Edit report at https://bugs.php.net/bug.php?id=52113&edit=1
ID: 52113 Updated by: der...@php.net Reported by: cmc333333 at gmail dot com Summary: Seg fault after unserializing DatePeriod -Status: Verified +Status: Closed Type: Bug Package: Date/time related Operating System: Debian Squeeze/Sid PHP Version: 5.3.2 Assigned To: derick Block user comment: N Private report: N New Comment: This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. For Windows: http://windows.php.net/snapshots/ Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2011-11-24 21:47:19] fel...@php.net Another way to have a related crash: <?php class dummy extends DateInterval { public function __construct() { } } $x = new dummy; $x->y = 1; 0x0000000000447349 in date_interval_write_property (object=0x7ffff7fcb200, member=0x7ffff7fcd708, value=0x7ffff7fcb180, key=0x7ffff7fcd708, tsrm_ls=0x13ae0c0) at /home/felipe/dev/phptrunk/ext/date/php_date.c:3496 3496 SET_VALUE_FROM_STRUCT(y, "y"); gdb$ bt #0 0x0000000000447349 in date_interval_write_property (object=0x7ffff7fcb200, member=0x7ffff7fcd708, value=0x7ffff7fcb180, key=0x7ffff7fcd708, tsrm_ls=0x13ae0c0) at /home/felipe/dev/phptrunk/ext/date/php_date.c:3496 #1 0x0000000000af9683 in zend_assign_to_object (retval=0x0, object_ptr=0x7ffff7fcf8f0, property_name=0x7ffff7fcd708, value_type=0x1, value_op=0x7ffff7fcc7a0, Ts=0x7ffff7f95190, opcode=0x88, key=0x7ffff7fcd708, tsrm_ls=0x13ae0c0) at /home/felipe/dev/phptrunk/Zend/zend_execute.c:738 #2 0x0000000000bfe0b1 in ZEND_ASSIGN_OBJ_SPEC_CV_CONST_HANDLER (execute_data=0x7ffff7f950f8, tsrm_ls=0x13ae0c0) at /home/felipe/dev/phptrunk/Zend/zend_vm_execute.h:28753 #3 0x0000000000afdab1 in execute (op_array=0x7ffff7fcec00, tsrm_ls=0x13ae0c0) at /home/felipe/dev/phptrunk/Zend/zend_vm_execute.h:410 #4 0x0000000000ab5029 in zend_execute_scripts (type=0x8, tsrm_ls=0x13ae0c0, retval=0x0, file_count=0x3) at /home/felipe/dev/phptrunk/Zend/zend.c:1272 #5 0x00000000009fa7a5 in php_execute_script (primary_file=0x7fffffffe180, tsrm_ls=0x13ae0c0) at /home/felipe/dev/phptrunk/main/main.c:2414 #6 0x0000000000c3d2ce in do_cli (argc=0x2, argv=0x7fffffffe538, tsrm_ls=0x13ae0c0) at /home/felipe/dev/phptrunk/sapi/cli/php_cli.c:983 #7 0x0000000000c3e519 in main (argc=0x2, argv=0x7fffffffe538) at /home/felipe/dev/phptrunk/sapi/cli/php_cli.c:1356 ------------------------------------------------------------------------ [2011-01-22 08:45:27] s...@php.net I meant DateInterval, but true for DatePeriod too. ------------------------------------------------------------------------ [2011-01-22 08:37:47] s...@php.net DatePeriod, as most others Date* objects, does not have proper serialization handler, this is the cause of the segfault. ------------------------------------------------------------------------ [2010-06-18 02:49:51] dtajchre...@php.net Verified with a fresh checkout. Assigning to Derick. david@beirut:~/php/5_3$ sapi/cli/php -v PHP 5.3.3-dev (cli) (built: Jun 17 2010 19:42:56) Copyright (c) 1997-2010 The PHP Group Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies (gdb) r -ddate.timezone="America/Chicago" /home/david/test.php Starting program: /home/david/php/5_3/sapi/cli/php - ddate.timezone="America/Chicago" /home/david/test.php [Thread debugging using libthread_db enabled] Program received signal SIGSEGV, Segmentation