#49000 [NEW]: PHP CLI in Interactive mode (php -a) crashes when including files from function

[shahar dot e at zend dot com]

From:             shahar dot e at zend dot com
Operating system: Mac OS X 10.5
PHP version:      5.3.0
PHP Bug Type:     Reproducible crash
Bug description:  PHP CLI in Interactive mode (php -a) crashes when including 
files from function

Description:
------------
When running PHP 5.3 in CLI interactive mode (php -a), PHP will crash in
certain situations. 

While I am not 100% clear about the cause, this seems to happen when
including a file that defines a function that includes another file. The
first function must have a return value, and something must be done (e.g.
var_dump() or assignment) with that return value back in the interactive
shell. 

Steps to reproduce:
1. Create a file 'a.php' which defines the function test()
2. Function test() should require another file, 'b.php' which must define
another function. No need to actually do anything in that function in order
to reproduce the crash. Function test() doesn't have to even call that
second function.
3. Function test must return something
4. Run php -a
5. Run the following code: "require_once 'a.php'; $a = test();"
6. Crash!

See reproduction code below. 

Some situations in which no crash happens:

- When PHP is 5.2
- When PHP is not in interactive mode
- When the 1st function has no return value
- When nothing is done with the return value in the interactive shell
- When the require / include statement happens outside of the function


Reproduce code:
---------------
----- a.php -----

<?php
function test1() {
        require_once './b.php';
        // You don't even have to call test2();
        return 'a';
}

----- b.php -----

<?php 
function test2() {
        // This function doesn't need to do anything
}

----- In interactive mode (php -a) -----
php > require_once 'a.php';
php > $a = test1();



Expected result:
----------------
No crash, $a == 'a'


Actual result:
--------------
(gdb) r -a
Starting program: /Users/shahar/Build/php5.3/bin/php -a
Reading symbols for shared libraries +++++++... done
Interactive shell

php > require_once 'a.php';
php > $a = test1();

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x0000000c
0x0023545e in _get_zval_ptr_var_string_offset (node=0x7376dc, Ts=0x78f094,
should_free=0xbffff5b4, tsrm_ls=0x8002c0) at
/Users/shahar/Source/php-5.3.0RC4/Zend/zend_execute.c:191
191             if (T->str_offset.str->type != IS_STRING
(gdb) bt
#0  0x0023545e in _get_zval_ptr_var_string_offset (node=0x7376dc,
Ts=0x78f094, should_free=0xbffff5b4, tsrm_ls=0x8002c0) at
/Users/shahar/Source/php-5.3.0RC4/Zend/zend_execute.c:191
#1  0x002e32bb in _get_zval_ptr_var [inlined] () at
/Users/shahar/Source/php-5.3.0RC4/Zend/zend_execute.c:214
#2  0x002e32bb in ZEND_ASSIGN_SPEC_CV_VAR_HANDLER (execute_data=0x78f044,
tsrm_ls=0x8002c0) at
/Users/shahar/Source/php-5.3.0RC4/Zend/zend_execute.c:27247
#3  0x00237d48 in execute (op_array=0x736a08, tsrm_ls=0x8002c0) at
zend_vm_execute.h:104
#4  0x001f321a in zend_eval_stringl (str=0x734e80 "$a = test1();\n",
str_len=14, retval_ptr=0x0, string_name=0x318fce "php shell code",
tsrm_ls=0x8002c0) at
/Users/shahar/Source/php-5.3.0RC4/Zend/zend_execute_API.c:1159
#5  0x002f5945 in main (argc=2, argv=0xbffff9d4) at
/Users/shahar/Source/php-5.3.0RC4/sapi/cli/php_cli.c:1168


-- 
Edit bug report at http://bugs.php.net/?id=49000&edit=1
-- 
Try a snapshot (PHP 5.2):            
http://bugs.php.net/fix.php?id=49000&r=trysnapshot52
Try a snapshot (PHP 5.3):            
http://bugs.php.net/fix.php?id=49000&r=trysnapshot53
Try a snapshot (PHP 6.0):            
http://bugs.php.net/fix.php?id=49000&r=trysnapshot60
Fixed in SVN:                        
http://bugs.php.net/fix.php?id=49000&r=fixed
Fixed in SVN and need be documented: 
http://bugs.php.net/fix.php?id=49000&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=49000&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=49000&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=49000&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=49000&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=49000&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=49000&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=49000&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=49000&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=49000&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=49000&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=49000&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=49000&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=49000&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=49000&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=49000&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=49000&r=mysqlcfg