php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #45280 Reflection of instantiated COM classes causes PHP to crash.
Submitted: 2008-06-16 13:35 UTC Modified: 2009-07-02 11:05 UTC
Votes:2
Avg. Score:2.0 ± 1.0
Reproduced:0 of 0 (0.0%)
From: RQuadling at GMail dot com Assigned: kalle
Status: Closed Package: COM related
PHP Version: 5.3CVS-2008-06-16 (snap) OS: Windows XP SP2
Private report: No CVE-ID:
 [2008-06-16 13:35 UTC] RQuadling at GMail dot com
Description:
------------
Hi.

I'm trying to use PHP to find out about the COM interface of Crystal Reports XI.

I can use ...

php -r "ReflectionClass::export('COM');"

which shows the empty 'COM' class extending the 'variant' class.

But if I try and use ...

php -r "ReflectionObject::export(New COM('CrystalReports11.ObjectFactory.1'));"

I get a crash and a request to send a report to Microsoft.

Reproduce code:
---------------
<?php
$o_CR = New COM('CrystalReports11.ObjectFactory.1');
ReflectionObject::export($o_CR);


Expected result:
----------------
A dump of the properties/methods provided by the Crystal Reports XI Object Factory.

Actual result:
--------------
A crash and a Dr. Watson crash.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-06-16 13:37 UTC] RQuadling at GMail dot com
I forgot to mention that the function com_print_typeinfo() does provide some of the information I'm expecting to be available via Reflection.
 [2009-05-10 13:03 UTC] bjori@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2009-05-11 13:09 UTC] RQuadling at GMail dot com
Report for php__PID__4828__Date__05_11_2009__Time_02_03_29PM__999__Second_Chance_Exception_C0000005.dmp
Type of Analysis Performed   Crash Analysis 
Machine Name   RICHARDQUADLING 
Operating System   Windows XP Service Pack 3 
Number Of Processors   2 
Process ID   4828 
Process Image   C:\PHP5\php.exe 
System Up-Time   4 day(s) 01:37:48 
Process Up-Time   00:00:03 


Thread 0 - System ID 5216
Entry point   php!mainCRTStartup 
Create time   11/05/2009 14:03:27 
Time spent in user mode   0 Days 0:0:0.62 
Time spent in kernel mode   0 Days 0:0:0.93 






Function     Arg 1     Arg 2     Arg 3   Source 
php5!zend_hash_internal_pointer_reset_ex+c     00000000     00c0e8dc     00000b18   d:\php-
sdk\snap_5_3\vc9\x86\snap53_vc9\zend\zend_hash.c @ 1059 + 4 
php5!zm_info_reflection+700     00c0e938     015209b0     0139ebf0   d:\php-
sdk\snap_5_3\vc9\x86\snap53_vc9\ext\reflection\php_reflection.c @ 538 
php5!zim_reflection_class___toString+9a     00000000     0139fea8     00c0ea3c   d:\php-
sdk\snap_5_3\vc9\x86\snap53_vc9\ext\reflection\php_reflection.c @ 3194 
php5!zend_call_function+6fa     00000000     00c0e978     00000024   d:\php-
sdk\snap_5_3\vc9\x86\snap53_vc9\zend\zend_execute_api.c @ 958 + 16 
php5!call_user_function_ex+65     00000000     00c0ea40     00c0ea44   d:\php-
sdk\snap_5_3\vc9\x86\snap53_vc9\zend\zend_execute_api.c @ 735 
php5!zim_reflection_export+70     00000002     0139ff08     00c0eb04   d:\php-
sdk\snap_5_3\vc9\x86\snap53_vc9\ext\reflection\php_reflection.c @ 1421 + 27 
php5!zend_call_function+6fa     00000030     00c0ea88     013ad4a8   d:\php-
sdk\snap_5_3\vc9\x86\snap53_vc9\zend\zend_execute_api.c @ 958 + 16 
php5!zend_reflection_class_factory+9b2     013a0280     00000001     1002263f   d:\php-
sdk\snap_5_3\vc9\x86\snap53_vc9\ext\reflection\php_reflection.c @ 1380 + 5f 
php5!zim_reflection_object_export+1a     00000001     013a0280     00000000   d:\php-
sdk\snap_5_3\vc9\x86\snap53_vc9\ext\reflection\php_reflection.c @ 4240 + 1a 
php5!execute+c9f     013d0070     10021b4e     00c0ec28   d:\php-
sdk\snap_5_3\vc9\x86\snap53_vc9\zend\zend_vm_execute.h @ 313 + 40 
php5!execute+101c     00c0ec28     00c0fed4     00c0fcbc   d:\php-
sdk\snap_5_3\vc9\x86\snap53_vc9\zend\zend_vm_execute.h @ 423 
php5!execute+1ae     0139d0d8     00c0fed4     00000000   d:\php-
sdk\snap_5_3\vc9\x86\snap53_vc9\zend\zend_vm_execute.h @ 104 + 8 
php5!zend_execute_scripts+be     00000008     00000000     00000003   d:\php-
sdk\snap_5_3\vc9\x86\snap53_vc9\zend\zend.c @ 1188 + d 
php5!php_execute_script+1c8     00c0fed4     0040642c     00000001   d:\php-
sdk\snap_5_3\vc9\x86\snap53_vc9\main\main.c @ 2182 + 10 
php!main+a9a     00000001     011530c0     01153330   d:\php-
sdk\snap_5_3\vc9\x86\snap53_vc9\sapi\cli\php_cli.c @ 1189 
php!memcpy+160     001520b8     00180018     7ffde000   f:\dd\vctools\crt_bld\self_x86\crt\src\crtexe.c @ 
586 + 17 
kernel32!BaseProcessStart+23     00402dda     00000000     00000000    




