ID: 46381
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
-Status: Open
+Status: Assigned
Bug Type: Reproducible crash
Operating System: any
PHP Version: 5.2.7RC2
-Assigned To:
+Assigned To: tony2001
Previous Comments:
------------------------------------------------------------------------
[2008-10-24 13:45:45] [EMAIL PROTECTED]
Description:
------------
The code below makes PHP crash.
This happens because PHP uses wrong $this (PHP4 compatibility, bah..)
and extensions have no means to check that.
The problem is not present in 5.3+, as it was fixed by Marcus in
February as a part of big patch.
Reproduce code:
---------------
<?php
class test {
public function test() {
return PDO::lastInsertId();
}
}
$test = new test();
$test->test();
?>
Actual result:
--------------
==5855== Invalid read of size 8
==5855== at 0x5FEDAC: zim_PDO_lastInsertId (pdo_dbh.c:952)
==5855== by 0x8C328E: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:200)
==5855== by 0x8C3FF6: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(zend_vm_execute.h:322)
==5855== by 0x8C2D2F: execute (zend_vm_execute.h:92)
==5855== by 0x8C341D: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:234)
==5855== by 0x8C3FF6: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(zend_vm_execute.h:322)
==5855== by 0x8C2D2F: execute (zend_vm_execute.h:92)
==5855== by 0x89A35F: zend_execute_scripts (zend.c:1134)
==5855== by 0x83FAC1: php_execute_script (main.c:2011)
==5855== by 0x9209C0: main (php_cli.c:1134)
==5855== Address 0x8e68760 is not stack'd, malloc'd or (recently)
free'd
==5855==
==5855== Invalid write of size 8
==5855== at 0x5FEDBC: zim_PDO_lastInsertId (pdo_dbh.c:952)
==5855== by 0x8C328E: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:200)
==5855== by 0x8C3FF6: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(zend_vm_execute.h:322)
==5855== by 0x8C2D2F: execute (zend_vm_execute.h:92)
==5855== by 0x8C341D: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:234)
==5855== by 0x8C3FF6: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(zend_vm_execute.h:322)
==5855== by 0x8C2D2F: execute (zend_vm_execute.h:92)
==5855== by 0x89A35F: zend_execute_scripts (zend.c:1134)
==5855== by 0x83FAC1: php_execute_script (main.c:2011)
==5855== by 0x9209C0: main (php_cli.c:1134)
==5855== Address 0x8e68760 is not stack'd, malloc'd or (recently)
free'd
==5855==
==5855== Invalid read of size 4
==5855== at 0x8C0B70: zend_objects_store_del_ref
(zend_objects_API.c:165)
==5855== by 0x5FEDD6: zim_PDO_lastInsertId (pdo_dbh.c:952)
==5855== by 0x8C328E: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:200)
==5855== by 0x8C3FF6: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(zend_vm_execute.h:322)
==5855== by 0x8C2D2F: execute (zend_vm_execute.h:92)
==5855== by 0x8C341D: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:234)
==5855== by 0x8C3FF6: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(zend_vm_execute.h:322)
==5855== by 0x8C2D2F: execute (zend_vm_execute.h:92)
==5855== by 0x89A35F: zend_execute_scripts (zend.c:1134)
==5855== by 0x83FAC1: php_execute_script (main.c:2011)
==5855== by 0x9209C0: main (php_cli.c:1134)
==5855== Address 0x8e68768 is not stack'd, malloc'd or (recently)
free'd
and so on.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=46381&edit=1
