php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #52559 Calling undefined method on FilterIterator subclasses causes segfault
Submitted: 2010-08-07 03:42 UTC Modified: 2012-09-10 04:37 UTC
Votes:5
Avg. Score:3.8 ± 1.0
Reproduced:4 of 4 (100.0%)
Same Version:1 (25.0%)
Same OS:1 (25.0%)
From: tobias382 at gmail dot com Assigned: laruence
Status: Closed Package: SPL related
PHP Version: 5.3SVN-2010-08-06 (snap) OS: Ubuntu 10.04
Private report: No CVE-ID:
 [2010-08-07 03:42 UTC] tobias382 at gmail dot com
Description:
------------
The attached test script causes a segmentation fault in PHP 5.3.3 and the current 
PHP 5.3 snapshot, presumably because count() is not a defined method in 
FooIterator or any of its ancestor classes.

The configure line used to compile the snapshot:

Configure Command =>  './configure'  '--prefix=/home/matt/Software/php5.3-
201008070030/build/php_build' '--without-pear' '--without-sqlite3' '--without-
pdo-sqlite' '--without-sqlite' '--enable-debug'

Test script:
---------------
<?php
class FooIterator extends FilterIterator {
    public function accept() {
        return true;
    }   
}
$iterator = new FooIterator(new ArrayIterator(array(1)));
echo $iterator->count();

Expected result:
----------------
PHP Fatal error:  Call to undefined method FooIterator::count() in test.php on 
line 8

Actual result:
--------------
1Segmentation fault

gdb backtrace:

#0  0x0000000002926cd0 in ?? ()
#1  0x0000000000573929 in spl_dual_it_free (intern=0x2a089f0) at 
/home/matt/Software/php5.3-201008070030/ext/spl/spl_iterators.c:1461
#2  0x0000000000574ebd in spl_dual_it_dtor (_object=0x2a089f0, handle=1) at 
/home/matt/Software/php5.3-201008070030/ext/spl/spl_iterators.c:1942
#3  0x00000000006ebbea in zend_objects_store_del_ref_by_handle_ex (handle=1, 
handlers=0xcace80)
    at /home/matt/Software/php5.3-201008070030/Zend/zend_objects_API.c:206
#4  0x00000000006eba5f in zend_objects_store_del_ref (zobject=0x2a20e30) at 
/home/matt/Software/php5.3-201008070030/Zend/zend_objects_API.c:172
#5  0x00000000006bbca2 in _zval_dtor_func (zvalue=0x2a20e30, 
__zend_filename=0xa4e9a8 "/home/matt/Software/php5.3-
201008070030/Zend/zend_execute_API.c", 
    __zend_lineno=443) at /home/matt/Software/php5.3-
201008070030/Zend/zend_variables.c:52
#6  0x00000000006abbba in _zval_dtor (zvalue=0x2a20e30, __zend_filename=0xa4e9a8 
"/home/matt/Software/php5.3-201008070030/Zend/zend_execute_API.c", 
    __zend_lineno=443) at /home/matt/Software/php5.3-
201008070030/Zend/zend_variables.h:35
#7  0x00000000006acb48 in _zval_ptr_dtor (zval_ptr=0x2a24158, 
__zend_filename=0xa50290 "/home/matt/Software/php5.3-
201008070030/Zend/zend_variables.c", 
    __zend_lineno=178) at /home/matt/Software/php5.3-
201008070030/Zend/zend_execute_API.c:443
#8  0x00000000006bc01f in _zval_ptr_dtor_wrapper (zval_ptr=0x2a24158) at 
/home/matt/Software/php5.3-201008070030/Zend/zend_variables.c:178
#9  0x00000000006ce705 in zend_hash_apply_deleter (ht=0xcc4588, p=0x2a24140) at 
/home/matt/Software/php5.3-201008070030/Zend/zend_hash.c:611
#10 0x00000000006ced8e in zend_hash_reverse_apply (ht=0xcc4588, 
apply_func=0x6ac3f5 <zval_call_destructor>)
    at /home/matt/Software/php5.3-201008070030/Zend/zend_hash.c:760
#11 0x00000000006ac487 in shutdown_destructors () at /home/matt/Software/php5.3-
201008070030/Zend/zend_execute_API.c:226
#12 0x00000000006bd8db in zend_call_destructors () at 
/home/matt/Software/php5.3-201008070030/Zend/zend.c:874
#13 0x0000000000647cec in php_request_shutdown (dummy=0x0) at 
/home/matt/Software/php5.3-201008070030/main/main.c:1587
#14 0x00000000007a27db in main (argc=2, argv=0x7fffd4f78e68) at 
/home/matt/Software/php5.3-201008070030/sapi/cli/php_cli.c:1373

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-08-07 17:21 UTC] felipe@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: colder
 [2012-09-10 03:55 UTC] reeze dot xia at gmail dot com
THis bug has been fixed already, could be closed :)
see: http://3v4l.org/eavLE
 [2012-09-10 04:37 UTC] aharvey@php.net
Fixed in cc30524c89fa2255944dc3c70f8d41a6c23faa2a, for those playing at home.
 [2012-09-10 04:37 UTC] aharvey@php.net
-Status: Assigned +Status: Closed -Assigned To: colder +Assigned To: laruence
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 23 14:02:33 2014 UTC