ID: 50027 Updated by: j...@php.net Reported By: phpbugs at colin dot guthr dot ie -Status: Open +Status: Feedback Bug Type: Reproducible crash Operating System: Mandriva Linux (Cooker x86_64) PHP Version: 5.3.1RC2 New Comment:
Leave the report in "Feedback" (requested) status until you have that script around. (do not reply before that ;) Previous Comments: ------------------------------------------------------------------------ [2009-11-04 08:43:49] phpbugs at colin dot guthr dot ie I knew you were going to say that Jani :p As I said on the original mail, even my simple test is not sufficient to trigger this. Sadly I'm not sure if I can create such a test script, but I will certainly try. It may take me a few days to come up with something and it's most likely that it will not be a simple application (my current trigger case is part of the Zend Framework and I have no real desire to dissect that!) Give me a week or two. ------------------------------------------------------------------------ [2009-11-03 10:57:43] j...@php.net Thank you for this bug report. To properly diagnose the problem, we need a short but complete example script to be able to reproduce this bug ourselves. A proper reproducing script starts with <?php and ends with ?>, is max. 10-20 lines long and does not require any external resources such as databases, etc. If the script requires a database to demonstrate the issue, please make sure it creates all necessary tables, stored procedures etc. Please avoid embedding huge scripts into the report. ------------------------------------------------------------------------ [2009-10-28 09:05:14] phpbugs at colin dot guthr dot ie Description: ------------ This is a really hard bug to reproduce (e.g. build a simple test case) but I can reliably do so here with my application. I'll attempt to describe the problem in depth, although I warn in advance that it's a bit of a confusing one. During a particular request, PHP seems to corrupt itself quite badly which cases $this to become corrupted within an object. When this happens, is_object($this) still returns true, but any attempt to access a member variable (e.g. $this->mFuncs) will result in the "Notice: Trying to get property of non-object" warning. Similar warning exist when trying to call methods etc. Once this corruption happens, it will remain until the Apache process is restarted (mpm-prefork) although some requests will succeed (I presume it depends what mpm-preforked httpd handler is used?). When this happens, a much simpler test case (which I'll link to) fails also (i.e. it seems that the initial trigger of this causes it to continue, but the simpler test case itself does not seem enough to trigger it initially). The trigger case I have is a rather complex Zend Framework application that I sadly cannot share. I have confirmed this problem is present on 5.3.0 and 5.3.1RC2, so I suspect it's a 5.3.x problem over all. I cannot reproduce the problem on 5.2.11. All builds use -O0 for optimisations (as higher values have proven to cause problems, particularly on x86_64). Reproduce code: --------------- A tarball containing three PHP files: one a UniversalAutoloader structure we use in our projects (it predates spl stuff and actually gives us a different fallback mechanism anyway), and a simple test class that is meant to be autoloaded. Then the test.php file which actually exhibits the bug. As noted previously however, this test case only *exhibits* this bug if the problem is triggered already by some other code. You can see from the backtrace.txt the effect of it failing. I provide this in the hope that it allows something obvious to jump out at you, but I suspect the problem is really some form of stack frame corruption or similar (possibly due to x86_64 as I've not tested to see if it affects 5.3.1 although I will be able to do so in the coming weeks). The URL for this bundle is: http://colin.guthr.ie/php-bug.tar Expected result: ---------------- It should just echo "Foo\n". But as you can see the Notice is triggered and the is_array() check fails (as can be seen, it is impossible for the variable to be anything other than an array). Actual result: -------------- *After* triggering the problem, $this becomes a non-object (although in other tests (is_object($this) still returns true). ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=50027&edit=1