php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69675 segfault on accessing properties of subclass of SphinxClient
Submitted: 2015-05-20 17:34 UTC Modified: 2015-05-21 11:34 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: mipxtx at gmail dot com Assigned: tony2001 (profile)
Status: Closed Package: sphinx (PECL)
PHP Version: 5.5.25 OS: CentOS release 6.4 (Final)
Private report: No CVE-ID: None
 [2015-05-20 17:34 UTC] mipxtx at gmail dot com
Description:
------------
The version number of the PHP package or files you are using:
PHP 5.5.25
sphinx extension version: 1.3.2


The list of modules you compiled PHP with (your configure line):
Configure Command =>  './configure'  '--prefix=/home/mix/bin/php' '--enable-debug'

A gdb backtrace:
#0  0x000000000080e011 in _zend_is_inconsistent (ht=0x0, file=0xc89538 "/home/mix/dist/php-5.5.25/Zend/zend_hash.c", line=204) at /home/mix/dist/php-5.5.25/Zend/zend_hash.c:54
#1  0x000000000080e2ca in _zend_hash_add_or_update (ht=0x0, arKey=0x7fa28e4b600d "error", nKeyLength=6, pData=0x7fffd613dab0, nDataSize=8, pDest=0x0, flag=1, 
    __zend_filename=0x7fa28e4b5fe8 "/home/mix/dist/sphinx-1.3.2/sphinx.c", __zend_lineno=143) at /home/mix/dist/php-5.5.25/Zend/zend_hash.c:204
#2  0x00007fa28e4ae1bf in php_sphinx_client_get_properties (object=0x7fa2961de7f8) at /home/mix/dist/sphinx-1.3.2/sphinx.c:143
#3  0x0000000000722ea6 in php_var_export_ex (struc=0x7fffd613dcf8, level=1, buf=0x7fffd613dcd0) at /home/mix/dist/php-5.5.25/ext/standard/var.c:476
#4  0x0000000000723c31 in zif_var_export (ht=1, return_value=0x7fa2961de780, return_value_ptr=0x0, this_ptr=0x0, return_value_used=0)
    at /home/mix/dist/php-5.5.25/ext/standard/var.c:532
#5  0x000000000083d1b3 in zend_do_fcall_common_helper_SPEC (execute_data=0x7fa2961a91c8) at /home/mix/dist/php-5.5.25/Zend/zend_vm_execute.h:550
#6  0x0000000000841b53 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x7fa2961a91c8) at /home/mix/dist/php-5.5.25/Zend/zend_vm_execute.h:2336
#7  0x000000000083c8a4 in execute_ex (execute_data=0x7fa2961a91c8) at /home/mix/dist/php-5.5.25/Zend/zend_vm_execute.h:363
#8  0x000000000083c92c in zend_execute (op_array=0x7fa2961df558) at /home/mix/dist/php-5.5.25/Zend/zend_vm_execute.h:388
#9  0x00000000007eac9a in zend_eval_stringl (str=0x20c6cd0 "class Foo extends SphinxClient{private $bar;} $foo = new Foo(); var_export($foo);", str_len=81, retval_ptr=0x0, 
    string_name=0xc8e8dc "Command line code") at /home/mix/dist/php-5.5.25/Zend/zend_execute_API.c:1182
#10 0x00000000007eaf39 in zend_eval_stringl_ex (str=0x20c6cd0 "class Foo extends SphinxClient{private $bar;} $foo = new Foo(); var_export($foo);", str_len=81, retval_ptr=0x0, 
    string_name=0xc8e8dc "Command line code", handle_exceptions=1) at /home/mix/dist/php-5.5.25/Zend/zend_execute_API.c:1229
#11 0x00000000007eafbb in zend_eval_string_ex (str=0x20c6cd0 "class Foo extends SphinxClient{private $bar;} $foo = new Foo(); var_export($foo);", retval_ptr=0x0, 
    string_name=0xc8e8dc "Command line code", handle_exceptions=1) at /home/mix/dist/php-5.5.25/Zend/zend_execute_API.c:1240
#12 0x00000000008ac939 in do_cli (argc=3, argv=0x20c6c60) at /home/mix/dist/php-5.5.25/sapi/cli/php_cli.c:1034
#13 0x00000000008ad96f in main (argc=3, argv=0x20c6c60) at /home/mix/dist/php-5.5.25/sapi/cli/php_cli.c:1378

Test script:
---------------
php -r 'class Foo extends SphinxClient{private $bar;} $foo = new Foo(); var_export($foo);'

Expected result:
----------------
var_export of object 

Actual result:
--------------
segmentation fault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-05-21 11:04 UTC] tony2001@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: tony2001
 [2015-05-21 11:33 UTC] tony2001@php.net
Automatic comment on behalf of tony@daylessday.org
Revision: http://git.php.net/?p=pecl/search_engine/sphinx.git;a=commit;h=4fe014705128901824ef3c94f4e186aac0a3d73e
Log: fix bug #69675 (crash when accessing properties of subclass)
 [2015-05-21 11:33 UTC] tony2001@php.net
-Status: Assigned +Status: Closed
 [2015-05-21 11:34 UTC] tony2001@php.net
Thanks for the report, it's fixed in Git now.
I'll make a new release shortly.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Tue Nov 30 02:03:13 2021 UTC