php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #61998 Using traits with method aliases appears to result in crash during execution.
Submitted: 2012-05-10 16:02 UTC Modified: 2012-05-21 10:13 UTC
Votes:8
Avg. Score:4.6 ± 0.7
Reproduced:6 of 6 (100.0%)
Same Version:6 (100.0%)
Same OS:5 (83.3%)
From: rbarbosa at revelex dot com Assigned: dmitry
Status: Closed Package: Reproducible crash
PHP Version: 5.4.3 OS: Redhat Linux - Kernel 2.6.18
Private report: No CVE-ID:
 [2012-05-10 16:02 UTC] rbarbosa at revelex dot com
Description:
------------
During testing in out application under development we began experiencing crashes in the PHP module with an error indicating "zend_mm_heap corrupted."

As this was occurring in a larger application, we noticed it did not begin occurring until we include method aliases in a trait we'd written.

We loaded a debug build of PHP 5.4.3 and observed the following error message:

[Thu May 10 10:46:13 2012]  Script:  '/home/xxxxxxx/public_html/www/app/portal.rvlx'
---------------------------------------
/opt/src/apache2.2/php-5.4.3/Zend/zend_opcode.c(235) : Block 0x09ef4914 status:
Invalid pointer: ((size=0x00000038) != (next.prev=0x00000420))
---------------------------------------

We then developed a small sandbox test which included a simple script with a trait with method a alias. This did not yield the same error message, but it did indicate a failure with the same line of code, zend_opcode.c:235. It also referenced another file with a different error:

[Thu May 10 11:16:36 2012]  Script:  '/home/xxxxxxx/public_html/www/sites/traitBug/trait_bug_test.php'
Zend/zend_language_scanner.l(1889) :  Freeing 0xB7EFAFD4 (12 bytes), script=/home/crussell/public_html/www/sites/traitBug/trait_bug_test.php
=== Total 1 memory leaks detected ===
[Thu May 10 11:16:36 2012]  Script:  '/home/xxxxxxx/public_html/www/sites/traitBug/trait_bug_test.php'
---------------------------------------
/opt/src/apache2.2/php-5.4.3/Zend/zend_opcode.c(235) : Block 0xb7ef87d4 status:
Beginning:      Cached
Freed (invalid)
    Start:      OK
      End:      OK
---------------------------------------

Two adjustments to the scripts would clear this error. Either eliminating the use of the autoloader and performing a "require_once" statement in the code, or eliminating the method alias. Either of those 2 actions eliminates this error from our logs.

Both trait method aliasing and autoloader functionality are vital to our application, so we're eager to see this issue resolved.

When executed in our application, this error results in immediate closure of the apache connection and a zero length response.

Test script:
---------------
I do not have a test script, but I do have a zip file with a directory containing the trait files and executable PHP code to replicate this issue.

Please contact me at my email address rbarbosa@revelex.com, when the bug has been assigned and I will send you the archive with test scripts.

Expected result:
----------------
Expectation is that the script would execute without any errors in the apache logs.

Actual result:
--------------
See the bug description.

Patches

bug61998.patch (last revision 2012-05-21 08:30 UTC) by dmitry at zend dot com)
bug61998.phpt (last revision 2012-05-19 06:17 UTC) by laruence@php.net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-05-11 01:04 UTC] felipe@php.net
-Status: Open +Status: Feedback
 [2012-05-11 01:04 UTC] felipe@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.


 [2012-05-15 04:32 UTC] reeze dot xia at gmail dot com
Thanks ron for your test script. I've make a minimal reproducible one below:

In Class1:
newFunc was referred to T::func
func was itself (by overriding);

In T
func was referred by T and itself;

--- since class was destroyed by reverse order --
1. Destroy T: will not release the function name defined in trait. since
   the Class1 referred to this function.
2. Destroy Class1:it will destroy the alias name since the aliased
   function name was referred to it.(this leave the original function name
   in trait unreleased). after destroy function table it will destroy
   alias info. but alias was already destroyed in function table releasing 
phrase.
   This cause double free(crash).

