ID: 27287 Comment by: bugs dot php dot net at baach dot de Reported By: clemens at gutweiler dot net Status: Verified Bug Type: Reproducible crash Operating System: * PHP Version: 5CVS-2004-02-16 New Comment:
Reproducable also in 5.0.0.4b on Linux (cli and apache2) Previous Comments: ------------------------------------------------------------------------ [2004-02-21 11:26:12] mneugebauer at omaha dot com I've also encountered this bug in PHP 5 beta 4 under Mac OS 10.3 (Panther). ------------------------------------------------------------------------ [2004-02-17 03:37:40] clemens at gutweiler dot net Description: ------------ wddx_deserialize crashs when deserializing an serialized object. Configure Command => './configure' '--with-apxs=/usr/local/apache/bin/apxs' '--with-mysql=/usr/local/mysql' '--with-xsl' '--enable-wddx' '--enable-soap' '--with-tidy' '--enable-sockets' Reproduce code: --------------- <?php class foo { } $foo = new foo( ); $foo->abc = 'def'; $string = wddx_serialize_value( $foo ); var_dump( $string ); // segfault: var_dump( wddx_deserialize( $string ) ); ?> Expected result: ---------------- var_dump of the $foo object. Actual result: -------------- (gdb) run segfault.php Starting program: /usr/local/bin/php segfault.php [New Thread 16384 (LWP 3990)] string(173) "<wddxPacket version='1.0'><header/><data><struct><var name='php_class_name'><string>foo</string></var><var name='abc'><string>def</string></var></struct></data></wddxPacket>" Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 16384 (LWP 3990)] 0x081a6329 in zend_hash_find (ht=0x82ac658, arKey=0x403cc9dc "__wakeup", nKeyLength=9, pData=0x0) at /data/php-5.0.0b4/Zend/zend_hash.c:846 846 p = ht->arBuckets[nIndex]; (gdb) bt #0 0x081a6329 in zend_hash_find (ht=0x82ac658, arKey=0x403cc9dc "__wakeup", nKeyLength=9, pData=0x0) at /data/php-5.0.0b4/Zend/zend_hash.c:846 #1 0x081982a6 in zend_call_function (fci=0xbfffd4d0, fci_cache=0x0) at /data/php-5.0.0b4/Zend/zend_execute_API.c:629 #2 0x08198155 in call_user_function_ex (function_table=0x0, object_pp=0x0, function_name=0x0, retval_ptr_ptr=0x0, param_count=0, params=0x0, no_separation=0, symbol_table=0x0) at /data/php-5.0.0b4/Zend/zend_execute_API.c:518 #3 0x08167eac in php_wddx_pop_element (user_data=0xbfffd6c0, name=0x82a9690 "struct") at /data/php-5.0.0b4/ext/wddx/wddx.c:919 #4 0x0816bfff in _end_element_handler (user=0x403cca2c, name=0x82a9640 "struct") at /data/php-5.0.0b4/ext/xml/compat.c:198 #5 0x4018489c in xmlParseStartTag () from /usr/lib/libxml2.so.2 #6 0x40184997 in xmlParseEndTag () from /usr/lib/libxml2.so.2 #7 0x401883c2 in xmlParseExtParsedEnt () from /usr/lib/libxml2.so.2 #8 0x401887bf in xmlParseChunk () from /usr/lib/libxml2.so.2 #9 0x0816c525 in php_XML_Parse (parser=0x0, data=0x403ccb14 "<wddxPacket version='1.0'><header/><data><struct><var name='php_class_name'><string>foo</string></var><var name='abc'><string>def</string></var></struct></data></wddxPacket>", data_len=173, is_final=1) at /data/php-5.0.0b4/ext/xml/compat.c:501 #10 0x081682a7 in php_wddx_deserialize_ex ( value=0x403ccb14 "<wddxPacket version='1.0'><header/><data><struct><var name='php_class_name'><string>foo</string></var><var name='abc'><string>def</string></var></struct></data></wddxPacket>", vallen=173, return_value=0x403cc95c) at /data/php-5.0.0b4/ext/wddx/wddx.c:1104 #11 0x08168b0d in zif_wddx_deserialize (ht=1, return_value=0x403cc95c, this_ptr=0x0, return_value_used=0) at /data/php-5.0.0b4/ext/wddx/wddx.c:1325 #12 0x081bd923 in zend_do_fcall_common_helper (execute_data=0xbfffd950, opline=0x403d7784, op_array=0x403cc334) at /data/php-5.0.0b4/Zend/zend_execute.c:2642 #13 0x081bda9a in zend_do_fcall_handler (execute_data=0xbfffd950, opline=0x403d7784, op_array=0x403cc334) at /data/php-5.0.0b4/Zend/zend_execute.c:2771 #14 0x081ba573 in execute (op_array=0x403cc334) at /data/php-5.0.0b4/Zend/zend_execute.c:1339 #15 0x081a0a09 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /data/php-5.0.0b4/Zend/zend.c:1052 #16 0x08171683 in php_execute_script (primary_file=0xbffffd30) at /data/php-5.0.0b4/main/main.c:1647 #17 0x081c4a5c in main (argc=2, argv=0xbffffdb4) at /data/php-5.0.0b4/sapi/cli/php_cli.c:941 (gdb) frame 14 #14 0x081ba573 in execute (op_array=0x403cc334) at /data/php-5.0.0b4/Zend/zend_execute.c:1339 1339 if (EX(opline)->handler(&execute_data, EX(opline), op_array TSRMLS_CC)) { (gdb) print (char *)(executor_globals.function_state_ptr->function)->common.function_name $1 = 0x81e56e5 "wddx_deserialize" (gdb) print (char *)executor_globals.active_op_array->function_name $2 = 0x0 (gdb) print (char *)executor_globals.active_op_array->filename $3 = 0x403cc404 "/web/segfault.php" (gdb) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=27287&edit=1