ID: 36376 Updated by: [EMAIL PROTECTED] Reported By: jaco at welnet dot nl -Status: Open +Status: Assigned Bug Type: Reproducible crash Operating System: CentOS 4.2 PHP Version: 5.1.2 -Assigned To: +Assigned To: dmitry New Comment:
Assigned to Dmitry, he'll take a look at it. Previous Comments: ------------------------------------------------------------------------ [2006-02-13 11:52:37] jaco at welnet dot nl backtrace from latest cvs cli version: (gdb) bt #0 0x00979f1f in _int_malloc () from /lib/tls/libc.so.6 #1 0x0097bf81 in malloc () from /lib/tls/libc.so.6 #2 0x08204a69 in _emalloc (size=10745888, __zend_filename=0xfffffff0 <Address 0xfffffff0 out of bounds>, __zend_lineno=904, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/src/php5.1-200602130930/Zend/zend_alloc.c:182 #3 0x0820f848 in zend_call_function (fci=0xbf4001d0, fci_cache=0xbf4001b0) at /usr/src/php5.1-200602130930/Zend/zend_execute_API.c:904 #4 0x0822aa1b in zend_call_method (object_pp=0xbf400250, obj_ce=0x99d01a4, fn_proxy=0x99d02ac, function_name=0x82a885a "__clone", function_name_len=7, retval_ptr_ptr=0x0, param_count=88, arg1=0x0, arg2=0x0) at /usr/src/php5.1-200602130930/Zend/zend_interfaces.c:88 #5 0x0822ed8e in zend_objects_clone_members (new_object=0xa30dadc, new_obj_val={handle = 0, handlers = 0xbf400250}, old_object=0xa30d804, handle=13367) at /usr/src/php5.1-200602130930/Zend/zend_objects.c:152 #6 0x0822ee2f in zend_objects_clone_obj (zobject=0x58) at /usr/src/php5.1-200602130930/Zend/zend_objects.c:173 #7 0x0824724a in ZEND_CLONE_SPEC_VAR_HANDLER (execute_data=0xbf4003a0) at /usr/src/php5.1-200602130930/Zend/zend_vm_execute.h:7198 #8 0x08234785 in execute (op_array=0x99d096c) at /usr/src/php5.1-200602130930/Zend/zend_vm_execute.h:92 #9 0x0820f1fc in zend_call_function (fci=0xbf4004f0, fci_cache=0xbf4004d0) at /usr/src/php5.1-200602130930/Zend/zend_execute_API.c:913 #10 0x0822aa1b in zend_call_method (object_pp=0xbf400570, obj_ce=0x99d01a4, fn_proxy=0x99d02ac, function_name=0x82a885a "__clone", function_name_len=7, retval_ptr_ptr=0x0, param_count=88, arg1=0x0, arg2=0x0) at /usr/src/php5.1-200602130930/Zend/zend_interfaces.c:88 #11 0x0822ed8e in zend_objects_clone_members (new_object=0xa30d804, new_obj_val={handle = 0, handlers = 0xbf400570}, old_object=0xa30d52c, handle=13366) at /usr/src/php5.1-200602130930/Zend/zend_objects.c:152 #12 0x0822ee2f in zend_objects_clone_obj (zobject=0x58) at /usr/src/php5.1-200602130930/Zend/zend_objects.c:173 #13 0x0824724a in ZEND_CLONE_SPEC_VAR_HANDLER (execute_data=0xbf4006c0) at /usr/src/php5.1-200602130930/Zend/zend_vm_execute.h:7198 #14 0x08234785 in execute (op_array=0x99d096c) at /usr/src/php5.1-200602130930/Zend/zend_vm_execute.h:92 #15 0x0820f1fc in zend_call_function (fci=0xbf400810, fci_cache=0xbf4007f0) at /usr/src/php5.1-200602130930/Zend/zend_execute_API.c:913 #16 0x0822aa1b in zend_call_method (object_pp=0xbf400890, obj_ce=0x99d01a4, fn_proxy=0x99d02ac, function_name=0x82a885a "__clone", function_name_len=7, retval_ptr_ptr=0x0, param_count=88, arg1=0x0, arg2=0x0) at /usr/src/php5.1-200602130930/Zend/zend_interfaces.c:88 #17 0x0822ed8e in zend_objects_clone_members (new_object=0xa30d52c, new_obj_val={handle = 0, handlers = 0xbf400890}, old_object=0xa30d254, handle=13365) at /usr/src/php5.1-200602130930/Zend/zend_objects.c:152 --- These are the last 17 frames (?) of the backtrace. Is this enough or do you need more? ------------------------------------------------------------------------ [2006-02-13 11:11:24] [EMAIL PROTECTED] Thank you for this bug report. To properly diagnose the problem, we need a backtrace to see what is happening behind the scenes. To find out how to generate a backtrace, please read http://bugs.php.net/bugs-generating-backtrace.php for *NIX and http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32 Once you have generated a backtrace, please submit it to this bug report and change the status back to "Open". Thank you for helping us make PHP better. ------------------------------------------------------------------------ [2006-02-13 11:01:01] jaco at welnet dot nl Description: ------------ PHP segfaults when there is code like '$this->object = clone $this>object' in __clone method. note the '>' syntax which is faulty ofcourse but produces the segfault. tested with latest cvs: PHP 5.1.3-dev (cli) (built: Feb 13 2006 10:52:02) Reproduce code: --------------- class test2 {} class test { public $test2; public function __construct() { $this->test2 = new test2(); } public function __clone() { $test2 = clone $this>test2; } } $test = new test(); $test2 = clone $test; Expected result: ---------------- Notice: Use of undefined constant test2 - assumed 'test2' in FILE on line XX Notice: Object of class test could not be converted to int in FILE on line XX Actual result: -------------- [Mon Feb 13 10:38:40 2006] [notice] child pid 12798 exit signal Segmentation fault (11) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=36376&edit=1