Solutions:
1. Copy the whole function will solve the problem. but it was too heavy.
2. Don't change the aliases function's name, since function call are always 
lookup by hash key name.
    but it will make reflection unhappy and can't throw right error message for 
function.
3. Make a reference in function table if trait function was overrided to avoid 
releasing problem.
    This need to change reflection ignore it.get_defined_functions() & 
get_delcared_clesses()
    use this trick to filter special entry. so we need to change 
ReflectionClass::getMethods().

In summary I prefer option 3.  What do you think? 
and I made PR: https://github.com/php/php-src/pull/83

------ Test script ---------------
<?php
class Class1 {
    use T {
        func as newFunc;
    }

    public function func() { // <------------ if this override trait method and 
the method get aliased will lead crash
        echo "From Class1::func\n";
    }
}

class Class2 {
    use T;
}

trait T {  // <------------------------------ declare after the Class1 and it 
will be destroy before Class1
    public function func() {
        echo "From trait T\n";
    }
}
 [2012-05-19 06:16 UTC] laruence@php.net
The following patch has been added/updated:

Patch Name: bug61998.patch
Revision:   1337408198
URL:        https://bugs.php.net/patch-display.php?bug=61998&patch=bug61998.patch&revision=1337408198
 [2012-05-19 06:17 UTC] laruence@php.net
The following patch has been added/updated:

Patch Name: bug61998.phpt
Revision:   1337408220
URL:        https://bugs.php.net/patch-display.php?bug=61998&patch=bug61998.phpt&revision=1337408220
 [2012-05-19 06:17 UTC] laruence@php.net
-Assigned To: +Assigned To: dmitry
 [2012-05-19 06:17 UTC] laruence@php.net
Dmitry,  could you please look at the patch(attached) for this?  thanks
 [2012-05-21 08:34 UTC] dmitry at zend dot com
I think my patch is more clear. Please take a look if you see any problems with it.

The malloc -> emalloc part of your patch, that is not directly related to this bug, makes full sense. I think you can commit it.
 [2012-05-21 09:46 UTC] dmitry@php.net
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=c8f47a8e7c36bf57188b6172ffc0fbc6028f3050
Log: Fixed bug #61998 (Using traits with method aliases appears to result in crash during execution)
 [2012-05-21 09:46 UTC] dmitry@php.net
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=7632a32ef94be48c8d4f37bbca7cde458fbf20b9
Log: Fixed bug #61998 (Using traits with method aliases appears to result in crash during execution)
 [2012-05-21 10:04 UTC] dmitry@php.net
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=2ae8d2fbfb8797b1038ad64c267ee0797f977671
Log: Fixed bug #61998 (Using traits with method aliases appears to result in crash during execution)
 [2012-05-21 10:04 UTC] dmitry@php.net
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=90e23107a2acba1fd53b7e799372eb9f24194a56
Log: Fixed bug #61998 (Using traits with method aliases appears to result in crash during execution)
 [2012-05-21 10:04 UTC] dmitry@php.net
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=c8f47a8e7c36bf57188b6172ffc0fbc6028f3050
Log: Fixed bug #61998 (Using traits with method aliases appears to result in crash during execution)
 [2012-05-21 10:13 UTC] dmitry@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 [2012-05-21 10:13 UTC] dmitry@php.net
-Status: Feedback +Status: Closed
 [2012-07-24 23:35 UTC] rasmus@php.net
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=90e23107a2acba1fd53b7e799372eb9f24194a56
Log: Fixed bug #61998 (Using traits with method aliases appears to result in crash during execution)
 [2012-07-24 23:36 UTC] rasmus@php.net
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=7632a32ef94be48c8d4f37bbca7cde458fbf20b9
Log: Fixed bug #61998 (Using traits with method aliases appears to result in crash during execution)
 [2013-11-17 09:32 UTC] laruence@php.net
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=90e23107a2acba1fd53b7e799372eb9f24194a56
Log: Fixed bug #61998 (Using traits with method aliases appears to result in crash during execution)
 [2013-11-17 09:32 UTC] laruence@php.net
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=7632a32ef94be48c8d4f37bbca7cde458fbf20b9
Log: Fixed bug #61998 (Using traits with method aliases appears to result in crash during execution)
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 19:02:15 2014 UTC