From: webtweakers at gmail dot com
Operating system: Vista
PHP version: 5.2.6
PHP Bug Type: Reproducible crash
Bug description: Method call lets PHP crash Apache
Description:
------------
A method call that passes on an Int and an Object seems to let PHP crash
Apache.
I'm running PHP 5.2.0, but tested and experienced the same in PHP 5.2.6.
Also I'm running PHP as a module for Apache 2.0.
Sorry that the code below is more then 20 lines: I just needed to
illustrate the structure, because the call in itself looks very harmless
and has no real reason to crash. Note that this whole thing is loaded from
within an MVC-framework (bases on TinyMVC) and makes use of PHP's class
autoload functionality. Also, besides code posted below, other stuff is
run, including MySQL queries, etc.
The method call that crashes PHP + Apache is marked in the code.
Reproduce code:
---------------
<?php
// this code crashes php when inside the full mvc application
// class Data ---------------------------------
class Data {
private $id;
public function __construct($id = 1) {
$this->id = $id;
}
public function getId() {
return $this->id;
}
}
// class Prop ---------------------------------
class Prop {
private $a;
private $b;
private $c;
public function __construct() {
$this->a = 1;
$this->b = 2;
$this->c = 3;
}
public function getA() { return $this->a; }
public function getB() { return $this->b; }
public function getC() { return $this->c; }
}
// class Stats --------------------------------
class Stats {
public static function insert($id, &$obj) {
print "Do something with id $id and object: <pre>" .
print_r($obj, 1) .
"</pre>";
}
}
// class Controller ---------------------------
class Controller {
public function action() {
$data = new Data(123);
$prop = new Prop();
Stats::insert($data->getId(), $prop); // <-- this call
crashes php!
}
}
// bootstrap ----------------------------------
$c = new Controller;
$c->action();
?>
Expected result:
----------------
Unfortunately the code above runs fine on its own. But from within the
application the marked line will crash PHP + Apache.
When commenting that line out, things run fine.
When changing the call to pass on several separate properties instead of
the $prop object, things run fine.
Actual result:
--------------
Here is a crash report for PHP 5.2.0, but again: the same crash happens in
PHP 5.2.6, so I'm sure you guys can handle this.
---
Thread 3 - System ID 316
Entry point msvcrt!_endthreadex+6f
Create time 4-6-2008 11:12:18
Time spent in user mode 0 Days 0:0:0.234
Time spent in kernel mode 0 Days 0:0:0.390
Function Arg 1 Arg 2 Arg 3 Source
php5ts!zend_mm_alloc+13d 01597940 0000002f 00000000
php5ts!emalloc+21 00000000 00000000 00000000
PHP5TS!ZEND_MM_ALLOC+13DWARNING - DebugDiag was not able to locate debug
symbols for php5ts.dll, so the information below may be incomplete.
In
httpd__PID__2512__Date__06_04_2008__Time_11_48_34AM__171__Second_Chance_Exception_C0000005.dmp
the assembly instruction at php5ts!zend_mm_alloc+13d in
C:\bin\php-5.2.0\php5ts.dll from The PHP Group has caused an access
violation exception (0xC0000005) when trying to write to memory location
0x10ddbfd0 on thread 3
Module Information
Image Name: C:\bin\php-5.2.0\php5ts.dll Symbol Type: Export
Base address: 0x00da0000 Time Stamp: Thu Nov 02 11:54:41 2006
Checksum: 0x00000000 Comments:
COM DLL: False Company Name: The PHP Group
ISAPIExtension: False File Description: PHP Script Interpreter
ISAPIFilter: False File Version: 5.2.0.0
Managed DLL: False Internal Name: php5ts.dll
VB DLL: False Legal Copyright: Copyright © 1997-2006 The PHP Group
Loaded Image Name: php5ts.dll Legal Trademarks: PHP
Mapped Image Name: C:\bin\php-5.2.0\php5ts.dll Original filename:
php5ts.dll
Module name: php5ts Private Build:
Single Threaded: False Product Name: PHP Script Interpreter
Module Size: 4,77 MBytes Product Version: 5.2.0
Symbol File Name: php5ts.dll Special Build: &
---
I hope the above is readable for you.
Best regards,
Bas van Gaalen
--
Edit bug report at http://bugs.php.net/?id=45168&edit=1
--
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=45168&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=45168&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=45168&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=45168&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=45168&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=45168&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=45168&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=45168&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=45168&r=support
Expected behavior: http://bugs.php.net/fix.php?id=45168&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=45168&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=45168&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=45168&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=45168&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=45168&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=45168&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=45168&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=45168&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=45168&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=45168&r=mysqlcfg
