php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #65291 get_defined_constants() causes PHP to crash in a very limited case.
Submitted: 2013-07-18 17:54 UTC Modified: 2013-07-20 10:07 UTC
From: gregbenner1 at gmail dot com Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 5.4.17 OS: CentOS 6.4
Private report: No CVE-ID:
 [2013-07-18 17:54 UTC] gregbenner1 at gmail dot com
Description:
------------
The function get_defined_constants(); (with or without the bool parameter) causes 
PHP to segfault when used in the same script as a Class that uses a Trait which 
has the __CLASS__ magic constant somewhere in it.

If you replace __CLASS__ with get_called_class() it works fine.

Test script:
---------------
<?php

trait TestTrait
{
    public static function testStaticFunction()
    {
        return __CLASS__;
    }
}
class Tester
{
    use TestTrait;
}
$tester = Tester::testStaticFunction();

get_defined_constants();
echo "It Worked!";

Expected result:
----------------
The text "It Worked!" output.

Actual result:
--------------
PHP crashes and the following is left in my Apache error log:
[Thu Jul 18 13:22:33 2013] [notice] child pid ##### exit signal Segmentation fault 
(11)

Patches

Patch-for-65291 (last revision 2013-07-20 03:50 UTC) by reeze@php.net)

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-07-18 20:27 UTC] arpad@php.net
-Status: Open +Status: Verified
 [2013-07-18 20:27 UTC] arpad@php.net
Program received signal SIGSEGV, Segmentation fault.
add_assoc_zval_ex (arg=0x7ffff7fbe4e8, key=0x0, key_len=0, value=0x7ffff69a7398) at /home/arpad/w/php/php-src/Zend/zend_API.c:1275
1275		return zend_symtable_update(Z_ARRVAL_P(arg), key, key_len, (void *) &value, sizeof(zval *), NULL);
(gdb) bt
#0  add_assoc_zval_ex (arg=0x7ffff7fbe4e8, key=0x0, key_len=0, value=0x7ffff69a7398)
    at /home/arpad/w/php/php-src/Zend/zend_API.c:1275
#1  0x0000000000588a38 in add_constant_info (constant=0xa8df70, arg=0x7ffff7fbe4e8)
    at /home/arpad/w/php/php-src/Zend/zend_builtin_functions.c:1933
#2  0x0000000000585e8a in zend_hash_apply_with_argument (ht=0x99ccb0, apply_func=0x5889b0 <add_constant_info>, 
    argument=0x7ffff7fbe4e8) at /home/arpad/w/php/php-src/Zend/zend_hash.c:740
#3  0x000000000058b0b4 in zif_get_defined_constants (ht=<optimised out>, return_value=0x7ffff7fbe4e8, 
    return_value_ptr=<optimised out>, this_ptr=<optimised out>, return_value_used=<optimised out>)
    at /home/arpad/w/php/php-src/Zend/zend_builtin_functions.c:2023
#4  0x000000000061a51d in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7f8b060)
    at /home/arpad/w/php/php-src/Zend/zend_vm_execute.h:643
#5  0x00000000005d69dc in execute (op_array=0x7ffff7fc0c90) at /home/arpad/w/php/php-src/Zend/zend_vm_execute.h:410
#6  0x0000000000579a69 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/arpad/w/php/php-src/Zend/zend.c:1315
#7  0x000000000051a6b8 in php_execute_script (primary_file=0x7fffffffcee0) at /home/arpad/w/php/php-src/main/main.c:2497
#8  0x000000000061cc44 in do_cli (argc=2, argv=0x7fffffffe2d8) at /home/arpad/w/php/php-src/sapi/cli/php_cli.c:989
#9  0x0000000000418ab3 in main (argc=2, argv=0x7fffffffe2d8) at /home/arpad/w/php/php-src/sapi/cli/php_cli.c:1365
 [2013-07-20 03:50 UTC] reeze@php.net
The following patch has been added/updated:

Patch Name: Patch-for-65291
Revision:   1374292240
URL:        https://bugs.php.net/patch-display.php?bug=65291&patch=Patch-for-65291&revision=1374292240
 [2013-07-20 03:51 UTC] reeze@php.net
There is one more case  get_defined_constants(true) :)
 [2013-07-20 10:07 UTC] arpad@php.net
Oops, good point, updated PR.
 [2013-07-21 08:19 UTC] laruence@php.net
Automatic comment on behalf of arraypad@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=b963249456b043dba4a73cc6591d0eef11cebfbb
Log: Fixed bug #65291 - get_defined_constants() crash with __CLASS__ in trait
 [2013-07-21 08:19 UTC] laruence@php.net
-Status: Verified +Status: Closed
 [2013-07-21 08:19 UTC] laruence@php.net
Automatic comment on behalf of arraypad@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a015fa83a735da7342dd7ae172c4516265bed41d
Log: Fixed bug #65291 - get_defined_constants() crash with __CLASS__ in trait
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Mon Apr 21 14:02:18 2014 UTC