Report:

Date/Time:      2007-06-08 14:55:00.261 +0200
OS Version:     10.4.9 (Build 8P135)
Report Version: 4

Command: php
Path:    /usr/local/bin/php
Parent:  bash [7590]

Version: ??? (???)

PID:    7604
Thread: 0

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_INVALID_ADDRESS (0x0001) at 0xbf7ffff0

Thread 0 Crashed:
0   php 	0x004ae698 _zend_mm_alloc_int + 12
1   php 	0x004afd48 _emalloc + 100
2   php 	0x004b0410 _estrndup + 44
3   php 	0x004c158c zend_get_constant_ex + 256
4   php 	0x004c3470 zval_update_constant_ex + 340
5   php 	0x004c3ca8 zval_update_constant + 44
6   php 	0x004c171c zend_get_constant_ex + 656

lines 4-6 repeated

506 php 	0x004c3ca8 zval_update_constant + 44
507 php 	0x004c171c zend_get_constant_ex + 656
508 php 	0x004c3470 zval_update_constant_ex + 340


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-06-08 13:38 UTC] m dot stach at ewerk dot com
Sorry, the expected result I specified was wrong.

Expected Result
---------------

I would expect error message (parse, compile or runtime/fatal error).
 [2007-06-08 22:00 UTC] judas dot iscariote at gmail dot com
This is the expected behaviuor, as your code produced infinite recursion FOO = self::FOO -> FOO = self::FOO -> FOO = self::FOO and the interpreter ends crashing ( as expected)

However I suspect in this particular case, something can be done to avoid this, maybe zval_update_constant_ex() can check if we ar trying to assign a constant to the same constant and emit a nice fatal error, not sure..though.
 [2007-06-09 00:17 UTC] stas@php.net
Just checking same constant wouldn't help since you could have:

const self::FOO = self::BAR;
const self::BAR = self::FOO;

but we can try and look into how to detect looping and either limit the depth or just break the loop one way or another. 
 [2007-06-11 08:50 UTC] m dot stach at ewerk dot com
Interestingly the following code gives an (however misleading) fatal error:

class b {
	const FOO = self::FOO;
}

$a = b::FOO;

Fatal error: Cannot access self:: when no class scope is active in ...


I wonder why constants are processed at runtime not parse/compile time. But that's not a bug but an architectural issue.

BTW: I would never expect the interpreter to crash.
 [2007-06-13 16:49 UTC] dmitry@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 17 21:01:56 2014 UTC