|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2009-10-28 09:05 UTC] phpbugs at colin dot guthr dot ie
Description: ------------ This is a really hard bug to reproduce (e.g. build a simple test case) but I can reliably do so here with my application. I'll attempt to describe the problem in depth, although I warn in advance that it's a bit of a confusing one. During a particular request, PHP seems to corrupt itself quite badly which cases $this to become corrupted within an object. When this happens, is_object($this) still returns true, but any attempt to access a member variable (e.g. $this->mFuncs) will result in the "Notice: Trying to get property of non-object" warning. Similar warning exist when trying to call methods etc. Once this corruption happens, it will remain until the Apache process is restarted (mpm-prefork) although some requests will succeed (I presume it depends what mpm-preforked httpd handler is used?). When this happens, a much simpler test case (which I'll link to) fails also (i.e. it seems that the initial trigger of this causes it to continue, but the simpler test case itself does not seem enough to trigger it initially). The trigger case I have is a rather complex Zend Framework application that I sadly cannot share. I have confirmed this problem is present on 5.3.0 and 5.3.1RC2, so I suspect it's a 5.3.x problem over all. I cannot reproduce the problem on 5.2.11. All builds use -O0 for optimisations (as higher values have proven to cause problems, particularly on x86_64). Reproduce code: --------------- A tarball containing three PHP files: one a UniversalAutoloader structure we use in our projects (it predates spl stuff and actually gives us a different fallback mechanism anyway), and a simple test class that is meant to be autoloaded. Then the test.php file which actually exhibits the bug. As noted previously however, this test case only *exhibits* this bug if the problem is triggered already by some other code. You can see from the backtrace.txt the effect of it failing. I provide this in the hope that it allows something obvious to jump out at you, but I suspect the problem is really some form of stack frame corruption or similar (possibly due to x86_64 as I've not tested to see if it affects 5.3.1 although I will be able to do so in the coming weeks). The URL for this bundle is: http://colin.guthr.ie/php-bug.tar Expected result: ---------------- It should just echo "Foo\n". But as you can see the Notice is triggered and the is_array() check fails (as can be seen, it is impossible for the variable to be anything other than an array). Actual result: -------------- *After* triggering the problem, $this becomes a non-object (although in other tests (is_object($this) still returns true). PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Nov 21 10:01:29 2024 UTC |
Bad news. Just got the same bug again, with PHP 5.3.3 and GC switched OFF. Again, only one Apache process fails. The process begun failing immediately after Apache restart. A simple reproduce class: Reproduce code: --------------- class Test { private $data = NULL; public function __construct($data) { echo "<pre>"; var_dump($this); echo "</pre>"; $this->data = $data; } public function getData() { echo "<pre>"; var_dump($this); echo "</pre>"; return $this->data; } } echo "PID: " . getmypid(); $foo = new Test('Hello'); echo $foo->getData(); Correct output: --------------- PID: 22839 object(Test)#1 (1) { ["data":"Test":private]=> NULL } object(Test)#1 (1) { ["data":"Test":private]=> string(5) "Hello" } Hello Malfunctioning Apache process output: ------------------------------------- PID: 22818 object(Test)#1 (1) { ["data":"Test":private]=> NULL } Warning: Attempt to assign property of non-object in /var/www/html/testthis.php on line 16 object(Test)#1 (1) { ["data":"Test":private]=> NULL }