ID: 36071
Updated by: [EMAIL PROTECTED]
Reported By: kaien at sparcs dot org
-Status: Assigned
+Status: Closed
Bug Type: Scripting Engine problem
Operating System: Linux
PHP Version: 5CVS-2006-01-18 (snap)
Assigned To: dmitry
New Comment:
Fixed in CVS HEAD, PHP_5_1 and PHP_5_0.
Previous Comments:
------------------------------------------------------------------------
[2006-01-19 00:40:43] judas dot iscariote at gmail dot com
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 46912513283232 (LWP 19283)]
0x000000000051b72b in _efree (ptr=0x7ae228) at
/usr/src/debug/php-5.1.2/Zend/zend_alloc.c:303
303 REMOVE_POINTER_FROM_LIST(p);
(gdb) bt
#0 0x000000000051b72b in _efree (ptr=0x7ae228) at
/usr/src/debug/php-5.1.2/Zend/zend_alloc.c:303
#1 0x000000000053c9ca in zend_hash_apply_deleter (ht=0x7ae388,
p=0x8f15d8)
at /usr/src/debug/php-5.1.2/Zend/zend_hash.c:574
#2 0x000000000053cb48 in zend_hash_graceful_reverse_destroy
(ht=0x7ae388)
at /usr/src/debug/php-5.1.2/Zend/zend_hash.c:640
#3 0x00000000005276e9 in shutdown_executor () at
/usr/src/debug/php-5.1.2/Zend/zend_execute_API.c:217
#4 0x0000000000534437 in zend_deactivate () at
/usr/src/debug/php-5.1.2/Zend/zend.c:846
#5 0x00000000004f631a in php_request_shutdown (dummy=<value optimized
out>) at /usr/src/debug/php-5.1.2/main/main.c:1282
#6 0x00000000005c3446 in main (argc=2, argv=0x7fffffd7fdc8) at
/usr/src/debug/php-5.1.2/sapi/cli/php_cli.c:1234
php -v
PHP 5.1.3-dev (cli) (built: Jan 18 2006 13:45:20)
------------------------------------------------------------------------
[2006-01-18 23:38:03] kaien at sparcs dot org
make_real_object() in ZEND_ASSIGN_OBJ separates EG(error_zval_ptr)
Thanks to SEGV, or modification on EG(error_zval_ptr) could be harder
to figure out.
<?
$a = clone 0;
$a[0]->b = 0;
print_r(clone 1);
?>
Warning: __clone method called on non-object in - on line 2
Warning: __clone method called on non-object in - on line 4
stdClass Object
(
[b] => 0
)
Segmentation fault (core dumped)
------------------------------------------------------------------------
[2006-01-18 20:08:07] [EMAIL PROTECTED]
Dmitry, please take a look at it.
------------------------------------------------------------------------
[2006-01-18 19:47:26] kaien at sparcs dot org
Sorry. The comment part (/* */) was just an attempt at humor, which I
thought I had omitted.
Same problem with 5.1.1, 5.1.2.
No crash with 5.0.3.
------------------------------------------------------------------------
[2006-01-18 19:33:26] kaien at sparcs dot org
Description:
------------
2 line of php code crash latest engine.
configure --disable-all
/*
We want immediate fix.
We are scheduled for migration of our service from
php4 to php5 next week.
*/
Reproduce code:
---------------
<?
$a = clone 0;
$a[0]->b = 0;
?>
Expected result:
----------------
NO seg fault.
Actual result:
--------------
Warning: __clone method called on non-object in - on line 2
Segmentation fault (core dumped)
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=36071&edit=1
