PHP :: Bug #68370 :: "unset($this)" can make the program crash

Bug #68370	"unset($this)" can make the program crash
Submitted:	2014-11-07 09:06 UTC	Modified:	2014-11-10 04:44 UTC
From:	drewparoski at gmail dot com	Assigned:	laruence (profile)
Status:	Closed	Package:	Reproducible crash
PHP Version:	5.6.2	OS:	CentOS Linux 6.3
Private report:	No	CVE-ID:	None

View Developer Edit

[2014-11-07 09:06 UTC] drewparoski at gmail dot com

Description:
------------
Doing "unset($this);" inside a non-static method can make the program crash.

I provided an example that crashes on PHP 5.3.0 - 5.6.2.

Test script:
---------------
<?php
class C {
  public function test() {
    unset($this);
    return get_defined_vars();
  }
}
$c = new C();
$x = $c->test();
unset($c, $x);
echo "Done\n";

Expected result:
----------------
Done

Actual result:
--------------
Segmentation fault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2014-11-07 13:18 UTC] aharvey@php.net

-Status: Open +Status: Feedback

[2014-11-07 13:18 UTC] aharvey@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

[2014-11-08 07:16 UTC] drewparoski at gmail dot com

-Status: Feedback +Status: Open

[2014-11-08 07:16 UTC] drewparoski at gmail dot com

Backtrace (PHP 5.5.8):

#0  0x00000000006dcc11 in gc_zval_possible_root (zv=0x7ffff7fd9b70)
    at /home/user/php-5.5.8/Zend/zend_gc.c:143
#1  0x00000000006ca03b in zend_hash_destroy (ht=0x7ffff7fdd288)
    at /home/user/php-5.5.8/Zend/zend_hash.c:560
#2  0x00000000006bbccb in _zval_dtor_func (zvalue=0x7ffff7fd9b10)
    at /home/user/php-5.5.8/Zend/zend_variables.c:45
#3  0x00000000006ae170 in _zval_dtor (zvalue=0x7ffff7fd9b10)
    at /home/user/php-5.5.8/Zend/zend_variables.h:35
#4  i_zval_ptr_dtor (zval_ptr=0x7ffff7fd9b10)
    at /home/user/php-5.5.8/Zend/zend_execute.h:81
#5  _zval_ptr_dtor (zval_ptr=<optimized out>)
    at /home/user/php-5.5.8/Zend/zend_execute_API.c:426
#6  0x00000000006cbe4c in zend_hash_del_key_or_index (
    ht=0xdd9d28 <executor_globals+360>, arKey=<optimized out>,
    nKeyLength=<optimized out>, h=<optimized out>, flag=<optimized out>)
    at /home/user/php-5.5.8/Zend/zend_hash.c:532
#7  0x00000000006ad9ae in zend_delete_variable (ex=0x0,
    ht=0xdd9d28 <executor_globals+360>, name=0x7ffff7ec91b8 "x", name_len=2,
    hash_value=5863869)
    at /home/user/php-5.5.8/Zend/zend_execute_API.c:1687
#8  0x000000000073d5ef in ZEND_UNSET_VAR_SPEC_CV_UNUSED_HANDLER (
    execute_data=0x7ffff7fa6160)
    at /home/user/php-5.5.8/Zend/zend_vm_execute.h:38539home/user
#9  0x000000000072ff50 in execute_ex (execute_data=0x7ffff7fa6160)
    at /home/user/php-5.5.8/Zend/zend_vm_execute.h:363
#10 0x00000000006bbff9 in zend_execute_scripts (type=8, retval=0x0,
    file_count=3) at /home/user/php-5.5.8/Zend/zend.c:1316
#11 0x000000000065dde9 in php_execute_script (primary_file=0x7fffffffddc0)
    at /home/user/php-5.5.8/main/main.c:2506
#12 0x000000000076c7ec in do_cli (argc=2, argv=0xddc090)
    at /home/user/php-5.5.8/sapi/cli/php_cli.c:994
#13 0x000000000076cf88 in main (argc=2, argv=0xddc090)
    at /home/user/php-5.5.8/sapi/cli/php_cli.c:1378

[2014-11-10 04:44 UTC] laruence@php.net

-Assigned To: +Assigned To: laruence

[2014-11-10 05:51 UTC] laruence@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=ab849392549c41fd3fc3d6ed2a324688f2afe47d
Log: Fixed bug #68370 (&quot;unset($this)&quot; can make the program crash)

[2014-11-10 05:51 UTC] laruence@php.net

-Status: Assigned +Status: Closed

[2014-11-10 05:52 UTC] laruence@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=ab849392549c41fd3fc3d6ed2a324688f2afe47d
Log: Fixed bug #68370 (&quot;unset($this)&quot; can make the program crash)

[2014-11-18 20:34 UTC] ab@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=ab849392549c41fd3fc3d6ed2a324688f2afe47d
Log: Fixed bug #68370 (&quot;unset($this)&quot; can make the program crash)

[2014-12-23 06:08 UTC] jaydeep dot ghosh at floretmedia dot org

unset($c, $x);
what this line means , i have no idea. can anyone help me out wid this.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Nov 22 23:01:29 2024 UTC