fault. timelib_rel_time_clone (rel=0x0) at /usr/include/bits/string3.h:52 52 return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); (gdb) bt #0 timelib_rel_time_clone (rel=0x0) at /usr/include/bits/string3.h:52 #1 0x0000000000421728 in zim_DatePeriod___construct (ht=<value optimized out>, return_value=<value optimized out>, return_value_ptr=<value optimized out>, this_ptr=0xde26c8, return_value_used=<value optimized out>) at /home/david/php/5_3/ext/date/php_date.c:3752 #2 0x00000000006afd36 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7e7f050) at /home/david/php/5_3/Zend/zend_vm_execute.h:316 #3 0x00000000006a9e58 in execute (op_array=0xddd8f8) at /home/david/php/5_3/Zend/zend_vm_execute.h:107 #4 0x00000000006855da in zend_execute_scripts (type=8, retval=<value optimized out>, file_count=3) at /home/david/php/5_3/Zend/zend.c:1194 #5 0x00000000006352ed in php_execute_script (primary_file=<value optimized out>) at /home/david/php/5_3/main/main.c:2260 #6 0x000000000070bad0 in main (argc=<value optimized out>, argv=<value optimized out>) at /home/david/php/5_3/sapi/cli/php_cli.c:1192 ------------------------------------------------------------------------ [2010-06-17 21:49:22] cmc333333 at gmail dot com Description: ------------ PHP 5.3.2-1 with Suhosin-Patch (cli) (built: Mar 14 2010 00:09:57 Standard Debian packages Segfault when trying to construct a DatePeriod with an unserialized DateInterval. Test script: --------------- <?php $start = new DateTime('2003-01-02 08:00:00'); $end = new DateTime('2003-01-02 12:00:00'); $diff = $start->diff($end); $p = new DatePeriod($start, $diff, 2); $diff_s = serialize($diff); $diff_un = unserialize($diff_s); // Will segfault $p = new DatePeriod($start, $diff_un, 2); Expected result: ---------------- No Segfault Actual result: -------------- #0 timelib_rel_time_clone (rel=0x0) at /usr/include/bits/string3.h:52 #1 0x000000000042de6a in zim_DatePeriod___construct (ht=29638928, return_value=0x0, return_value_ptr=0x0, this_ptr=0x1c09668, return_value_used=104) at /build/buildd-php5_5.3.2-1-amd64-Nz9Pgu/php5-5.3.2/ext/date/php_date.c:3727 #2 0x00007fd3c9990c5c in xdebug_execute_internal (current_execute_data=0x7fd3d3bd6068, return_value_used=0) at /build/buildd-xdebug_2.0.5-1+b1-amd64-qDjrMY/xdebug-2.0.5/build-php5/xdebug.c:1631 #3 0x00000000006cb4c6 in zend_do_fcall_common_helper_SPEC (execute_data=0x7fd3d3bd6068) at /build/buildd-php5_5.3.2-1-amd64-Nz9Pgu/php5-5.3.2/Zend/zend_vm_execute.h:315 #4 0x00000000006a29b0 in execute (op_array=0x1c03258) at /build/buildd-php5_5.3.2-1-amd64-Nz9Pgu/php5-5.3.2/Zend/zend_vm_execute.h:104 #5 0x00007fd3c99908a9 in xdebug_execute (op_array=0x1c03258) at /build/buildd-xdebug_2.0.5-1+b1-amd64-qDjrMY/xdebug-2.0.5/build-php5/xdebug.c:1562 #6 0x000000000067a64d in zend_execute_scripts (type=0, retval=0x7fffdbd0dd20, file_count=3) at /build/buildd-php5_5.3.2-1-amd64-Nz9Pgu/php5-5.3.2/Zend/zend.c:1266 #7 0x0000000000626288 in php_execute_script (primary_file=Cannot access memory at address 0x8000dbd0cbb8 ) at /build/buildd-php5_5.3.2-1-amd64-Nz9Pgu/php5-5.3.2/main/main.c:2288 #8 0x000000000070a992 in main (argc=0, argv=0x2c4bf84) at /build/buildd-php5_5.3.2-1-amd64-Nz9Pgu/php5-5.3.2/sapi/cli/php_cli.c:1196 ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=52113&edit=1