From: aharvey
Operating system: OSX 10.6.8 & Linux
PHP version: 5.4SVN-2012-02-08 (SVN)
Package: Reproducible crash
Bug Type: Bug
Bug description:Crash when an exception is thrown by __autoload accessing a
static property
Description:
------------
I get a reproducible crash on PHP_5_4 and trunk when accessing a static
property
on a non-existent class with an autoloader registered if the __autoload()
function
throws an exception.
PHP_5_3 doesn't crash, and throws an exception as expected.
Test script:
---------------
<?php
function __autoload($class) {
throw new Exception($class);
}
echo 'referencing a static property on a non existent object... ';
NonExistentObject::$property;
Expected result:
----------------
referencing a static property on a non existent object...
Fatal error: Uncaught exception 'Exception' with message
'NonExistentObject' in
/private/tmp/native-autoload.php:3
Stack trace:
#0 /private/tmp/native-autoload.php(7): __autoload('NonExistentObje...')
#1 {main}
thrown in /private/tmp/native-autoload.php on line 3
Actual result:
--------------
referencing a static property on a non existent object... Segmentation
fault
GDB session with backtrace:
adam@shard:~/trees/php-src/branches/PHP_5_4$ gdb ./sapi/cli/php
GNU gdb (GDB) 7.1-ubuntu
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/adam/trees/php-
src/branches/PHP_5_4/sapi/cli/php...pdone.
(gdb) r /tmp/native-autoload.php
Starting program: /home/adam/trees/php-src/branches/PHP_5_4/sapi/cli/php
/tmp/native-autoload.php
[Thread debugging using libthread_db enabled]
referencing a static property on a non existent object...
Program received signal SIGSEGV, Segmentation fault.
0x083d0d39 in _zend_is_inconsistent (ht=0x44, file=0x87bb748
"/home/adam/trees/php-src/branches/PHP_5_4/Zend/zend_hash.c", line=946) at
/home/adam/trees/php-src/branches/PHP_5_4/Zend/zend_hash.c:54
54 if (ht->inconsistent==HT_OK) {
(gdb) bt
#0 0x083d0d39 in _zend_is_inconsistent (ht=0x44, file=0x87bb748
"/home/adam/trees/php-src/branches/PHP_5_4/Zend/zend_hash.c", line=946) at
/home/adam/trees/php-src/branches/PHP_5_4/Zend/zend_hash.c:54
#1 0x083d36d4 in zend_hash_quick_find (ht=0x44, arKey=0xb7b60d40
"property",
nKeyLength=9, h=2332364938, pData=0xbfffd01c) at /home/adam/trees/php-
src/branches/PHP_5_4/Zend/zend_hash.c:946
#2 0x083f1711 in zend_std_get_static_property (ce=0x0,
property_name=0xb7b60d40
"property", property_name_len=8, silent=0 '\000', key=0xb7c6b67c)
at /home/adam/trees/php-
src/branches/PHP_5_4/Zend/zend_object_handlers.c:1232
#3 0x0840369b in zend_fetch_var_address_helper_SPEC_CONST_CONST (type=0,
execute_data=0xb7c4f074) at /home/adam/trees/php-
src/branches/PHP_5_4/Zend/zend_vm_execute.h:3244
#4 0x08403bfe in ZEND_FETCH_R_SPEC_CONST_CONST_HANDLER
(execute_data=0xb7c4f074) at /home/adam/trees/php-
src/branches/PHP_5_4/Zend/zend_vm_execute.h:3335
#5 0x083f94b7 in execute (op_array=0xb7c6a4d0) at /home/adam/trees/php-
src/branches/PHP_5_4/Zend/zend_vm_execute.h:410
#6 0x083c3ec9 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at
/home/adam/trees/php-src/branches/PHP_5_4/Zend/zend.c:1272
#7 0x08348b0e in php_execute_script (primary_file=0xbffff518) at
/home/adam/trees/php-src/branches/PHP_5_4/main/main.c:2475
#8 0x084da44e in do_cli (argc=2, argv=0xbffff7a4) at
/home/adam/trees/php-
src/branches/PHP_5_4/sapi/cli/php_cli.c:983
#9 0x084db492 in main (argc=2, argv=0xbffff7a4) at /home/adam/trees/php-
src/branches/PHP_5_4/sapi/cli/php_cli.c:1356
(gdb)
--
Edit bug report at https://bugs.php.net/bug.php?id=61011&edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=61011&r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=61011&r=trysnapshot53
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=61011&r=trysnapshottrunk
Fixed in SVN:
https://bugs.php.net/fix.php?id=61011&r=fixed
Fixed in SVN and need be documented:
https://bugs.php.net/fix.php?id=61011&r=needdocs
Fixed in release:
https://bugs.php.net/fix.php?id=61011&r=alreadyfixed
Need backtrace:
https://bugs.php.net/fix.php?id=61011&r=needtrace
Need Reproduce Script:
https://bugs.php.net/fix.php?id=61011&r=needscript
Try newer version:
https://bugs.php.net/fix.php?id=61011&r=oldversion
Not developer issue:
https://bugs.php.net/fix.php?id=61011&r=support
Expected behavior:
https://bugs.php.net/fix.php?id=61011&r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=61011&r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=61011&r=submittedtwice
register_globals:
https://bugs.php.net/fix.php?id=61011&r=globals
PHP 4 support discontinued:
https://bugs.php.net/fix.php?id=61011&r=php4
Daylight Savings: https://bugs.php.net/fix.php?id=61011&r=dst
IIS Stability:
https://bugs.php.net/fix.php?id=61011&r=isapi
Install GNU Sed:
https://bugs.php.net/fix.php?id=61011&r=gnused
Floating point limitations:
https://bugs.php.net/fix.php?id=61011&r=float
No Zend Extensions:
https://bugs.php.net/fix.php?id=61011&r=nozend
MySQL Configuration Error:
https://bugs.php.net/fix.php?id=61011&r=mysqlcfg
