php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #61011 Crash when an exception is thrown by __autoload accessing a static property
Submitted: 2012-02-08 14:47 UTC Modified: 2012-03-02 03:12 UTC
From: aharvey@php.net Assigned: laruence
Status: Closed Package: Reproducible crash
PHP Version: 5.4SVN-2012-02-08 (SVN) OS: OSX 10.6.8 & Linux
Private report: No CVE-ID:
 [2012-02-08 14:47 UTC] aharvey@php.net
Description:
------------
I get a reproducible crash on PHP_5_4 and trunk when accessing a static property 
on a non-existent class with an autoloader registered if the __autoload() function 
throws an exception.

PHP_5_3 doesn't crash, and throws an exception as expected.

Test script:
---------------
<?php
function __autoload($class) {
    throw new Exception($class);
}

echo 'referencing a static property on a non existent object... ';
NonExistentObject::$property;

Expected result:
----------------
referencing a static property on a non existent object... 
Fatal error: Uncaught exception 'Exception' with message 'NonExistentObject' in 
/private/tmp/native-autoload.php:3
Stack trace:
#0 /private/tmp/native-autoload.php(7): __autoload('NonExistentObje...')
#1 {main}
  thrown in /private/tmp/native-autoload.php on line 3

Actual result:
--------------
referencing a static property on a non existent object... Segmentation fault

GDB session with backtrace:

adam@shard:~/trees/php-src/branches/PHP_5_4$ gdb ./sapi/cli/php
GNU gdb (GDB) 7.1-ubuntu
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/adam/trees/php-
src/branches/PHP_5_4/sapi/cli/php...pdone.
(gdb) r /tmp/native-autoload.php 
Starting program: /home/adam/trees/php-src/branches/PHP_5_4/sapi/cli/php 
/tmp/native-autoload.php
[Thread debugging using libthread_db enabled]
referencing a static property on a non existent object... 
Program received signal SIGSEGV, Segmentation fault.
0x083d0d39 in _zend_is_inconsistent (ht=0x44, file=0x87bb748 
"/home/adam/trees/php-src/branches/PHP_5_4/Zend/zend_hash.c", line=946) at 
/home/adam/trees/php-src/branches/PHP_5_4/Zend/zend_hash.c:54
54		if (ht->inconsistent==HT_OK) {
(gdb) bt
#0  0x083d0d39 in _zend_is_inconsistent (ht=0x44, file=0x87bb748 
"/home/adam/trees/php-src/branches/PHP_5_4/Zend/zend_hash.c", line=946) at 
/home/adam/trees/php-src/branches/PHP_5_4/Zend/zend_hash.c:54
#1  0x083d36d4 in zend_hash_quick_find (ht=0x44, arKey=0xb7b60d40 "property", 
nKeyLength=9, h=2332364938, pData=0xbfffd01c) at /home/adam/trees/php-
src/branches/PHP_5_4/Zend/zend_hash.c:946
#2  0x083f1711 in zend_std_get_static_property (ce=0x0, property_name=0xb7b60d40 
"property", property_name_len=8, silent=0 '\000', key=0xb7c6b67c)
    at /home/adam/trees/php-
src/branches/PHP_5_4/Zend/zend_object_handlers.c:1232
#3  0x0840369b in zend_fetch_var_address_helper_SPEC_CONST_CONST (type=0, 
execute_data=0xb7c4f074) at /home/adam/trees/php-
src/branches/PHP_5_4/Zend/zend_vm_execute.h:3244
#4  0x08403bfe in ZEND_FETCH_R_SPEC_CONST_CONST_HANDLER 
(execute_data=0xb7c4f074) at /home/adam/trees/php-
src/branches/PHP_5_4/Zend/zend_vm_execute.h:3335
#5  0x083f94b7 in execute (op_array=0xb7c6a4d0) at /home/adam/trees/php-
src/branches/PHP_5_4/Zend/zend_vm_execute.h:410
#6  0x083c3ec9 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at 
/home/adam/trees/php-src/branches/PHP_5_4/Zend/zend.c:1272
#7  0x08348b0e in php_execute_script (primary_file=0xbffff518) at 
/home/adam/trees/php-src/branches/PHP_5_4/main/main.c:2475
#8  0x084da44e in do_cli (argc=2, argv=0xbffff7a4) at /home/adam/trees/php-
src/branches/PHP_5_4/sapi/cli/php_cli.c:983
#9  0x084db492 in main (argc=2, argv=0xbffff7a4) at /home/adam/trees/php-
src/branches/PHP_5_4/sapi/cli/php_cli.c:1356
(gdb) 

