php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #62500 Segfault in DateInterval class when extended
Submitted: 2012-07-07 15:53 UTC Modified: 2012-07-08 16:29 UTC
From: rik at c-ict dot com Assigned: laruence
Status: Closed Package: Reproducible crash
PHP Version: 5.4.4 OS: At least Linux
Private report: No CVE-ID:
 [2012-07-07 15:53 UTC] rik at c-ict dot com
Description:
------------
Hello,

I found a way to reproduce a segfault on at least linux but possibly on other OS'es as wel.

It is very simple to reproduce:
 1 overload the DateInterval in a new class.
 2 overload the constructor
 3 use one of the member variables.

[Sat Jul 07 17:46:32 2012] [notice] child pid 5775 exit signal Segmentation fault (11)

I tested with PHP 5.4.4 and it is there, but it also exists in PHP 5.3

Test script:
---------------
<?php

class Crasher extends DateInterval {

        public function __construct($time_spec) {
                echo "Yes i did it, with the next statement it gives a segfault\n";
		// It doesn't matter if we take the y parameter or any other.
                $this->y = 3;
        }

}

$c = new Crasher('blah');

?>


Expected result:
----------------
Yes i did it, with the next statement it gives a segfault
Segmentation fault



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-07-07 16:00 UTC] rik at c-ict dot com
Also a short note,
This problem can be worked around by calling the parent constructor before accessing any members.
 [2012-07-08 08:19 UTC] reeze dot xia at gmail dot com
It missing a initialized checking when accessing member variable.
I've sent a patch here: https://github.com/php/php-src/pull/123
 [2012-07-08 16:26 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e3b9b1e6dc016d9128ac5e9ed95aa5b1a5065e5f
Log: Fixed Bug #62500 (Segfault in DateInterval class when extended)
 [2012-07-08 16:28 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e3b9b1e6dc016d9128ac5e9ed95aa5b1a5065e5f
Log: Fixed Bug #62500 (Segfault in DateInterval class when extended)
 [2012-07-08 16:29 UTC] laruence@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: laruence
 [2012-07-08 16:29 UTC] laruence@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 [2012-07-10 10:43 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=bcf5853eaa8b8be793d4a1bd325eaea68cfe57bb
Log: Fixed Bug #62500 (Segfault in DateInterval class when extended)
 [2012-07-10 10:44 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=bcf5853eaa8b8be793d4a1bd325eaea68cfe57bb
Log: Fixed Bug #62500 (Segfault in DateInterval class when extended)
 [2012-07-10 10:45 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=bcf5853eaa8b8be793d4a1bd325eaea68cfe57bb
Log: Fixed Bug #62500 (Segfault in DateInterval class when extended)
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 12:01:52 2014 UTC