Bug #60444 [Asn]: Segmentation fault with include & class extending

laruence Mon, 05 Dec 2011 00:53:41 -0800

Edit report at https://bugs.php.net/bug.php?id=60444&edit=1


 ID:                 60444
 Updated by:         larue...@php.net
 Reported by:        php-bugs at majkl578 dot cz
 Summary:            Segmentation fault with include & class extending
 Status:             Assigned
 Type:               Bug
 Package:            Reproducible crash
 Operating System:   Linux Debian
 PHP Version:        5.4SVN-2011-12-05 (snap)
 Assigned To:        dmitry
 Block user comment: N
 Private report:     N

 New Comment:

the reason is, the run_time_cache was erased in the function_add_ref, call 
stack :

#0  function_add_ref (function=0x2a95de5c88) at 
php-src/trunk/Zend/zend_compile.c:2793
#1  0x000000000087c589 in do_inherit_method (function=0x2a95de5c88) at 
php-src/trunk/Zend/zend_compile.c:2925
#2  0x00000000008b46ef in zend_hash_merge_ex (target=0x2a95de5a20, 
source=0x2a95de4c30, pCopyConstructor=0x87c574 <do_inherit_method>, size=240, 
    pMergeSource=0x87d9a6 <do_inherit_method_check>, pParam=0x2a95de59f8) at 
php-src/trunk/Zend/zend_hash.c:894
#3  0x000000000087eb2e in zend_do_inheritance (ce=0x2a95de59f8, 
parent_ce=0x2a95de4c08) at php-src/trunk/Zend/zend_compile.c:3492
#4  0x0000000000882878 in do_bind_inherited_class (op_array=0x2a95de5028, 
opline=0x2a95de7420, class_table=0xfc9c30, parent_ce=0x2a95de4c08, 
compile_time=1 '\001')
    at php-src/trunk/Zend/zend_compile.c:4602
#5  0x0000000000882b1f in zend_do_early_binding () at 
php-src/trunk/Zend/zend_compile.c:4659
#6  0x000000000084ff29 in zendparse () at 
php-src/trunk/Zend/zend_language_parser.y:230
#7  0x0000000000857db5 in compile_file (file_handle=0x7fbfffc990, type=2) at 
Zend/zend_language_scanner.l:579
#8  0x00000000006af276 in phar_compile_file (file_handle=0x7fbfffc990, type=2) 
at php-src/trunk/ext/phar/phar.c:3391
#9  0x0000000000857f65 in compile_filename (type=2, filename=0x2a95de6988) at 
Zend/zend_language_scanner.l:622
#10 0x00000000008e3019 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER 
(execute_data=0x2a95dac220) at php-src/trunk/Zend/zend_vm_execute.h:2587
#11 0x00000000008daa02 in execute (op_array=0x2a95de5fc8) at 
php-src/trunk/Zend/zend_vm_execute.h:410
#12 0x00000000008a317f in zend_execute_scripts (type=8, retval=0x0, 
file_count=3) at php-src/trunk/Zend/zend.c:1272
#13 0x0000000000822b58 in php_execute_script (primary_file=0x7fbffff2d0) at 
php-src/trunk/main/main.c:2414
#14 0x00000000009c4381 in do_cli (argc=2, argv=0x7fbffff5b8) at 
php-src/trunk/sapi/cli/php_cli.c:983
#15 0x00000000009c5222 in main (argc=2, argv=0x7fbffff5b8) at 
php-src/trunk/sapi/cli/php_cli.c:1356


thanks


Previous Comments:
------------------------------------------------------------------------
[2011-12-05 08:20:18] larue...@php.net

Hi dmitry, could you plz review this patch, thanks ;)

------------------------------------------------------------------------
[2011-12-05 08:19:31] larue...@php.net

The following patch has been added/updated:

Patch Name: bug60444.phpt
Revision:   1323073171
URL:        
https://bugs.php.net/patch-display.php?bug=60444&patch=bug60444.phpt&revision=1323073171

------------------------------------------------------------------------
[2011-12-05 08:18:58] larue...@php.net

The following patch has been added/updated:

Patch Name: bug60444.patch
Revision:   1323073138
URL:        
https://bugs.php.net/patch-display.php?bug=60444&patch=bug60444.patch&revision=1323073138

------------------------------------------------------------------------
[2011-12-05 02:44:39] php-bugs at majkl578 dot cz

Description:
------------
Crash on combination of class & include & extends.

Test script:
---------------
a.php:
<?php

class Foo
        public function __construct() {
                require_once __DIR__ . '/b.php';
                Some::foo($this);
        }
}

new Foo;

----------------------------------------------
b.php:
<?php

class Some {
        public static function foo(Foo $foo) {}
}

class Bar extends Foo {}

----------------------------------------------

Now execute a.php.

Expected result:
----------------
no segfault

Actual result:
--------------
SIGSEGV

backtrace:
#0  0x0000000000a0e910 in ZEND_INIT_STATIC_METHOD_CALL_SPEC_CONST_CONST_HANDLER 
(execute_data=0x7f7113df5200) at 
/storage/build/php/5.4/php5.4-201112050130/Zend/zend_vm_execute.h:3399
#1  0x0000000000a02483 in execute (op_array=0x7f7113e2c290) at 
/storage/build/php/5.4/php5.4-201112050130/Zend/zend_vm_execute.h:410
#2  0x00000000009c4c82 in zend_execute_scripts (type=8, retval=0x0, 
file_count=3) at /storage/build/php/5.4/php5.4-201112050130/Zend/zend.c:1272
#3  0x000000000093a3b2 in php_execute_script (primary_file=0x7fffb311e710) at 
/storage/build/php/5.4/php5.4-201112050130/main/main.c:2414
#4  0x0000000000b09d55 in do_cli (argc=2, argv=0x7fffb311eac8) at 
/storage/build/php/5.4/php5.4-201112050130/sapi/cli/php_cli.c:983
#5  0x0000000000b0adea in main (argc=2, argv=0x7fffb311eac8) at 
/storage/build/php/5.4/php5.4-201112050130/sapi/cli/php_cli.c:1356


------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=60444&edit=1

Bug #60444 [Asn]: Segmentation fault with include & class extending

Reply via email to