php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68370 "unset($this)" can make the program crash
Submitted: 2014-11-07 09:06 UTC Modified: 2014-11-10 04:44 UTC
From: drewparoski at gmail dot com Assigned: laruence
Status: Closed Package: Reproducible crash
PHP Version: 5.6.2 OS: CentOS Linux 6.3
Private report: No CVE-ID:
 [2014-11-07 09:06 UTC] drewparoski at gmail dot com
Description:
------------
Doing "unset($this);" inside a non-static method can make the program crash.

I provided an example that crashes on PHP 5.3.0 - 5.6.2.

Test script:
---------------
<?php
class C {
  public function test() {
    unset($this);
    return get_defined_vars();
  }
}
$c = new C();
$x = $c->test();
unset($c, $x);
echo "Done\n";

Expected result:
----------------
Done

Actual result:
--------------
Segmentation fault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-11-07 13:18 UTC] aharvey@php.net
-Status: Open +Status: Feedback
 [2014-11-07 13:18 UTC] aharvey@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2014-11-08 07:16 UTC] drewparoski at gmail dot com
-Status: Feedback +Status: Open
 [2014-11-08 07:16 UTC] drewparoski at gmail dot com
Backtrace (PHP 5.5.8):

#0  0x00000000006dcc11 in gc_zval_possible_root (zv=0x7ffff7fd9b70)
    at /home/user/php-5.5.8/Zend/zend_gc.c:143
#1  0x00000000006ca03b in zend_hash_destroy (ht=0x7ffff7fdd288)
    at /home/user/php-5.5.8/Zend/zend_hash.c:560
#2  0x00000000006bbccb in _zval_dtor_func (zvalue=0x7ffff7fd9b10)
    at /home/user/php-5.5.8/Zend/zend_variables.c:45
#3  0x00000000006ae170 in _zval_dtor (zvalue=0x7ffff7fd9b10)
    at /home/user/php-5.5.8/Zend/zend_variables.h:35
#4  i_zval_ptr_dtor (zval_ptr=0x7ffff7fd9b10)
    at /home/user/php-5.5.8/Zend/zend_execute.h:81
#5  _zval_ptr_dtor (zval_ptr=<optimized out>)
    at /home/user/php-5.5.8/Zend/zend_execute_API.c:426
#6  0x00000000006cbe4c in zend_hash_del_key_or_index (
    ht=0xdd9d28 <executor_globals+360>, arKey=<optimized out>,
    nKeyLength=<optimized out>, h=<optimized out>, flag=<optimized out>)
    at /home/user/php-5.5.8/Zend/zend_hash.c:532
#7  0x00000000006ad9ae in zend_delete_variable (ex=0x0,
    ht=0xdd9d28 <executor_globals+360>, name=0x7ffff7ec91b8 "x", name_len=2,
    hash_value=5863869)
    at /home/user/php-5.5.8/Zend/zend_execute_API.c:1687
#8  0x000000000073d5ef in ZEND_UNSET_VAR_SPEC_CV_UNUSED_HANDLER (
    execute_data=0x7ffff7fa6160)
    at /home/user/php-5.5.8/Zend/zend_vm_execute.h:38539home/user
#9  0x000000000072ff50 in execute_ex (execute_data=0x7ffff7fa6160)
    at /home/user/php-5.5.8/Zend/zend_vm_execute.h:363
#10 0x00000000006bbff9 in zend_execute_scripts (type=8, retval=0x0,
    file_count=3) at /home/user/php-5.5.8/Zend/zend.c:1316
#11 0x000000000065dde9 in php_execute_script (primary_file=0x7fffffffddc0)
    at /home/user/php-5.5.8/main/main.c:2506
#12 0x000000000076c7ec in do_cli (argc=2, argv=0xddc090)
    at /home/user/php-5.5.8/sapi/cli/php_cli.c:994
#13 0x000000000076cf88 in main (argc=2, argv=0xddc090)
    at /home/user/php-5.5.8/sapi/cli/php_cli.c:1378
 [2014-11-10 04:44 UTC] laruence@php.net
-Assigned To: +Assigned To: laruence
 [2014-11-10 05:51 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=ab849392549c41fd3fc3d6ed2a324688f2afe47d
Log: Fixed bug #68370 (&quot;unset($this)&quot; can make the program crash)
 [2014-11-10 05:51 UTC] laruence@php.net
-Status: Assigned +Status: Closed
 [2014-11-10 05:52 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=ab849392549c41fd3fc3d6ed2a324688f2afe47d
Log: Fixed bug #68370 (&quot;unset($this)&quot; can make the program crash)
 [2014-11-18 20:34 UTC] ab@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=ab849392549c41fd3fc3d6ed2a324688f2afe47d
Log: Fixed bug #68370 (&quot;unset($this)&quot; can make the program crash)
 [2014-12-23 06:08 UTC] jaydeep dot ghosh at floretmedia dot org
unset($c, $x);
what this line means , i have no idea. can anyone help me out wid this.
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Mon Feb 20 11:01:38 2017 UTC