#36234 [Fbk->Opn]: segfault when testing property of an overloaded class in switch a statement
ID: 36234 User updated by: matt dot flaherty at hildebrand dot co dot uk Reported By: matt dot flaherty at hildebrand dot co dot uk -Status: Feedback +Status: Open Bug Type: Reproducible crash Operating System: SUSE LINUX 10.0 (i586) PHP Version: 4.4.2 New Comment: Thank you for this. I'm aware that the OO implementation in PHP5 is very different and I intend to use 5 for any serious OO development from now on. However, there is a project I'm working on which requires PHP 4 and needs a drop-in replacement for the PEAR DB libraries within a third-party framework. As support for PHP 4 is still a going concern I decided to raise this ticket. Since posting this bug report, I have also encountered the same problem in PHP 4.3.11. Thank you again for your response. Previous Comments: [2006-02-11 13:19:50] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5.1-latest.tar.gz For Windows: http://snaps.php.net/win32/php5.1-win32-latest.zip [2006-01-31 23:51:27] judas dot iscariote at gmail dot com Program received signal SIGSEGV, Segmentation fault. 0x00417258 in overload_get_property (property_reference=0x7fe61af8) at /home/cristian/php-src/ext/overload/overload.c:363 363 if (Z_TYPE_P(overloaded_property) == OE_IS_OBJECT) { (gdb) bt #0 0x00417258 in overload_get_property (property_reference=0x7fe61af8) at /home/cristian/php-src/ext/overload/overload.c:363 #1 0x004e9c01 in get_overloaded_property (T=0x7fe61ae0) at /home/cristian/php-src/Zend/zend_execute.c:970 #2 0x004e8327 in _get_zval_ptr (node=0x6a6bd0, Ts=0x7fe614c0, should_free=0x649c10) at /home/cristian/php-src/Zend/zend_execute.c:93 #3 0x004f2503 in zend_switch_free (opline=0x6a6ba8, Ts=0x7fe614c0) at /home/cristian/php-src/Zend/zend_execute.c:236 #4 0x004efe54 in execute (op_array=0x6978d0) at /home/cristian/php-src/Zend/zend_execute.c:2053 #5 0x004d5cf5 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/cristian/php-src/Zend/zend.c:934 #6 0x00498774 in php_execute_script (primary_file=0x7fe64750) at /home/cristian/php-src/main/main.c:1753 #7 0x004f50eb in main (argc=2, argv=0x7fe648b8) at /home/cristian/php-src/sapi/cli/php_cli.c:830 ./sapi/cli/php -v PHP 4.4.3-dev (cli) (built: Jan 31 2006 19:48:51) (DEBUG) [2006-01-31 18:30:29] matt dot flaherty at hildebrand dot co dot uk Almost forgot. PHP is configured in the standard way for this distro: ./configure --prefix=/usr --datadir=/usr/share/php --mandir=/usr/share/man --bindir=/usr/bin --libdir=/usr/share --includedir=/usr/include --sysconfdir=/etc --with-_lib=lib --with-config-file-path=/etc --with-exec-dir=/usr/lib/php/bin --disable-debug --enable-inline-optimization --enable-memory-limit --enable-magic-quotes --enable-safe-mode --enable-sigchild --disable-ctype --disable-session --without-mysql --disable-cli --without-pear --with-openssl --with-apxs2=/usr/sbin/apxs2-prefork i586-suse-linux [2006-01-31 18:22:51] matt dot flaherty at hildebrand dot co dot uk Description: Apologies in advance if this turns out to be user error, but it seems odd to me. A segmentation fault occurs when evaluating in a switch statement an instance property of an overloaded class with which has a __get() method. It does not matter whether the evaluated property is native to the instance or overloaded. Also, native and overloaded properties on an overloaded class instance don't like to be passed by reference. If you change the switch statements to cast the argument to (string), as in "switch ((string)$decorator->bar) {" (a memory copy), then the expected result occurs. If you leave either of the switch statements alone there is a crash. Interestingly, with both of the switch statements "fixed" and the block uncommented that calls function reverse_me, the output looks like this: %< I can see that the value of bar is 'bar' and the value of myVar is 'mine'. I've tested === and that worked okay. So did ==. subst function is okay too. Fatal error: Only variables can be passed by reference in /srv/www/htdocs/seagull/www/crash.php on line 54 %< This is a native property on the instance so I can't understand why passing by reference is bad. Turning off overloading produces the expected result there, which is this: %< I can see that the value of bar is '' and the value of myVar is 'mine'. I've tested === and that worked okay. So did =
