php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73896 spl_autoload() crashes when calls magic _call()
Submitted: 2017-01-09 12:04 UTC Modified: 2017-01-09 12:05 UTC
From: dmitry@php.net Assigned: dmitry (profile)
Status: Closed Package: SPL related
PHP Version: 7.0Git-2017-01-09 (Git) OS: *
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: dmitry@php.net
New email:
PHP Version: OS:

 

 [2017-01-09 12:04 UTC] dmitry@php.net
Description:
------------
The following script crashes on second attempt to call spl_autoload(), because the first attempt destroyed trampoline function. 

Test script:
---------------
<?php
class Registrator {
    public static function call($callable, array  $args) {
        return call_user_func_array($callable, [$args]);
    }
}

class teLoader {
    public function __construct() {
        Registrator::call('spl_autoload_register', [$this, 'autoload']);
    }

    public function __call($method, $args) {
        $this->doSomething();
    }

    protected function autoload($class) {
    	die("Protected autoload() called!\n");
    }

    public function doSomething() {
        throw new teException();
    }
}

$teLoader = new teLoader();

try {
	new teChild();
} catch (Throwable $e) {
	echo "Exception: ", $e->getMessage() , "\n";
}
?>


Expected result:
----------------
Exception: Class 'teException' not found


Actual result:
--------------
==4663== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==4663==  Access not within mapped region at address 0x5
==4663==    at 0x866E114: ZEND_CALL_TRAMPOLINE_SPEC_HANDLER (zend_vm_execute.h:1974)
==4663==    by 0x866A63A: execute_ex (zend_vm_execute.h:429)
==4663==    by 0x860C079: zend_call_function (zend_execute_API.c:828)
==4663==    by 0x863DD4B: zend_call_method (zend_interfaces.c:101)
==4663==    by 0x8462C20: zif_spl_autoload_call (php_spl.c:408)
==4663==    by 0x860C10E: zend_call_function (zend_execute_API.c:842)
==4663==    by 0x860C611: zend_lookup_class_ex (zend_execute_API.c:1001)
==4663==    by 0x860CF62: zend_fetch_class_by_name (zend_execute_API.c:1436)
==4663==    by 0x866FF76: ZEND_NEW_SPEC_CONST_HANDLER (zend_vm_execute.h:3193)
==4663==    by 0x866A63A: execute_ex (zend_vm_execute.h:429)
==4663==    by 0x860C079: zend_call_function (zend_execute_API.c:828)
==4663==    by 0x863DD4B: zend_call_method (zend_interfaces.c:101)


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-01-09 12:05 UTC] dmitry@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: dmitry
 [2017-01-09 12:14 UTC] dmitry@php.net
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=4f1b24d97447434973a06bdc70fc1670de17bd80
Log: Fixed bug #73896 (spl_autoload() crashes when calls magic _call())
 [2017-01-09 12:14 UTC] dmitry@php.net
-Status: Assigned +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Oct 04 08:01:28 2024 UTC