#27468 [NEW]: foreach in __destruct() causes segfault

davojan at mail dot ru Tue, 02 Mar 2004 12:54:09 -0800

From:             davojan at mail dot ru
Operating system: FreeBSD 4.7-RELEASE
PHP version:      5CVS-2004-03-02 (dev)
PHP Bug Type:     Zend Engine 2 problem
Bug description:  foreach in __destruct() causes segfault


Description:
------------
PHP crashes if foreach for a member of the class called in __destruct().
It doesn't matter - does the member exist or not, is it array or not -
result is the same.



Note, that in php5b4 it works fine. Expected result is what I get from it.

Reproduce code:
---------------
<?

class foo {

        function __destruct() {

                foreach ($this->x as $x);

        }

}

new foo();

echo 'OK';

?>

Expected result:
----------------
Warning: Invalid argument supplied for foreach() in
/usr/local/www/data-dist/ils/admin/test/static.php on line 4

OK

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.

0x28531d8d in zend_objects_free_object_storage (object=0xffffffff) at
/usr/ports/distfiles/php5-200403021630/Zend/zend_objects.c:88

88              zend_hash_destroy(object->properties);

(gdb) bt

#0  0x28531d8d in zend_objects_free_object_storage (object=0xffffffff) at
/usr/ports/distfiles/php5-200403021630/Zend/zend_objects.c:88

#1  0x28534883 in zend_objects_store_del_ref (zobject=0x80e82f0) at
/usr/ports/distfiles/php5-200403021630/Zend/zend_objects_API.c:139

#2  0x28519cde in _zval_dtor (zvalue=0x80e82f0, __zend_filename=0x2859dd20
"/usr/ports/distfiles/php5-200403021630/Zend/zend_execute_API.c", 

    __zend_lineno=358) at
/usr/ports/distfiles/php5-200403021630/Zend/zend_variables.c:61

#3  0x2850e5fe in _zval_ptr_dtor (zval_ptr=0xbfbfe120,
__zend_filename=0x285a3160
"/usr/ports/distfiles/php5-200403021630/Zend/zend_execute.c", 

    __zend_lineno=3820) at
/usr/ports/distfiles/php5-200403021630/Zend/zend_execute_API.c:358

#4  0x28549472 in zend_jmp_no_ctor_handler (execute_data=0xbfbfe168,
opline=0x80e85e0, op_array=0x80e80c8)

    at /usr/ports/distfiles/php5-200403021630/Zend/zend_execute.c:3820

#5  0x28541aeb in execute (op_array=0x80e80c8) at
/usr/ports/distfiles/php5-200403021630/Zend/zend_execute.c:1339

#6  0x2851c4d0 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /usr/ports/distfiles/php5-200403021630/Zend/zend.c:1041

#7  0x284d23b3 in php_execute_script (primary_file=0xbfbff7b0) at
/usr/ports/distfiles/php5-200403021630/main/main.c:1650

#8  0x2854e83e in apache_php_module_main (r=0x81fb038,
display_source_mode=0) at
/usr/ports/distfiles/php5-200403021630/sapi/apache/sapi_apache.c:54

#9  0x2854f8c8 in send_php (r=0x81fb038, display_source_mode=0,
filename=0x81fcb10 "/usr/local/www/data/ils/admin/test/static.php")

    at /usr/ports/distfiles/php5-200403021630/sapi/apache/mod_php5.c:621

#10 0x2854f93b in send_parsed_php (r=0x81fb038) at
/usr/ports/distfiles/php5-200403021630/sapi/apache/mod_php5.c:636

#11 0x8053a44 in ap_invoke_handler ()

#12 0x806398d in process_request_internal ()

#13 0x80639ec in ap_process_request ()

#14 0x805cdae in child_main ()

#15 0x805cf40 in make_child ()

#16 0x805d05d in startup_children ()

#17 0x805d5b0 in standalone_main ()

#18 0x805dcab in main ()

#19 0x804fc39 in _start ()

-- 
Edit bug report at http://bugs.php.net/?id=27468&edit=1
-- 
Try a CVS snapshot (php4):  http://bugs.php.net/fix.php?id=27468&r=trysnapshot4
Try a CVS snapshot (php5):  http://bugs.php.net/fix.php?id=27468&r=trysnapshot5
Fixed in CVS:               http://bugs.php.net/fix.php?id=27468&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=27468&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=27468&r=needtrace
Need Reproduce Script:      http://bugs.php.net/fix.php?id=27468&r=needscript
Try newer version:          http://bugs.php.net/fix.php?id=27468&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=27468&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=27468&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=27468&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=27468&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=27468&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=27468&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=27468&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=27468&r=isapi
Install GNU Sed:            http://bugs.php.net/fix.php?id=27468&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=27468&r=float

#27468 [NEW]: foreach in __destruct() causes segfault

Reply via email to