#36234 [Opn]: segfault when testing property of an overloaded class in switch a statement
ID: 36234 User updated by: matt dot flaherty at hildebrand dot co dot uk Reported By: matt dot flaherty at hildebrand dot co dot uk Status: Open Bug Type: Reproducible crash Operating System: SUSE LINUX 10.0 (i586) PHP Version: 4.4.2 New Comment: Almost forgot. PHP is configured in the standard way for this distro: ./configure --prefix=/usr --datadir=/usr/share/php --mandir=/usr/share/man --bindir=/usr/bin --libdir=/usr/share --includedir=/usr/include --sysconfdir=/etc --with-_lib=lib --with-config-file-path=/etc --with-exec-dir=/usr/lib/php/bin --disable-debug --enable-inline-optimization --enable-memory-limit --enable-magic-quotes --enable-safe-mode --enable-sigchild --disable-ctype --disable-session --without-mysql --disable-cli --without-pear --with-openssl --with-apxs2=/usr/sbin/apxs2-prefork i586-suse-linux Previous Comments: [2006-01-31 18:22:51] matt dot flaherty at hildebrand dot co dot uk Description: Apologies in advance if this turns out to be user error, but it seems odd to me. A segmentation fault occurs when evaluating in a switch statement an instance property of an overloaded class with which has a __get() method. It does not matter whether the evaluated property is native to the instance or overloaded. Also, native and overloaded properties on an overloaded class instance don't like to be passed by reference. If you change the switch statements to cast the argument to (string), as in "switch ((string)$decorator->bar) {" (a memory copy), then the expected result occurs. If you leave either of the switch statements alone there is a crash. Interestingly, with both of the switch statements "fixed" and the block uncommented that calls function reverse_me, the output looks like this: %< I can see that the value of bar is 'bar' and the value of myVar is 'mine'. I've tested === and that worked okay. So did ==. subst function is okay too. Fatal error: Only variables can be passed by reference in /srv/www/htdocs/seagull/www/crash.php on line 54 %< This is a native property on the instance so I can't understand why passing by reference is bad. Turning off overloading produces the expected result there, which is this: %< I can see that the value of bar is '' and the value of myVar is 'mine'. I've tested === and that worked okay. So did ==. subst function is okay too. Just passed by myVar by reference and reversed the string. The value is now enim I am not expecting a switch statemtent on bar to segfault. Switch says the value of bar is not 'bar'. It's 'baz'. I am not expecting a switch statemtent on myVar to segfault. Switch says the value of myVar is not 'mine'. It's 'yours'. %< I have observed this behaviour in php 4.4.0 and 4.4.2. Very strange. Reproduce code: --- http://www.jellybee.co.uk/overload_fault.txt Expected result: I can see that the value of bar is 'bar' and the value of myVar is 'mine'. I've tested === and that worked okay. So did ==. subst function is okay too. I am not expecting a switch statemtent on bar to segfault. Switch says the value of bar is not 'bar'. It's 'baz'. I am not expecting a switch statemtent on myVar to segfault. Switch says the value of myVar is not 'mine'. It's 'yours'. Actual result: -- Last few lines of Apache2 strace... open("/srv/www/htdocs/seagull/www/crash.php", O_RDONLY) = 35 fstat64(35, {st_mode=S_IFREG|0644, st_size=2110, ...}) = 0 fstat64(35, {st_mode=S_IFREG|0644, st_size=2110, ...}) = 0 lseek(35, 0, SEEK_CUR) = 0 lseek(35, 0, SEEK_SET) = 0 read(35, "http://bugs.php.net/?id=36234&edit=1
#36234 [NEW]: segfault when testing property of an overloaded class in switch a statement
