php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #60444 Segmentation fault with include & class extending
Submitted: 2011-12-05 02:44 UTC Modified: 2011-12-05 09:36 UTC
From: php-bugs at majkl578 dot cz Assigned: dmitry
Status: Closed Package: Reproducible crash
PHP Version: 5.4SVN-2011-12-05 (snap) OS: Linux Debian
Private report: No CVE-ID:
 [2011-12-05 02:44 UTC] php-bugs at majkl578 dot cz
Description:
------------
Crash on combination of class & include & extends.

Test script:
---------------
a.php:
<?php

class Foo
	public function __construct() {
		require_once __DIR__ . '/b.php';
		Some::foo($this);
	}
}

new Foo;

----------------------------------------------
b.php:
<?php

class Some {
	public static function foo(Foo $foo) {}
}

class Bar extends Foo {}

----------------------------------------------

Now execute a.php.

Expected result:
----------------
no segfault

Actual result:
--------------
SIGSEGV

backtrace:
#0  0x0000000000a0e910 in ZEND_INIT_STATIC_METHOD_CALL_SPEC_CONST_CONST_HANDLER (execute_data=0x7f7113df5200) at /storage/build/php/5.4/php5.4-201112050130/Zend/zend_vm_execute.h:3399
#1  0x0000000000a02483 in execute (op_array=0x7f7113e2c290) at /storage/build/php/5.4/php5.4-201112050130/Zend/zend_vm_execute.h:410
#2  0x00000000009c4c82 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /storage/build/php/5.4/php5.4-201112050130/Zend/zend.c:1272
#3  0x000000000093a3b2 in php_execute_script (primary_file=0x7fffb311e710) at /storage/build/php/5.4/php5.4-201112050130/main/main.c:2414
#4  0x0000000000b09d55 in do_cli (argc=2, argv=0x7fffb311eac8) at /storage/build/php/5.4/php5.4-201112050130/sapi/cli/php_cli.c:983
#5  0x0000000000b0adea in main (argc=2, argv=0x7fffb311eac8) at /storage/build/php/5.4/php5.4-201112050130/sapi/cli/php_cli.c:1356

Patches

bug60444.phpt (last revision 2011-12-05 08:19 UTC) by laruence@php.net)
bug60444.patch (last revision 2011-12-05 08:18 UTC) by laruence@php.net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-12-05 08:18 UTC] laruence@php.net
The following patch has been added/updated:

Patch Name: bug60444.patch
Revision:   1323073138
URL:        https://bugs.php.net/patch-display.php?bug=60444&patch=bug60444.patch&revision=1323073138
 [2011-12-05 08:19 UTC] laruence@php.net
The following patch has been added/updated:

Patch Name: bug60444.phpt
Revision:   1323073171
URL:        https://bugs.php.net/patch-display.php?bug=60444&patch=bug60444.phpt&revision=1323073171
 [2011-12-05 08:20 UTC] laruence@php.net
-Assigned To: +Assigned To: dmitry
 [2011-12-05 08:20 UTC] laruence@php.net
Hi dmitry, could you plz review this patch, thanks ;)
 [2011-12-05 08:53 UTC] laruence@php.net
the reason is, the run_time_cache was erased in the function_add_ref, call stack :

#0  function_add_ref (function=0x2a95de5c88) at php-src/trunk/Zend/zend_compile.c:2793
#1  0x000000000087c589 in do_inherit_method (function=0x2a95de5c88) at php-src/trunk/Zend/zend_compile.c:2925
#2  0x00000000008b46ef in zend_hash_merge_ex (target=0x2a95de5a20, source=0x2a95de4c30, pCopyConstructor=0x87c574 <do_inherit_method>, size=240, 
    pMergeSource=0x87d9a6 <do_inherit_method_check>, pParam=0x2a95de59f8) at php-src/trunk/Zend/zend_hash.c:894
#3  0x000000000087eb2e in zend_do_inheritance (ce=0x2a95de59f8, parent_ce=0x2a95de4c08) at php-src/trunk/Zend/zend_compile.c:3492
#4  0x0000000000882878 in do_bind_inherited_class (op_array=0x2a95de5028, opline=0x2a95de7420, class_table=0xfc9c30, parent_ce=0x2a95de4c08, compile_time=1 '\001')
    at php-src/trunk/Zend/zend_compile.c:4602
#5  0x0000000000882b1f in zend_do_early_binding () at php-src/trunk/Zend/zend_compile.c:4659
#6  0x000000000084ff29 in zendparse () at php-src/trunk/Zend/zend_language_parser.y:230
#7  0x0000000000857db5 in compile_file (file_handle=0x7fbfffc990, type=2) at Zend/zend_language_scanner.l:579
#8  0x00000000006af276 in phar_compile_file (file_handle=0x7fbfffc990, type=2) at php-src/trunk/ext/phar/phar.c:3391
#9  0x0000000000857f65 in compile_filename (type=2, filename=0x2a95de6988) at Zend/zend_language_scanner.l:622
#10 0x00000000008e3019 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (execute_data=0x2a95dac220) at php-src/trunk/Zend/zend_vm_execute.h:2587
#11 0x00000000008daa02 in execute (op_array=0x2a95de5fc8) at php-src/trunk/Zend/zend_vm_execute.h:410
#12 0x00000000008a317f in zend_execute_scripts (type=8, retval=0x0, file_count=3) at php-src/trunk/Zend/zend.c:1272
#13 0x0000000000822b58 in php_execute_script (primary_file=0x7fbffff2d0) at php-src/trunk/main/main.c:2414
#14 0x00000000009c4381 in do_cli (argc=2, argv=0x7fbffff5b8) at php-src/trunk/sapi/cli/php_cli.c:983
#15 0x00000000009c5222 in main (argc=2, argv=0x7fbffff5b8) at php-src/trunk/sapi/cli/php_cli.c:1356


thanks
 [2011-12-05 09:19 UTC] dmitry@php.net
Automatic comment from SVN on behalf of dmitry
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=320403
Log: Fixed bug #60444 (Segmentation fault with include &amp; class extending)
 [2011-12-05 09:36 UTC] dmitry@php.net
-Status: Assigned +Status: Closed
 [2011-12-05 09:36 UTC] dmitry@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 [2012-04-18 09:47 UTC] laruence@php.net
Automatic comment on behalf of dmitry
Revision: http://git.php.net/?p=php-src.git;a=commit;h=30328dcbab7c8cf86a0e2c89455e275dd0a9d08d
Log: Fixed bug #60444 (Segmentation fault with include &amp; class extending)
 [2012-07-24 23:38 UTC] rasmus@php.net
Automatic comment on behalf of dmitry
Revision: http://git.php.net/?p=php-src.git;a=commit;h=30328dcbab7c8cf86a0e2c89455e275dd0a9d08d
Log: Fixed bug #60444 (Segmentation fault with include &amp; class extending)
 [2013-11-17 09:34 UTC] laruence@php.net
Automatic comment on behalf of dmitry
Revision: http://git.php.net/?p=php-src.git;a=commit;h=30328dcbab7c8cf86a0e2c89455e275dd0a9d08d
Log: Fixed bug #60444 (Segmentation fault with include &amp; class extending)
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 24 20:02:09 2014 UTC