php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68652 segmentation fault in destructor
Submitted: 2014-12-25 10:05 UTC Modified: 2014-12-26 07:45 UTC
From: guoxiao08 at gmail dot com Assigned: dmitry
Status: Closed Package: Scripting Engine problem
PHP Version: 5.6.4 OS: OSX
Private report: No CVE-ID:
 [2014-12-25 10:05 UTC] guoxiao08 at gmail dot com
Description:
------------
Segmentation fault when two classes call each other in destructors.

Test script:
---------------
<?php
class Foo {

    private static $instance;
    public static function getInstance() {
        if (isset(self::$instance)) {
            return self::$instance;
        }
        return self::$instance = new self();
    }

    public function __destruct() {
        Bar::getInstance();
    }
}

class Bar {

    private static $instance;
    public static function getInstance() {
        if (isset(self::$instance)) {
            return self::$instance;
        }
        return self::$instance = new self();
    }

    public function __destruct() {
        Foo::getInstance();
    }
}


$foo = new Foo();



Expected result:
----------------
Nothing happend

Actual result:
--------------
segmentation fault

lldb backtrace:

* thread #1: tid = 0x6abacb, 0x000000010025c130 php`zend_update_class_constants + 287, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x15)
  * frame #0: 0x000000010025c130 php`zend_update_class_constants + 287
    frame #1: 0x000000010025c3f2 php`_object_and_properties_init + 98
    frame #2: 0x000000010025c45f php`_object_init_ex + 11
    frame #3: 0x0000000100296ed9 php`ZEND_NEW_SPEC_HANDLER + 135
    frame #4: 0x0000000100280a44 php`execute_ex + 79
    frame #5: 0x000000010024b229 php`dtrace_execute_ex + 226
    frame #6: 0x00000001002c264d php`zend_do_fcall_common_helper_SPEC + 1223
    frame #7: 0x0000000100280a44 php`execute_ex + 79
    frame #8: 0x000000010024b229 php`dtrace_execute_ex + 226
    frame #9: 0x000000010024cb31 php`zend_call_function + 2268
    frame #10: 0x000000010026d188 php`zend_call_method + 588
    frame #11: 0x000000010027a489 php`zend_objects_destroy_object + 412
    frame #12: 0x000000010027fb2e php`zend_objects_store_del_ref_by_handle_ex + 504
    frame #13: 0x000000010027f8fe php`zend_objects_store_del_ref + 23
    frame #14: 0x000000010024b54a php`_zval_ptr_dtor + 66
    frame #15: 0x000000010024f40b php`zend_cleanup_user_class_data + 139
    frame #16: 0x0000000100265818 php`zend_hash_reverse_apply + 80
    frame #17: 0x000000010024b80e php`shutdown_executor + 400
    frame #18: 0x00000001002596a5 php`zend_deactivate + 103
    frame #19: 0x0000000100200d4f php`php_request_shutdown + 497
    frame #20: 0x00000001002e1c7d php`do_cli + 4942
    frame #21: 0x00000001002e07ba php`main + 1448
    frame #22: 0x00007fff8fbf05c9 libdyld.dylib`start + 1
    frame #23: 0x00007fff8fbf05c9 libdyld.dylib`start + 1

Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-12-26 07:45 UTC] laruence@php.net
-Status: Open +Status: Analyzed -Assigned To: +Assigned To: dmitry
 [2014-12-26 07:45 UTC] laruence@php.net
while calling foo::__destruct, Bar already be clean, thus it's default_static_member_table already become NULL..


I don't have a perfect solution yet... :<
 [2015-04-06 15:19 UTC] dmitry@php.net
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=21bb33cc723c0745cd440d74c375b6e86f20a92c
Log: Fixed bug #68652 (segmentation fault in destructor)
 [2015-04-06 15:19 UTC] dmitry@php.net
-Status: Analyzed +Status: Closed
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Mon Feb 20 11:01:38 2017 UTC