php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #65579 Using traits with get_class_methods causes segfault
Submitted: 2013-08-29 02:54 UTC Modified: 2013-08-29 05:59 UTC
From: ray at snapws dot com Assigned: laruence
Status: Closed Package: Reproducible crash
PHP Version: 5.5.3 OS: Linux and Mac
Private report: No CVE-ID:
 [2013-08-29 02:54 UTC] ray at snapws dot com
Description:
------------
When using multiple traits in a certain way, using get_class_methods() causes a 
segmentation fault crash. I tested this on the following PHP versions and 
Operating systems

Mac OSX 10.8.4 PHP 5.5.0 and PHP 5.5.3
Fedora Core 19 PHP 5.5.0 and PHP 5.5.3

On php 5.4.8, the crash doesn't happen and all works as it should.

Test script:
---------------
<?php
trait parentTrait {
	public function testMethod() { }
}

trait childTrait {
	use parentTrait {
		testMethod as testMethodFromParentTrait;
	}
	public function testMethod() { }
}

class testClass {
	use childTrait;
}

$obj = new testClass();
print "Created Object successfully\n";
get_class_methods($obj);
print "Goodbye\n";

Expected result:
----------------
Expected output is:

Created Object successfully
Goodbye



Actual result:
--------------
Actual output on Mac is:

Created Object successfully
Segmentation fault: 11

On Fedora Core 19 output is:

Created Object successfully
Segmentation fault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-08-29 03:03 UTC] aharvey@php.net
-Status: Open +Status: Verified
 [2013-08-29 03:03 UTC] aharvey@php.net
This segfaults on current 5.4, 5.5 and master builds for me on x86-64 Linux.

The backtraces are all pretty much the same. The 5.4 segfault and backtrace:

(gdb) r test.php
Starting program: /home/adamh/trees/php-src/5.4/sapi/cli/php test.php
Created Object successfully

Program received signal SIGSEGV, Segmentation fault.
0x0000000000625136 in zend_find_alias_name (ce=0x7ffff7fc5640, 
    name=0x7ffff7fc3bf8 "testmethodfromparenttrait", len=25)
    at /home/adamh/trees/php-src/5.4/Zend/zend_API.c:3921
3921		alias = *alias_ptr;
(gdb) bt
#0  0x0000000000625136 in zend_find_alias_name (ce=0x7ffff7fc5640, 
    name=0x7ffff7fc3bf8 "testmethodfromparenttrait", len=25)
    at /home/adamh/trees/php-src/5.4/Zend/zend_API.c:3921
#1  0x000000000062d9dd in zif_get_class_methods (ht=1, 
return_value=0x7ffff7fc4080, 
    return_value_ptr=0x0, this_ptr=0x0, return_value_used=0)
    at /home/adamh/trees/php-src/5.4/Zend/zend_builtin_functions.c:1095
#2  0x0000000000650cce in zend_do_fcall_common_helper_SPEC 
(execute_data=0x7ffff7f8b0e8)
    at /home/adamh/trees/php-src/5.4/Zend/zend_vm_execute.h:643
#3  0x0000000000654d8c in ZEND_DO_FCALL_SPEC_CONST_HANDLER 
(execute_data=0x7ffff7f8b0e8)
    at /home/adamh/trees/php-src/5.4/Zend/zend_vm_execute.h:2233
#4  0x000000000065028b in execute (op_array=0x7ffff7fc3140)
    at /home/adamh/trees/php-src/5.4/Zend/zend_vm_execute.h:410
#5  0x0000000000616817 in zend_execute_scripts (type=8, retval=0x0, 
file_count=3)
    at /home/adamh/trees/php-src/5.4/Zend/zend.c:1317
#6  0x000000000058cd53 in php_execute_script (primary_file=0x7fffffffcc30)
    at /home/adamh/trees/php-src/5.4/main/main.c:2502
#7  0x00000000006b7f15 in do_cli (argc=2, argv=0x7fffffffe088)
    at /home/adamh/trees/php-src/5.4/sapi/cli/php_cli.c:989
#8  0x00000000006b90d6 in main (argc=2, argv=0x7fffffffe088)
    at /home/adamh/trees/php-src/5.4/sapi/cli/php_cli.c:1365
 [2013-08-29 03:16 UTC] aharvey@php.net
https://github.com/php/php-src/commit/7dce0194c815cdc75a780b6471660042aed7bd7a is 
the offending commit (at least on the 5.4 branch), per git bisect.
 [2013-08-29 03:40 UTC] aharvey@php.net
https://github.com/php/php-src/pull/423 should fix this (on 5.4, merging upwards, 
if someone with Zend karma would be so kind as to review and commit it.
 [2013-08-29 03:41 UTC] aharvey@php.net
Sorry, I meant to say (on 5.4, merging upwards seems OK).
 [2013-08-29 05:59 UTC] laruence@php.net
-Assigned To: +Assigned To: laruence
 [2013-08-29 06:22 UTC] laruence@php.net
Automatic comment on behalf of aharvey
Revision: http://git.php.net/?p=php-src.git;a=commit;h=72027cd0848f1a5c580c601573448cdea9b095ca
Log: Fix bug #65579 (Using traits with get_class_methods causes segfault).
 [2013-08-29 06:22 UTC] laruence@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 16 16:02:23 2014 UTC