Edit report at https://bugs.php.net/bug.php?id=62737&edit=1
ID: 62737 Patch added by: larue...@php.net Reported by: leight at gmail dot com Summary: Segfault invoking SplFileInfo->openFile Status: Analyzed Type: Bug Package: Reproducible crash Operating System: Linux / OSX PHP Version: master-Git-2012-08-03 (Git) Block user comment: N Private report: N New Comment: The following patch has been added/updated: Patch Name: ChangeDisableClassHandler.patch Revision: 1344010885 URL: https://bugs.php.net/patch-display.php?bug=62737&patch=ChangeDisableClassHandler.patch&revision=1344010885 Previous Comments: ------------------------------------------------------------------------ [2012-08-03 15:43:01] reeze dot xia at gmail dot com Hi, by replace create_object function pointer and free function table isn't enough, after apply the patch, I got this, maybe more handlers need to be replaced and cleanup. Fatal error: Uncaught exception 'RuntimeException' with message 'get_class_vars() expects exactly 1 parameter, 2 given' in /Users/reeze/Opensource/php-test/php-src-5.3-dev/xx.php:6 Stack trace: #0 [internal function]: SplFileObject->get_class_vars('/bin/ls', 'r') #1 /Users/reeze/Opensource/php-test/php-src-5.3-dev/xx.php(6): SplFileInfo- >openFile('r') #2 {main} thrown in /Users/reeze/Opensource/php-test/php-src-5.3-dev/xx.php on line 6 ------------------------------------------------------------------------ [2012-08-03 15:03:17] larue...@php.net I have made a patch for this. ------------------------------------------------------------------------ [2012-08-03 15:02:48] larue...@php.net The following patch has been added/updated: Patch Name: ChangeDisableClassHandler.patch Revision: 1344006168 URL: https://bugs.php.net/patch-display.php?bug=62737&patch=ChangeDisableClassHandler.patch&revision=1344006168 ------------------------------------------------------------------------ [2012-08-03 14:25:19] larue...@php.net this is a very badly bug. but I think it's not a spl issues, we should change the behavior of zend_disable_class, since for now, it will delete the class entry, which will make the class entry pointer (preserved by extension) become a wild pointer.. dereference it is a undefined behavior, in this sense, segfault is lucky. ------------------------------------------------------------------------ [2012-08-03 14:12:33] larue...@php.net I think this is not only splFileObject, many classes may has such issues. (especially those who preserves their own class entry). ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=62737 -- Edit this bug report at https://bugs.php.net/bug.php?id=62737&edit=1
