php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #48248 SIGSEGV when access to private property via &__get
Submitted: 2009-05-12 17:09 UTC Modified: 2009-05-12 23:39 UTC
From: ladislav at marek dot su Assigned: felipe
Status: Closed Package: Reproducible crash
PHP Version: 5.2CVS-2009-05-12 OS: * 64bit
Private report: No CVE-ID:
 [2009-05-12 17:09 UTC] ladislav at marek dot su
Description:
------------
Attempt to access private property of extended class when the parent class has method '__get' which returns reference, causing segmentation fault.

Compiled only with --enable-debug.

Reproduce code:
---------------
class A
{
    public function & __get($name)
    {
        return $this->test;
    }
}

class B extends A
{
    private $test;
}


$b = new B;
var_dump($b->test);

Expected result:
----------------
NULL

Actual result:
--------------
#0  0x00000000007b4859 in zend_std_get_property_ptr_ptr (object=0x29d83c8, member=0x29dbca8) at /root/php/php5.3-200905121430/Zend/zend_object_handlers.c:588
#1  0x00000000007b9b2e in zend_fetch_property_address (result=0x7f0590a24350, container_ptr=0xdd73c0, prop_ptr=0x29dbca8, type=1)
    at /root/php/php5.3-200905121430/Zend/zend_execute.c:1156
#2  0x000000000082e580 in ZEND_FETCH_OBJ_W_SPEC_UNUSED_CONST_HANDLER (execute_data=0x7f0590a242a8)
    at /root/php/php5.3-200905121430/Zend/zend_vm_execute.h:17494
#3  0x00000000007ba081 in execute (op_array=0x29ddae0) at /root/php/php5.3-200905121430/Zend/zend_vm_execute.h:104
#4  0x000000000077bcd3 in zend_call_function (fci=0x7fff98bb4d10, fci_cache=0x7fff98bb4ca0) at /root/php/php5.3-200905121430/Zend/zend_execute_API.c:936
#5  0x00000000007a684b in zend_call_method (object_pp=0x7fff98bb4db8, obj_ce=0x29dbe18, fn_proxy=0x29dbfd8, function_name=0xb4dd62 "__get",
    function_name_len=5, retval_ptr_ptr=0x7fff98bb4dc8, param_count=1, arg1=0x29dca60, arg2=0x0) at /root/php/php5.3-200905121430/Zend/zend_interfaces.c:97
#6  0x00000000007b29e9 in zend_std_call_getter (object=0x29d83c8, member=0x29dca60) at /root/php/php5.3-200905121430/Zend/zend_object_handlers.c:81
#7  0x00000000007b383a in zend_std_read_property (object=0x29d83c8, member=0x29d98c0, type=0)
    at /root/php/php5.3-200905121430/Zend/zend_object_handlers.c:350
#8  0x000000000084944b in zend_fetch_property_address_read_helper_SPEC_CV_CONST (type=0, execute_data=0x7f0590a24090)
    at /root/php/php5.3-200905121430/Zend/zend_vm_execute.h:23769
#9  0x0000000000849574 in ZEND_FETCH_OBJ_R_SPEC_CV_CONST_HANDLER (execute_data=0x7f0590a24090) at /root/php/php5.3-200905121430/Zend/zend_vm_execute.h:23794
#10 0x00000000007ba081 in execute (op_array=0x29d8f90) at /root/php/php5.3-200905121430/Zend/zend_vm_execute.h:104
#11 0x000000000078b381 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/php/php5.3-200905121430/Zend/zend.c:1188
#12 0x0000000000719fad in php_execute_script (primary_file=0x7fff98bb7620) at /root/php/php5.3-200905121430/main/main.c:2182
#13 0x000000000086fd03 in main (argc=2, argv=0x7fff98bb7868) at /root/php/php5.3-200905121430/sapi/cli/php_cli.c:1188

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-05-12 23:21 UTC] felipe@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Fixed in 5.2, 5.3 and HEAD.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 24 19:01:53 2014 UTC