|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #42703 Exception raised in an iterator::current() causes segfault in FilterIterator
Submitted: 2007-09-18 16:02 UTC Modified: 2007-10-18 05:52 UTC
From: daan at react dot nl Assigned: helly
Status: Closed Package: SPL related
PHP Version: 5.2CVS-2007-09-18 OS: *
Private report: No CVE-ID:
 [2007-09-18 16:02 UTC] daan at react dot nl
When raising an exception in the current() method of an iterator while that iterator is being processed by either an IteratorIterator or FilterIterator causes PHP to crash.

Reproduce code:
class BlaIterator implements Iterator
	public function rewind()

	public function next()

	public function valid()
		return true;

	public function current()
		throw new Exception('boo');

	public function key()

$it = new BlaIterator();
$itit = new IteratorIterator($it);

foreach ($itit as $key => $value)
	echo $value;

Expected result:
Exception thrown

Actual result:
#0  zim_spl_dual_it_rewind (ht=0, return_value=0xb7827e04, return_value_ptr=0x0, this_ptr=0xb7826d80, return_value_used=1)
    at /usr/src/php-5.2.4/ext/spl/spl_iterators.c:1128
#1  0x08327528 in zend_call_function (fci=0xbfa93970, fci_cache=0xbfa93950) at /usr/src/php-5.2.4/Zend/zend_execute_API.c:1004
#2  0x083447e0 in zend_call_method (object_pp=0xbfa939f0, obj_ce=0x86c73d0, fn_proxy=0x86c7500, function_name=0x85c5425 "rewind", function_name_len=6,
    retval_ptr_ptr=0x0, param_count=0, arg1=0x0, arg2=0x0) at /usr/src/php-5.2.4/Zend/zend_interfaces.c:88
#3  0x08344ded in zend_user_it_rewind (_iter=0xb7829124) at /usr/src/php-5.2.4/Zend/zend_interfaces.c:252
#4  0x0839af62 in ZEND_FE_RESET_SPEC_CV_HANDLER (execute_data=0xbfa93bb0) at /usr/src/php-5.2.4/Zend/zend_vm_execute.h:19980
#5  0x0834f5b9 in execute (op_array=0xb782726c) at /usr/src/php-5.2.4/Zend/zend_vm_execute.h:92
#6  0xb77cc44e in xdebug_execute (op_array=0xb782726c) at /tmp/pear/cache/xdebug-2.0.0RC3/xdebug.c:1487
#7  0x083341c4 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/php-5.2.4/Zend/zend.c:1134
#8  0x082f822a in php_execute_script (primary_file=0xbfa96030) at /usr/src/php-5.2.4/main/main.c:1982
#9  0x083b802f in main (argc=2, argv=0xbfa96104) at /usr/src/php-5.2.4/sapi/cli/php_cli.c:1140


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2007-09-19 10:20 UTC]
[Switching to Thread -1209043264 (LWP 4604)]
0x081e1730 in spl_dual_it_fetch (intern=0x9935a3c, check_more=1, tsrm_ls=0x97fa050) at /home/jani/src/php-5.2/ext/spl/spl_iterators.c:1128
1128                    intern->>refcount++;
(gdb) bt
#0  0x081e1730 in spl_dual_it_fetch (intern=0x9935a3c, check_more=1, tsrm_ls=0x97fa050) at /home/jani/src/php-5.2/ext/spl/spl_iterators.c:1128
#1  0x081e153d in zim_spl_dual_it_rewind (ht=0, return_value=0x9935c44, return_value_ptr=0x0, this_ptr=0x9932d44, return_value_used=1, tsrm_ls=0x97fa050)
    at /home/jani/src/php-5.2/ext/spl/spl_iterators.c:1161
#2  0x0830279e in zend_call_function (fci=0xbfe7cd74, fci_cache=0xbfe7cd48, tsrm_ls=0x97fa050) at /home/jani/src/php-5.2/Zend/zend_execute_API.c:1004
#3  0x0832b42a in zend_call_method (object_pp=0xbfe7cde0, obj_ce=0x986eb70, fn_proxy=0x986ecb4, function_name=0x85d3639 "rewind", function_name_len=6, 
    retval_ptr_ptr=0x0, param_count=0, arg1=0x0, arg2=0x0, tsrm_ls=0x97fa050) at /home/jani/src/php-5.2/Zend/zend_interfaces.c:88
#4  0x0832bcc1 in zend_user_it_rewind (_iter=0x9935c00, tsrm_ls=0x97fa050) at /home/jani/src/php-5.2/Zend/zend_interfaces.c:252
#5  0x0837fa59 in ZEND_FE_RESET_SPEC_CV_HANDLER (execute_data=0xbfe7d004, tsrm_ls=0x97fa050) at /home/jani/src/php-5.2/Zend/zend_vm_execute.h:19980
#6  0x0833a206 in execute (op_array=0x9933548, tsrm_ls=0x97fa050) at /home/jani/src/php-5.2/Zend/zend_vm_execute.h:92
#7  0x083119f8 in zend_execute_scripts (type=8, tsrm_ls=0x97fa050, retval=0x0, file_count=3) at /home/jani/src/php-5.2/Zend/zend.c:1134
#8  0x082acd9b in php_execute_script (primary_file=0xbfe7f39c, tsrm_ls=0x97fa050) at /home/jani/src/php-5.2/main/main.c:1999
#9  0x08397a92 in main (argc=2, argv=0xbfe7f4f4) at /home/jani/src/php-5.2/sapi/cli/php_cli.c:1140

 [2007-10-18 05:52 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Fri Nov 27 22:01:31 2015 UTC