ID: 36006
Updated by: [EMAIL PROTECTED]
Reported By: php_nospam at ramihyn dot sytes dot net
-Status: Assigned
+Status: Closed
Bug Type: Scripting Engine problem
Operating System: Windows, Debian Sarge
PHP Version: 5.1.2
Assigned To: dmitry
New Comment:
Fixed in CVS HEAD, PHP_5_1 and PHP_5_0.
Previous Comments:
------------------------------------------------------------------------
[2006-01-14 01:54:33] php_nospam at ramihyn dot sytes dot net
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1078044800 (LWP 21090)]
zend_std_write_property (object=0xbfffefe0, member=0x860ed50,
value=0x860424c)
at /usr/src/php-5.1.2/Zend/zend_object_handlers.c:374
374 property_info = zend_get_property_info(zobj->ce,
member, (zobj->ce->__set != NULL) TSRMLS_CC);
(gdb) bt
#0 zend_std_write_property (object=0xbfffefe0, member=0x860ed50,
value=0x860424c)
at /usr/src/php-5.1.2/Zend/zend_object_handlers.c:374
#1 0x082e2e5a in zend_assign_to_object (result=0x860ed24,
object_ptr=0x8524c5c, op2=0x2, value_op=0x860ed84, Ts=0xbfffec9c,
opcode=136) at /usr/src/php-5.1.2/Zend/zend_execute.c:607
#2 0x082bdfc9 in ZEND_ASSIGN_OBJ_SPEC_UNUSED_CONST_HANDLER
(execute_data=0xbfffecd0) at zend_vm_execute.h:14644
#3 0x08299068 in execute (op_array=0x8610024) at zend_vm_execute.h:92
#4 0x08299531 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfffede0) at zend_vm_execute.h:226
#5 0x08299068 in execute (op_array=0x860f474) at zend_vm_execute.h:92
#6 0x08276439 in zend_call_function (fci=0xbfffef50,
fci_cache=0xbfffef30) at
/usr/src/php-5.1.2/Zend/zend_execute_API.c:907
#7 0x082906e1 in zend_call_method (object_pp=0xbfffefdc,
obj_ce=0x860ee64, fn_proxy=0x860ef54,
function_name=0x8481e5f "__destruct", function_name_len=10,
retval_ptr_ptr=0x0, param_count=2, arg1=0x0, arg2=0x0)
at /usr/src/php-5.1.2/Zend/zend_interfaces.c:88
#8 0x08294cc9 in zend_objects_destroy_object (object=0x860eba4,
handle=2) at /usr/src/php-5.1.2/Zend/zend_objects.c:78
#9 0x0829758d in zend_objects_store_call_destructors
(objects=0x8524d1c) at /usr/src/php-5.1.2/Zend/zend_objects_API.c:55
#10 0x08275105 in shutdown_destructors () at
/usr/src/php-5.1.2/Zend/zend_execute_API.c:191
#11 0x0827f9ca in zend_call_destructors () at
/usr/src/php-5.1.2/Zend/zend.c:831
#12 0x082459c4 in php_request_shutdown (dummy=0x0) at
/usr/src/php-5.1.2/main/main.c:1253
#13 0x082e4b20 in main (argc=2, argv=0xbffffae4) at
/usr/src/php-5.1.2/sapi/cli/php_cli.c:1230
------------------------------------------------------------------------
[2006-01-14 01:34:05] php_nospam at ramihyn dot sytes dot net
Verified this bug with all 5.0.x and 5.1.x versions on both OS (except
5.1.2 on Debian; currently compiling for a backtrace)
------------------------------------------------------------------------
[2006-01-14 01:19:08] [EMAIL PROTECTED]
Dmitry, please check it out.
Looks like a chicken-and-egg problem to me.
------------------------------------------------------------------------
[2006-01-14 01:13:32] php_nospam at ramihyn dot sytes dot net
Description:
------------
segfault caused by setting properties to null in __destruct()
Reproduce code:
---------------
<?php
class Person {
public $dad;
public function __destruct() {
$this->dad = null; /* no segfault if this is commented out */
}
}
class Dad extends Person {
public $son;
public function __construct() {
$this->son = new Person;
$this->son->dad = $this; /* no segfault if this is commented
out */
}
public function __destruct() {
$this->son = null;
parent::__destruct(); /* segfault here */
}
}
$o = new Dad;
unset($o);
?>
Expected result:
----------------
No segfault
Actual result:
--------------
PHP crashes due to a segfault (crashes apache worker thread when
running as apache module)
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=36006&edit=1
