Bug #54423 [Opn->Csd]: classes from dl()'ed extensions are not destroyed

tony2001 Thu, 31 Mar 2011 04:59:26 -0700

Edit report at http://bugs.php.net/bug.php?id=54423&edit=1


 ID:                 54423
 Updated by:         tony2...@php.net
 Reported by:        tony2...@php.net
 Summary:            classes from dl()'ed extensions are not destroyed
-Status:             Open
+Status:             Closed
 Type:               Bug
 Package:            Scripting Engine problem
 PHP Version:        5.3SVN-2011-03-30 (SVN)
-Assigned To:        
+Assigned To:        tony2001
 Block user comment: N
 Private report:     N

 New Comment:

Patch committed.


Previous Comments:
------------------------------------------------------------------------
[2011-03-30 14:53:55] tony2...@php.net

Description:
------------
If an extension loaded with dl() declares any clasess, these classes are
not destroyed along with the module and it's other resources.

That causes crashes when using delayed early binding, though that's not
a requirement, see reproduce case below.

Test script:
---------------
Reproduce case is quite intricate:

start ONE child process of any PHP SAPI (except CLI/CGI/embed, of
course)

execute this code:

<?php

dl(<extension declaring any internal classes with create_object()
handler>)

$o = new <That class>;

?>



then comment out the dl() and execute it again.

The class is still present, but it's handler pointers are invalid,
therefore PHP will crash with a similar backtrace:

Program received signal SIGSEGV, Segmentation fault.

0xb6e17da0 in ?? ()

(gdb) bt

#0  0xb6e17da0 in ?? ()

#1  0x081cc629 in _object_and_properties_init (arg=0x83deae8,
class_type=0x8455380, properties=0x0)

    at /local/dev/php/PHP_5_3/Zend/zend_API.c:1088

#2  0x081cc730 in _object_init_ex (arg=0x83deae8, class_type=0x8455380)
at /local/dev/php/PHP_5_3/Zend/zend_API.c:1096

#3  0x081ee86d in ZEND_NEW_SPEC_HANDLER (execute_data=0x8411d80) at
/local/dev/php/PHP_5_3/Zend/zend_vm_execute.h:476

#4  0x081eb4f9 in execute (op_array=0x83dd3f4) at
/local/dev/php/PHP_5_3/Zend/zend_vm_execute.h:107

#5  0x081cab82 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /local/dev/php/PHP_5_3/Zend/zend.c:1194

#6  0x08179b90 in php_execute_script (primary_file=0xbfda0cb0) at
/local/dev/php/PHP_5_3/main/main.c:2268

#7  0x0825a53d in main (argc=1, argv=0xbfda0e04) at
/local/dev/php/PHP_5_3/sapi/fpm/fpm/fpm_main.c:1882

(gdb) f 1

#1  0x081cc629 in _object_and_properties_init (arg=0x83deae8,
class_type=0x8455380, properties=0x0)

    at /local/dev/php/PHP_5_3/Zend/zend_API.c:1088

1088                    Z_OBJVAL_P(arg) =
class_type->create_object(class_type TSRMLS_CC);

(gdb) p class_type->create_object

$1 = (zend_object_value (*)(zend_class_entry *)) 0xb6e17da0

(gdb) p *class_type->create_object

Cannot access memory at address 0xb6e17da0





------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=54423&edit=1

Bug #54423 [Opn->Csd]: classes from dl()'ed extensions are not destroyed

Reply via email to