ID: 30772
User updated by: pecoes at web dot de
Reported By: pecoes at web dot de
Status: Analyzed
Bug Type: Zend Engine 2 problem
Operating System: irrelevant
PHP Version: 5.0.2, 5.1
Assigned To: andi
New Comment:
Hi Tony,
You haven't read my entire post. I've given *two* code samples. The
*second* is the reproduce code. Please note, that my reproduce code is
actually simpler, than what you have "reduced" it to.
My laymen's guess is that php_check_syntax doesn't add a script that
has proven to be faulty to the list require_once and include_once
maintain. The reasoning behind that is superficially seen sound. Why
would you want to try again to include code that has already proven to
be bad? Well, that's why I featured the "real life" sample prior to the
actual reproduce code. There's a scenario, where it's impossible to
avoid a new inclusion attempt, since class_exists *will* call
__autoload if the class doesn't exist.
Peter
Previous Comments:
------------------------------------------------------------------------
[2004-11-16 09:16:25] [EMAIL PROTECTED]
Reproducible both with 5.0 & 5.1 branches.
Program received signal SIGSEGV, Segmentation fault.
0x00000006 in ?? ()
(gdb) bt
#0 0x00000006 in ?? ()
#1 0x00000000 in ?? ()
#2 0xbfffbf30 in ?? ()
#3 0xbfffbf68 in ?? ()
#4 0xbfffbeec in ?? ()
#5 0x00000001 in ?? ()
#6 0x08226ebb in yy_chk ()
#7 0xbfffbf68 in ?? ()
#8 0x08188964 in zif_class_exists (ht=-1073758484, return_value=0x1,
this_ptr=0x8226ebb, return_value_used=-1073758360)
at /home/dev/php-src/Zend/zend_builtin_functions.c:907
Previous frame inner to this frame (corrupt stack?)
Reproduce code could be safely reduced to this:
<?
function __autoload ($class) {
require_once "$class.php";
}
php_check_syntax("Test.php");
class_exists("Test");
?>
------------------------------------------------------------------------
[2004-11-13 10:24:20] pecoes at web dot de
Description:
------------
The reproduce code is pretty straight-forward, which makes the issue
look easy to avoid. My real problem, however, is more subtle:
I'm writing an extensible library. All my internal classes are
__autoload'ed, but I want to treat all user-defined classes as tainted
and load them manually:
Test.php:
<?php
class Tets {} // Note the typo!
?>
bug.php:
<?php
function __autoload ($class) {
require_once "$class.php";
}
function loadManually ($class) {
if (!php_check_syntax("$class.php")) {
throw new Exception("$class.php cannot be included");
}
// class_exists invokes __autoload and things go wrong
if (!class_exists($class)) {
throw new Exception("$class does not exist in $class.php");
}
}
loadManually("Test");
?>
Reproduce code:
---------------
$file = "Test.php";
if (!php_check_syntax($file)) {
die("$file cannot be included");
}
// the following line should do nothing!
require_once $file;
Expected result:
----------------
no crash
Actual result:
--------------
"Fatal Error: Cannot redeclare class..."
and then php(cli) crashes hard!
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=30772&edit=1
