#48678 [NEW]: DateInterval segfaults when unserialising

Wed, 24 Jun 2009 11:18:16 -0700 

From:             fel...@php.net
Operating system: Linux
PHP version:      5.3CVS-2009-06-24 (CVS)
PHP Bug Type:     Date/time related
Bug description:  DateInterval segfaults when unserialising

Description:
------------
See below:

Reproduce code:
---------------
$x = new dateinterval("P3Y6M4DT12H30M5S");
unserialize(serialize($x));

Expected result:
----------------
No SIGSEGV.

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7b786c0 (LWP 29877)]
0x0806919f in date_object_get_properties_interval (object=0x8f35344,
tsrm_ls=0x8df3050) at /home/felipe/dev/php5/ext/date/php_date.c:2221
2221            PHP_DATE_INTERVAL_ADD_PROPERTY("y", y);
(gdb) bt
#0  0x0806919f in date_object_get_properties_interval (object=0x8f35344,
tsrm_ls=0x8df3050) at /home/felipe/dev/php5/ext/date/php_date.c:2221
#1  0x0834d127 in object_common2 (rval=0xbf906a94, p=0xbf906a78,
max=0x8f35156 "", var_hash=0xbf906a70, tsrm_ls=0x8df3050, elements=8)
    at ext/standard/var_unserializer.re:369
#2  0x0834b4fe in php_var_unserialize (rval=0xbf906a94, p=0xbf906a78,
max=0x8f35156 "", var_hash=0xbf906a70, tsrm_ls=0x8df3050)
    at ext/standard/var_unserializer.re:713
#3  0x08339617 in zif_unserialize (ht=1, return_value=0x8f35344,
return_value_ptr=0x0, this_ptr=0x0, return_value_used=0,
tsrm_ls=0x8df3050)
    at /home/felipe/dev/php5/ext/standard/var.c:868
#4  0x08436a24 in zend_do_fcall_common_helper_SPEC
(execute_data=0x8f62a94, tsrm_ls=0x8df3050) at
/home/felipe/dev/php5/Zend/zend_vm_execute.h:313
#5  0x0843cb8b in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0x8f62a94, tsrm_ls=0x8df3050) at
/home/felipe/dev/php5/Zend/zend_vm_execute.h:1601
#6  0x084357eb in execute (op_array=0x8f33fc8, tsrm_ls=0x8df3050) at
/home/felipe/dev/php5/Zend/zend_vm_execute.h:104
#7  0x083f4ef4 in zend_eval_stringl (str=0xbf9087d3 "$x = new
dateinterval(\"P3Y6M4DT12H30M5S\"); unserialize(serialize($x));",
str_len=70, retval_ptr=0x0, 
    string_name=0x87a08b4 "Command line code", tsrm_ls=0x8df3050) at
/home/felipe/dev/php5/Zend/zend_execute_API.c:1159
#8  0x083f517b in zend_eval_stringl_ex (str=0xbf9087d3 "$x = new
dateinterval(\"P3Y6M4DT12H30M5S\"); unserialize(serialize($x));",
str_len=70, 
    retval_ptr=0x0, string_name=0x87a08b4 "Command line code",
handle_exceptions=1, tsrm_ls=0x8df3050) at
/home/felipe/dev/php5/Zend/zend_execute_API.c:1200
#9  0x083f522f in zend_eval_string_ex (str=0xbf9087d3 "$x = new
dateinterval(\"P3Y6M4DT12H30M5S\"); unserialize(serialize($x));",
retval_ptr=0x0, 
    string_name=0x87a08b4 "Command line code", handle_exceptions=1,
tsrm_ls=0x8df3050) at /home/felipe/dev/php5/Zend/zend_execute_API.c:1211
#10 0x084e6ca2 in main (argc=3, argv=0xbf906f84) at
/home/felipe/dev/php5/sapi/cli/php_cli.c:1227


-- 
Edit bug report at http://bugs.php.net/?id=48678&edit=1
-- 
Try a CVS snapshot (PHP 5.2):        
http://bugs.php.net/fix.php?id=48678&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):        
http://bugs.php.net/fix.php?id=48678&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):        
http://bugs.php.net/fix.php?id=48678&r=trysnapshot60
Fixed in CVS:                        
http://bugs.php.net/fix.php?id=48678&r=fixedcvs
Fixed in CVS and need be documented: 
http://bugs.php.net/fix.php?id=48678&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=48678&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=48678&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=48678&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=48678&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=48678&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=48678&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=48678&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=48678&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=48678&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=48678&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=48678&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=48678&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=48678&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=48678&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=48678&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=48678&r=mysqlcfg

Reply via email to