php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #55365 Using reference variable to $this in callback causes a segfault
Submitted: 2011-08-04 20:32 UTC Modified: 2011-08-14 21:36 UTC
From: dan at velsoft dot com Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 5.3.6 OS: OS X 10.7 + Linux 64bit
Private report: No CVE-ID: None
 [2011-08-04 20:32 UTC] dan at velsoft dot com
Description:
------------
Using a reference variable to $this within an anonymous function, in a class 
function causes a segfault. This previously worked in PHP 5.3.5.

The segfault can be caused either when using the function as a closure, or as an 
anonymous function.

The GDB output:


GNU gdb 6.3.50-20050815 (Apple version gdb-1705) (Fri Jul  1 10:50:06 UTC 2011)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-apple-darwin"...Reading symbols for shared 
libraries ...................... done

(gdb) run segfault.php
Starting program: /usr/bin/php segfault.php
Reading symbols for shared libraries 
+++++++++++++++++++++...........................................................
............................................................... done
Reading symbols for shared libraries . done
Reading symbols for shared libraries . done
Reading symbols for shared libraries . done
Reading symbols for shared libraries . done

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x00000001ffffffff
0x000000010035d53d in zend_std_get_method ()


Test script:
---------------
<?php
class Seg
{	
	public function fault()
	{
		$that = &$this;
		$callback = function() use ($that){};
		$callback(); // Causes a segfault 
		is_callable(function() use ($that){}); // Causes a segfault
	}
}

$obj = new Seg();
for($i = 0; $i < 5000; $i++)
{
	$obj->fault();
}

Expected result:
----------------
No segfault

Actual result:
--------------
Segfault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-08-05 01:38 UTC] felipe@php.net
-Status: Open +Status: Feedback
 [2011-08-05 01:38 UTC] felipe@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

I can't reproduce it on linux 32 bit.
 [2011-08-05 02:28 UTC] dan at velsoft dot com
-Status: Feedback +Status: Open
 [2011-08-05 02:28 UTC] dan at velsoft dot com
GDB backtrace:


(gdb) bt
#0  0x000000010034aa20 in zend_hash_find ()
#1  0x000000010035d555 in zend_std_get_method ()
#2  0x000000010039a104 in ZEND_INIT_METHOD_CALL_SPEC_CV_CONST_HANDLER ()
#3  0x00000001003a4325 in execute ()
#4  0x0000000100e054e1 in xdebug_execute ()
#5  0x000000010033fea1 in zend_execute_scripts ()
#6  0x00000001002f0806 in php_execute_script ()
#7  0x00000001003ba4a0 in main ()
 [2011-08-05 02:29 UTC] dan at velsoft dot com
As an additional note: I've tried disabling xdebug, thinking it may be that, 
however the above code still resulted in a segfault on my machine.
 [2011-08-05 12:35 UTC] dan at velsoft dot com
-Operating System: OS X 10.7 +Operating System: OS X 10.7 + Linux 64bit
 [2011-08-05 12:35 UTC] dan at velsoft dot com
Also causes a segfault on a 64bit Linux machine
 [2011-08-13 04:50 UTC] laruence@php.net
-Status: Open +Status: Feedback -Package: Reproducible crash +Package: Scripting Engine problem
 [2011-08-13 04:50 UTC] laruence@php.net
I can reproduce it on linux 64 bit, and I have a quick look at PHP 5.3.7, it seems no such issues in PHP 5.3.7 , please try PHP 5.3.7 RC5. If the problem is still there in PHP 5.3.7 plz change the status back to "Open". Thank you for helping us make PHP better.
 [2011-08-14 21:36 UTC] dan at velsoft dot com
-Status: Feedback +Status: Closed
 [2011-08-14 21:36 UTC] dan at velsoft dot com
It is fixed in PHP5.3.7RC5.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Tue Jan 19 22:01:23 2021 UTC