#43128 [Com]: Long name cause seg. fault

crrodriguez at suse dot de Mon, 29 Oct 2007 16:14:21 -0800

 ID:               43128
 Comment by:       crrodriguez at suse dot de
 Reported By:      felipensp at gmail dot com
 Status:           Open
 Bug Type:         Reproducible crash
 Operating System: Linux
 PHP Version:      5.3CVS-2007-10-29 (snap)
 New Comment:


Always reproducible on linux64 bit hosts.


Previous Comments:
------------------------------------------------------------------------

[2007-10-29 23:46:15] felipensp at gmail dot com

PHP 5.2.5RC2-dev (cli) (built: Oct 29 2007 21:22:10):

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1211684448 (LWP 31245)]
zend_lookup_class_ex (name=0xb722e018 'a' <repeats 200 times>..., 
    name_length=10000000, use_autoload=0, ce=0xbfa0c498)
    at /home/felipe/php5.2-200710292130/Zend/zend_execute_API.c:1046
1046            zend_str_tolower_copy(lc_name, name, name_length);

------------------------------------------------------------------------

[2007-10-29 22:24:54] [EMAIL PROTECTED]

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows (zip):
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

For Windows (installer):

  http://snaps.php.net/win32/php5.2-win32-installer-latest.msi

I've tried both PHP 5.2 and 5.3 and cannot reproduce the crash.

------------------------------------------------------------------------

[2007-10-29 17:25:28] felipensp at gmail dot com

Description:
------------
Long names cause segmentation fault in 'instanceof' and 'new'
operators.

Reproduce code:
---------------
<?php

$a = str_repeat("a", 10000000);

# call_user_func($a); // Warning
# $a->$a();           // Fatal error

if ($a instanceof $a); // Segmentation fault
new $a;                // Segmentation fault


Expected result:
----------------
Warning / Fatal error

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1214703296 (LWP 4538)]
zend_lookup_class_ex (name=0xb6f4d018 'a' <repeats 200 times>..., 
    name_length=10000000, use_autoload=0, ce=0xbf9644d8)
    at /home/felipe/php5.3-200710261430/Zend/zend_execute_API.c:1078
1078    in /home/felipe/php5.3-200710261430/Zend/zend_execute_API.c



Backtrace:
----------------------------------------------

#0  zend_lookup_class_ex (name=0xb6ece018 'a' <repeats 200 times>..., 
    name_length=10000000, use_autoload=0, ce=0xbfb896f8)
    at /home/felipe/php5.3-200710261430/Zend/zend_execute_API.c:1078
#1  0x08277d9f in zend_fetch_class (
    class_name=0xb6ece018 'a' <repeats 200 times>...,
class_name_len=10000000, 
    fetch_type=132) at
/home/felipe/php5.3-200710261430/Zend/zend_execute_API.c:1548
#2  0x082c26c9 in ZEND_FETCH_CLASS_SPEC_CV_HANDLER
(execute_data=0xbfb8982c)
    at /home/felipe/php5.3-200710261430/Zend/zend_vm_execute.h:1065
#3  0x0829ef1b in execute (op_array=0x84a6900)
    at /home/felipe/php5.3-200710261430/Zend/zend_vm_execute.h:87
#4  0x08281952 in zend_execute_scripts (type=8, retval=<value optimized
out>, 
    file_count=3) at /home/felipe/php5.3-200710261430/Zend/zend.c:1137
#5  0x0823d841 in php_execute_script (primary_file=0xbfb8bbcc)
    at /home/felipe/php5.3-200710261430/main/main.c:2007
#6  0x08301c65 in main (argc=2, argv=0xbfb8bce4)
    at /home/felipe/php5.3-200710261430/sapi/cli/php_cli.c:1140



------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=43128&edit=1

#43128 [Com]: Long name cause seg. fault

Reply via email to