PHP5!ZEND_HASH_INTERNAL_POINTER_RESET_EX+CIn 
php__PID__4828__Date__05_11_2009__Time_02_03_29PM__999__Second_Chance_Exception_C0000005.dmp the assembly 
instruction at php5!zend_hash_internal_pointer_reset_ex+c in C:\PHP5\php5.dll from The PHP Group has 
caused an access violation exception (0xC0000005) when trying to read from memory location 0x00000014 on 
thread 0

Module Information 
Image Name: C:\PHP5\php5.dll   Symbol Type:  PDB 
Base address: 0x10000000   Time Stamp:  Mon May 11 12:57:20 2009  
Checksum: 0x0055b027   Comments:   
COM DLL: False   Company Name:  The PHP Group 
ISAPIExtension: False   File Description:  PHP Script Interpreter 
ISAPIFilter: False   File Version:  5.3.0RC3-dev 
Managed DLL: False   Internal Name:  PHP Script Interpreter 
VB DLL: False   Legal Copyright:  Copyright © 1997-2008 The PHP Group 
Loaded Image Name:  php5.dll   Legal Trademarks:  PHP 
Mapped Image Name:     Original filename:  php5.dll 
Module name:  php5   Private Build:   
Single Threaded:  False   Product Name:  PHP 
Module Size:  5.44 MBytes   Product Version:  5.3.0RC3-dev 
Symbol File Name:  C:\PHP5\debug\php5.pdb   Special Build:  &
 [2009-05-11 13:10 UTC] RQuadling at GMail dot com
Thread 0 - System ID 5216
Entry point   php!mainCRTStartup 
Create time   11/05/2009 14:03:27 
Time spent in user mode   0 Days 0:0:0.62 
Time spent in kernel mode   0 Days 0:0:0.93 

Function     Arg 1     Arg 2     Arg 3   Source 
php5!zend_hash_internal_pointer_reset_ex+c     00000000     00c0e8dc     
00000b18    
php5!zm_info_reflection+700     00c0e938     015209b0     0139ebf0    
php5!zim_reflection_class___toString+9a     00000000     0139fea8     
00c0ea3c    
php5!zend_call_function+6fa     00000000     00c0e978     00000024    
php5!call_user_function_ex+65     00000000     00c0ea40     00c0ea44    
php5!zim_reflection_export+70     00000002     0139ff08     00c0eb04    
php5!zend_call_function+6fa     00000030     00c0ea88     013ad4a8    
php5!zend_reflection_class_factory+9b2     013a0280     00000001     
1002263f    
php5!zim_reflection_object_export+1a     00000001     013a0280     
00000000    
php5!execute+c9f     013d0070     10021b4e     00c0ec28    
php5!execute+101c     00c0ec28     00c0fed4     00c0fcbc    
php5!execute+1ae     0139d0d8     00c0fed4     00000000    
php5!zend_execute_scripts+be     00000008     00000000     00000003    
php5!php_execute_script+1c8     00c0fed4     0040642c     00000001    
php!main+a9a     00000001     011530c0     01153330    
php!memcpy+160     001520b8     00180018     7ffde000    
kernel32!BaseProcessStart+23     00402dda     00000000     00000000    

PHP5!ZEND_HASH_INTERNAL_POINTER_RESET_EX+CIn 
php__PID__4828__Date__05_11_2009__Time_02_03_29PM__999__Second_Chance
_Exception_C0000005.dmp the assembly instruction at 
php5!zend_hash_internal_pointer_reset_ex+c in C:\PHP5\php5.dll from 
The PHP Group has caused an access violation exception (0xC0000005) 
when trying to read from memory location 0x00000014 on thread 0

Module Information 
Image Name: C:\PHP5\php5.dll   Symbol Type:  PDB 
Base address: 0x10000000   Time Stamp:  Mon May 11 12:57:20 2009  
Checksum: 0x0055b027   Comments:   
COM DLL: False   Company Name:  The PHP Group 
ISAPIExtension: False   File Description:  PHP Script Interpreter 
ISAPIFilter: False   File Version:  5.3.0RC3-dev 
Managed DLL: False   Internal Name:  PHP Script Interpreter 
VB DLL: False   Legal Copyright:  Copyright © 1997-2008 The PHP Group 
Loaded Image Name:  php5.dll   Legal Trademarks:  PHP 
Mapped Image Name:     Original filename:  php5.dll 
Module name:  php5   Private Build:   
Single Threaded:  False   Product Name:  PHP 
Module Size:  5.44 MBytes   Product Version:  5.3.0RC3-dev 
Symbol File Name:  C:\PHP5\debug\php5.pdb   Special Build:  &
 [2009-07-01 18:47 UTC] kalle@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 [2009-07-02 11:05 UTC] RQuadling at GMail dot com
Hmm.

Ok. So no crash, but no valid output either.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 24 21:01:55 2014 UTC