php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #62907 Double free when use traits
Submitted: 2012-08-23 15:31 UTC Modified: 2012-10-22 14:47 UTC
Votes:3
Avg. Score:3.7 ± 0.9
Reproduced:3 of 3 (100.0%)
Same Version:2 (66.7%)
Same OS:1 (33.3%)
From: laruence@php.net Assigned: dmitry
Status: Closed Package: Scripting Engine problem
PHP Version: 5.4.6 OS:
Private report: No CVE-ID:
 [2012-08-23 15:31 UTC] laruence@php.net
Description:
------------
This bug is related to #61998, but was spotting when I fixing the bug #62358, PS: 
it really tough to refine this reproduce script :)




Test script:
---------------
<?php

function __autoload($name) {
    if ($name == "B") {
        eval ("abstract class B extends A { }");
    } else if ($name == "A") {
        eval ("abstract class A { use T { T::__construct as __asconstruct; }}");
    } else if ($name == "T") {
        eval ("trait T { public function __construct() { } }");
    }
    return TRUE;
}

class C extends B {
    public function __construct() {
    }
}

Expected result:
----------------
no error

Actual result:
--------------
[Thu Aug 23 23:34:22 2012]  Script:  '/home/huixinchen/bug_double_free.phpt'
---------------------------------------
/home/huixinchen/opensource/trunk/Zend/zend_opcode.c(392) : Block 0x2b2c499c8820 
status:
Beginning:  	Cached
Freed (invalid)
    Start:	OK
      End:	OK
---------------------------------------
[Thu Aug 23 23:34:22 2012]  Script:  '/home/huixinchen/bug_double_free.phpt'
Zend/zend_language_scanner.l(1903) :  Freeing 0x2B2C499C4AA0 (12 bytes), 
script=/home/huixinchen/bug_double_free.phpt
=== Total 1 memory leaks detected ===

Patches

alias.diff (last revision 2012-09-04 08:12 UTC) by dmitry@php.net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-08-23 15:32 UTC] laruence@php.net
-Assigned To: +Assigned To: laruence
 [2012-08-23 15:32 UTC] laruence@php.net
assign to my self.
 [2012-08-26 10:33 UTC] laruence@php.net
Unless we re-implement the whole alias thing, drop the tricky.

we could not fix this properly, even we can do some works in the abstrct methods 
copy, but it still in a wrong way.

Dmitry,  could you please look at this?

thanks
 [2012-08-26 10:33 UTC] laruence@php.net
-Assigned To: laruence +Assigned To: dmitry
 [2012-09-04 08:12 UTC] dmitry@php.net
The following patch has been added/updated:

Patch Name: alias.diff
Revision:   1346746351
URL:        https://bugs.php.net/patch-display.php?bug=62907&patch=alias.diff&revision=1346746351
 [2012-09-05 06:02 UTC] dmitry@php.net
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=6c0508f8d5d5a62adb37a76bc682c94540199ee3
Log: Fixed bug #62907 (Double free when use traits)
 [2012-09-05 06:04 UTC] dmitry@php.net
-Status: Assigned +Status: Closed
 [2012-09-05 06:04 UTC] dmitry@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 [2012-10-22 14:21 UTC] laruence@php.net
-Status: Closed +Status: Re-Opened
 [2012-10-22 14:21 UTC] laruence@php.net
see #63305
 [2012-10-22 14:47 UTC] laruence@php.net
-Status: Re-Opened +Status: Closed
 [2012-10-22 14:47 UTC] laruence@php.net
hmm, no need to re-open this one, since we already have a new bug report..
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 16 18:01:53 2014 UTC