ID: 31233 Updated by: php-bugs@lists.php.net Reported By: smclean at gmail dot com -Status: Feedback +Status: No Feedback Bug Type: Zend Engine 2 problem Operating System: Linux PHP Version: 5.0.3 New Comment:
No feedback was provided for this bug for over a week, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open". Previous Comments: ------------------------------------------------------------------------ [2005-02-28 21:04:18] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5-latest.tar.gz For Windows: http://snaps.php.net/win32/php5-win32-latest.zip ------------------------------------------------------------------------ [2004-12-21 22:59:17] smclean at gmail dot com Description: ------------ Under special circumstances the autoload interceptor seems to cause instability. All instances of this crash I have been able to reproduce involve triggering the autoload interceptor by unserializing objects of undefined classes, with custom error handling configured. By either disabling the error handling, the autoload interceptor, or not unserializing the object, the crash is prevented. I titles this bug 'Autoload interceptor causing ...' because the crash always occurs within the autoload interceptor itself or soon after. In the given example, the actual crash occurs when attempting to simply cast a GET variable to a bool and print it, but if you change the parameters of the test, the crash can occur in a multitude of other places, including within the autoload interceptor itself (this is the location of the crash when I originally discovered it, but the reproducing scripts I created caused it to crash elsewhere). I attempted to generate a gdb backtrace, but unfortunately --enable-debug seemed to prevent the crash from occuring. I was able to duplicate this bug on three different Linux machines, each running php 5.0.3 on Slackware 10. Reproduce code: --------------- Download the following tarball: http://pio.longstair.com/misc/crash.tgz Execute: tar zxvf crash.tgz cd crash-2.0 php runme2.php Explanation: runme2.php loads custom error handling and an autoload interceptor include. It then attempts to unserialize a serialized undefined object, and print it out. This succeeds, but the environment becomes unstable, and a simple boolean cast segfaults it. runme1.php simply generates the serialized object string used in runme2.php Expected result: ---------------- Normal program termination Actual result: -------------- Segmentation Violation GDB: Program received signal SIGSEGV, Segmentation fault. zend_error (type=2056, format=0x21fd3500 <Address 0x21fd3500 out of bounds>) at /home/sean/instball/php-5.0.3/Zend/zend.c:985 985 if (Z_TYPE_P(retval) == IS_BOOL && Z_LVAL_P(retval) == 0) { ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=31233&edit=1