#46753 [NEW]: weird crash when calling is_subclass_of under very specific conditions

[essen at dev-extend dot eu]

From:             essen at dev-extend dot eu
Operating system: Linux Ubuntu 8.10
PHP version:      5.2.6
PHP Bug Type:     Reproducible crash
Bug description:  weird crash when calling is_subclass_of under very specific 
conditions

Description:
------------
I encountered a strange crash. I can reproduce it, it always happens, but
only under very specific conditions. It first happened when I changed a
completely unrelated part of my code in a different file of the project.

PHP crash on an is_subclass_of call. This call worked correctly before my
changes, and still works correctly on the other pages. Other is_subclass_of
works fine too. I'm not sure what trigger this, as I've only changed a few
methods, nothing changing the outcome of the script...

Another thing. If I add a require_once before the is_subclass_of call,
there is no crash. The crash only happens when the class isn't defined in
the current script, which should and does trigger the autoload callback to
load the class. The class is successfully loaded by the callback, the crash
happens only after.

I'm not sure what more can I say. If you need further details, feel free
to ask.

Actual result:
--------------
Core was generated by `/usr/sbin/apache2 -k start'.
Program terminated with signal 11, Segmentation fault.
[New process 19175]
#0  0xb72c372a in is_a_impl (ht=-47466807, return_value=0xb9a602b0, 
    return_value_ptr=0x0, this_ptr=0x0, return_value_used=1, 
    only_subclass=1 '\001')
    at /build/buildd/php5-5.2.6/Zend/zend_builtin_functions.c:657
657     /build/buildd/php5-5.2.6/Zend/zend_builtin_functions.c: No such file
or directory.
        in /build/buildd/php5-5.2.6/Zend/zend_builtin_functions.c
(gdb) bt
#0  0xb72c372a in is_a_impl (ht=-47466807, return_value=0xb9a602b0, 
    return_value_ptr=0x0, this_ptr=0x0, return_value_used=1, 
    only_subclass=1 '\001')
    at /build/buildd/php5-5.2.6/Zend/zend_builtin_functions.c:657
#1  0xb72ecba3 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf854fd8)
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:200
#2  0xb72d803b in execute (op_array=0xb9a5c364)
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:92
#3  0xb72ec466 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf8552b8)
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:234
#4  0xb72d803b in execute (op_array=0xb9a5bb8c)
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:92
#5  0xb72ec466 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf8555c8)
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:234
#6  0xb72d803b in execute (op_array=0xb99d71b0)
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:92
#7  0xb72ec466 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf855e18)
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:234
#8  0xb72d803b in execute (op_array=0xb9a17614)
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:92
#9  0xb72ec466 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf856248)
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:234
#10 0xb72d803b in execute (op_array=0xb9a17d94)
---Type <return> to continue, or q <return> to quit---
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:92
#11 0xb72ec466 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf8565d8)
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:234
#12 0xb72d803b in execute (op_array=0xb9a06ca0)
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:92
#13 0xb72ec466 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf856a08)
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:234
#14 0xb72d803b in execute (op_array=0xb9a0d344)
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:92
#15 0xb72ec466 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf856cf8)
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:234
#16 0xb72d803b in execute (op_array=0xb99f1c8c)
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:92
#17 0xb72ec466 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf856ef8)
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:234
#18 0xb72d803b in execute (op_array=0xb99f2968)
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:92
#19 0xb72ec466 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf857328)
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:234
#20 0xb72d803b in execute (op_array=0xb9a04ab4)
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:92
#21 0xb72ec466 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf857568)
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:234
---Type <return> to continue, or q <return> to quit---
#22 0xb72d803b in execute (op_array=0xb99e5de0)
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:92
#23 0xb72ec466 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf857998)
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:234
#24 0xb72d803b in execute (op_array=0xb99e60b0)
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:92
#25 0xb72ec466 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf857bb8)
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:234
#26 0xb72d803b in execute (op_array=0xb9974038)
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:92
#27 0xb72ec466 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf8581e8)
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:234
#28 0xb72d803b in execute (op_array=0xb97c5384)
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:92
#29 0xb72ec466 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf858468)
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:234
#30 0xb72d803b in execute (op_array=0xb97abbe8)
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:92
#31 0xb72b26e0 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /build/buildd/php5-5.2.6/Zend/zend.c:1215
#32 0xb726704a in php_execute_script (primary_file=0xbf85a728)
    at /build/buildd/php5-5.2.6/main/main.c:2026
#33 0xb732a7f0 in php_handler (r=0xb98dd238)
---Type <return> to continue, or q <return> to quit---
    at /build/buildd/php5-5.2.6/sapi/apache2handler/sapi_apache2.c:648
#34 0xb803730d in ap_run_handler () from /usr/sbin/apache2
#35 0xb803af2f in ap_invoke_handler () from /usr/sbin/apache2
#36 0xb804a190 in ap_internal_redirect () from /usr/sbin/apache2
#37 0xb6ff6743 in ?? () from /usr/lib/apache2/modules/mod_rewrite.so
#38 0xb803730d in ap_run_handler () from /usr/sbin/apache2
#39 0xb803af2f in ap_invoke_handler () from /usr/sbin/apache2
#40 0xb804a361 in ap_process_request () from /usr/sbin/apache2
#41 0xb8046f78 in ?? () from /usr/sbin/apache2
#42 0xb803f6fd in ap_run_process_connection () from /usr/sbin/apache2
#43 0xb804f781 in ?? () from /usr/sbin/apache2
#44 0xb804fb23 in ?? () from /usr/sbin/apache2
#45 0xb8050442 in ap_mpm_run () from /usr/sbin/apache2
#46 0xb80220e9 in main () from /usr/sbin/apache2
(gdb) print (char
*)(executor_globals.function_state_ptr->function)->common.function_name
$1 = 0xb74f294f "is_subclass_of"
(gdb) frame 30
#30 0xb72d803b in execute (op_array=0xb97abbe8)
    at /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h:92
92      /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h: No such file or
directory.
        in /build/buildd/php5-5.2.6/Zend/zend_vm_execute.h
(gdb) print (char
*)(executor_globals.function_state_ptr->function)->common.function_name
$2 = 0xb74f294f "is_subclass_of"

(All the execute returns is_subclass_of.)

-- 
Edit bug report at http://bugs.php.net/?id=46753&edit=1
-- 
Try a CVS snapshot (PHP 5.2):        
http://bugs.php.net/fix.php?id=46753&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):        
http://bugs.php.net/fix.php?id=46753&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):        
http://bugs.php.net/fix.php?id=46753&r=trysnapshot60
Fixed in CVS:                        
http://bugs.php.net/fix.php?id=46753&r=fixedcvs
Fixed in CVS and need be documented: 
http://bugs.php.net/fix.php?id=46753&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=46753&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=46753&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=46753&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=46753&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=46753&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=46753&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=46753&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=46753&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=46753&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=46753&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=46753&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=46753&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=46753&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=46753&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=46753&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=46753&r=mysqlcfg