Patches

bug61011.phpt (last revision 2012-02-11 03:14 UTC) by laruence@php.net)
bug61011.patch (last revision 2012-02-11 03:13 UTC) by laruence@php.net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-02-08 16:05 UTC] laruence@php.net
The following patch has been added/updated:

Patch Name: bug61011.patch
Revision:   1328717135
URL:        https://bugs.php.net/patch-display.php?bug=61011&patch=bug61011.patch&revision=1328717135
 [2012-02-08 16:05 UTC] laruence@php.net
The following patch has been added/updated:

Patch Name: bug61011.phpt
Revision:   1328717158
URL:        https://bugs.php.net/patch-display.php?bug=61011&patch=bug61011.phpt&revision=1328717158
 [2012-02-08 16:07 UTC] laruence@php.net
I am not sure whether the patch is okey(it seems related to CACHE mechanism). 
anyway the patch will show where the problem comes from. 

Dmitry, could plz look at this?  thanks .
 [2012-02-08 16:07 UTC] laruence@php.net
-Assigned To: +Assigned To: dmitry
 [2012-02-11 03:13 UTC] laruence@php.net
The following patch has been added/updated:

Patch Name: bug61011.patch
Revision:   1328929988
URL:        https://bugs.php.net/patch-display.php?bug=61011&patch=bug61011.patch&revision=1328929988
 [2012-02-11 03:14 UTC] laruence@php.net
The following patch has been added/updated:

Patch Name: bug61011.phpt
Revision:   1328930087
URL:        https://bugs.php.net/patch-display.php?bug=61011&patch=bug61011.phpt&revision=1328930087
 [2012-02-11 03:16 UTC] laruence@php.net
Hi, I attached a improved patch and phpt.  thanks
 [2012-02-25 03:14 UTC] laruence@php.net
Automatic comment from SVN on behalf of laruence
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=323486
Log: test for bug #61011
 [2012-02-25 13:56 UTC] laruence@php.net
Automatic comment from SVN on behalf of laruence
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=323510
Log: Fixed bug #61011 (Crash when an exception is thrown by __autoload accessing a static property)
 [2012-02-25 13:59 UTC] laruence@php.net
Dmitry, after a deep test,  I think it is okey to apply,  however, you might want 
to review it when you have time :).

fixed in trunk, leave this open utill merge to 5.4 branch
 [2012-02-25 13:59 UTC] laruence@php.net
-Assigned To: dmitry +Assigned To: laruence
 [2012-03-02 03:12 UTC] laruence@php.net
Automatic comment from SVN on behalf of laruence
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=323767
Log: MFH: Fixed bug #61011 (Crash when an exception is thrown by __autoload accessing a static property)
 [2012-03-02 03:12 UTC] laruence@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 [2012-03-02 03:12 UTC] laruence@php.net
-Status: Assigned +Status: Closed
 [2012-04-18 09:45 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=89b07b3a201c124c10f2806778f1f0b5bb67dc89
Log: MFH: Fixed bug #61011 (Crash when an exception is thrown by __autoload accessing a static property)
 [2012-04-18 09:46 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=229e55632ddfe4631d206c57f35eebd20e33d95b
Log: Fixed bug #61011 (Crash when an exception is thrown by __autoload accessing a static property)
 [2012-07-24 23:37 UTC] rasmus@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=89b07b3a201c124c10f2806778f1f0b5bb67dc89
Log: MFH: Fixed bug #61011 (Crash when an exception is thrown by __autoload accessing a static property)
 [2012-07-24 23:37 UTC] rasmus@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=229e55632ddfe4631d206c57f35eebd20e33d95b
Log: Fixed bug #61011 (Crash when an exception is thrown by __autoload accessing a static property)
 [2013-11-17 09:33 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=89b07b3a201c124c10f2806778f1f0b5bb67dc89
Log: MFH: Fixed bug #61011 (Crash when an exception is thrown by __autoload accessing a static property)
 [2013-11-17 09:33 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=229e55632ddfe4631d206c57f35eebd20e33d95b
Log: Fixed bug #61011 (Crash when an exception is thrown by __autoload accessing a static property)
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 23 09:02:23 2014 UTC