From: matt dot flaherty at hildebrand dot co dot uk Operating system: SUSE LINUX 10.0 (i586) PHP version: 4.4.2 PHP Bug Type: Reproducible crash Bug description: segfault when testing property of an overloaded class in switch a statement Description: Apologies in advance if this turns out to be user error, but it seems odd to me. A segmentation fault occurs when evaluating in a switch statement an instance property of an overloaded class with which has a __get() method. It does not matter whether the evaluated property is native to the instance or overloaded. Also, native and overloaded properties on an overloaded class instance don't like to be passed by reference. If you change the switch statements to cast the argument to (string), as in "switch ((string)$decorator->bar) {" (a memory copy), then the expected result occurs. If you leave either of the switch statements alone there is a crash. Interestingly, with both of the switch statements "fixed" and the block uncommented that calls function reverse_me, the output looks like this: %< I can see that the value of bar is 'bar' and the value of myVar is 'mine'. I've tested === and that worked okay. So did ==. subst function is okay too. Fatal error: Only variables can be passed by reference in /srv/www/htdocs/seagull/www/crash.php on line 54 %< This is a native property on the instance so I can't understand why passing by reference is bad. Turning off overloading produces the expected result there, which is this: %< I can see that the value of bar is '' and the value of myVar is 'mine'. I've tested === and that worked okay. So did ==. subst function is okay too. Just passed by myVar by reference and reversed the string. The value is now enim I am not expecting a switch statemtent on bar to segfault. Switch says the value of bar is not 'bar'. It's 'baz'. I am not expecting a switch statemtent on myVar to segfault. Switch says the value of myVar is not 'mine'. It's 'yours'. %< I have observed this behaviour in php 4.4.0 and 4.4.2. Very strange. Reproduce code: --- http://www.jellybee.co.uk/overload_fault.txt Expected result: I can see that the value of bar is 'bar' and the value of myVar is 'mine'. I've tested === and that worked okay. So did ==. subst function is okay too. I am not expecting a switch statemtent on bar to segfault. Switch says the value of bar is not 'bar'. It's 'baz'. I am not expecting a switch statemtent on myVar to segfault. Switch says the value of myVar is not 'mine'. It's 'yours'. Actual result: -- Last few lines of Apache2 strace... open("/srv/www/htdocs/seagull/www/crash.php", O_RDONLY) = 35 fstat64(35, {st_mode=S_IFREG|0644, st_size=2110, ...}) = 0 fstat64(35, {st_mode=S_IFREG|0644, st_size=2110, ...}) = 0 lseek(35, 0, SEEK_CUR) = 0 lseek(35, 0, SEEK_SET) = 0 read(35, "http://bugs.php.net/?id=36234&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=36234&r=trysnapshot44 Try a CVS snapshot (PHP 5.1): http://bugs.php.net/fix.php?id=36234&r=trysnapshot51 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=36234&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=36234&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=36234&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=36234&r=needtrace Need Reproduce Script:http://bugs.php.net/fix.php?id=36234&r=needscript Try newer version:http://bugs.php.net/fix.php?id=36234&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=36234&r=support Expected behavior:http://bugs.php.net/fix.php?id=36234&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=36234&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=36234&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=36234&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=36234&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=36234&r=dst IIS Stability:http://bugs.php.net/fix.php?id=36234&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=36234&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=36234&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=36234&r=nozend MySQL Configuration Error:http://bugs.php.net/fix.php?id=36234&r=mysqlcfg