#36234 [Fbk->Opn]: segfault when testing property of an overloaded class in switch a statement
ID: 36234
User updated by: matt dot flaherty at hildebrand dot co dot uk
Reported By: matt dot flaherty at hildebrand dot co dot uk
-Status: Feedback
+Status: Open
Bug Type: Reproducible crash
Operating System: SUSE LINUX 10.0 (i586)
PHP Version: 4.4.2
New Comment:
Thank you for this. I'm aware that the OO implementation in PHP5 is
very different and I intend to use 5 for any serious OO development
from now on. However, there is a project I'm working on which requires
PHP 4 and needs a drop-in replacement for the PEAR DB libraries within
a third-party framework. As support for PHP 4 is still a going concern
I decided to raise this ticket. Since posting this bug report, I have
also encountered the same problem in PHP 4.3.11. Thank you again for
your response.
Previous Comments:
[2006-02-11 13:19:50] [EMAIL PROTECTED]
Please try using this CVS snapshot:
http://snaps.php.net/php5.1-latest.tar.gz
For Windows:
http://snaps.php.net/win32/php5.1-win32-latest.zip
[2006-01-31 23:51:27] judas dot iscariote at gmail dot com
Program received signal SIGSEGV, Segmentation fault.
0x00417258 in overload_get_property
(property_reference=0x7fe61af8)
at /home/cristian/php-src/ext/overload/overload.c:363
363 if (Z_TYPE_P(overloaded_property) ==
OE_IS_OBJECT) {
(gdb) bt
#0 0x00417258 in overload_get_property
(property_reference=0x7fe61af8)
at /home/cristian/php-src/ext/overload/overload.c:363
#1 0x004e9c01 in get_overloaded_property (T=0x7fe61ae0) at
/home/cristian/php-src/Zend/zend_execute.c:970
#2 0x004e8327 in _get_zval_ptr (node=0x6a6bd0,
Ts=0x7fe614c0, should_free=0x649c10)
at /home/cristian/php-src/Zend/zend_execute.c:93
#3 0x004f2503 in zend_switch_free (opline=0x6a6ba8,
Ts=0x7fe614c0)
at /home/cristian/php-src/Zend/zend_execute.c:236
#4 0x004efe54 in execute (op_array=0x6978d0) at
/home/cristian/php-src/Zend/zend_execute.c:2053
#5 0x004d5cf5 in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
at /home/cristian/php-src/Zend/zend.c:934
#6 0x00498774 in php_execute_script
(primary_file=0x7fe64750) at
/home/cristian/php-src/main/main.c:1753
#7 0x004f50eb in main (argc=2, argv=0x7fe648b8) at
/home/cristian/php-src/sapi/cli/php_cli.c:830
./sapi/cli/php -v
PHP 4.4.3-dev (cli) (built: Jan 31 2006 19:48:51) (DEBUG)
[2006-01-31 18:30:29] matt dot flaherty at hildebrand dot co dot uk
Almost forgot. PHP is configured in the standard way for this distro:
./configure --prefix=/usr --datadir=/usr/share/php
--mandir=/usr/share/man --bindir=/usr/bin --libdir=/usr/share
--includedir=/usr/include --sysconfdir=/etc --with-_lib=lib
--with-config-file-path=/etc --with-exec-dir=/usr/lib/php/bin
--disable-debug --enable-inline-optimization --enable-memory-limit
--enable-magic-quotes --enable-safe-mode --enable-sigchild
--disable-ctype --disable-session --without-mysql --disable-cli
--without-pear --with-openssl --with-apxs2=/usr/sbin/apxs2-prefork
i586-suse-linux
[2006-01-31 18:22:51] matt dot flaherty at hildebrand dot co dot uk
Description:
Apologies in advance if this turns out to be user error, but it seems
odd to me. A segmentation fault occurs when evaluating in a switch
statement an instance property of an overloaded class with which has a
__get() method. It does not matter whether the evaluated property is
native to the instance or overloaded. Also, native and overloaded
properties on an overloaded class instance don't like to be passed by
reference.
If you change the switch statements to cast the argument to (string),
as in "switch ((string)$decorator->bar) {" (a memory copy), then the
expected result occurs. If you leave either of the switch statements
alone there is a crash. Interestingly, with both of the switch
statements "fixed" and the block uncommented that calls function
reverse_me, the output looks like this:
%<
I can see that the value of bar is 'bar' and the value of myVar is
'mine'.
I've tested === and that worked okay.
So did ==.
subst function is okay too.
Fatal error: Only variables can be passed by reference in
/srv/www/htdocs/seagull/www/crash.php on line 54
%<
This is a native property on the instance so I can't understand why
passing by reference is bad. Turning off overloading produces the
expected result there, which is this:
%<
I can see that the value of bar is '' and the value of myVar is
'mine'.
I've tested === and that worked okay.
So did =
#36234 [Opn]: segfault when testing property of an overloaded class in switch a statement
ID: 36234
User updated by: matt dot flaherty at hildebrand dot co dot uk
Reported By: matt dot flaherty at hildebrand dot co dot uk
Status: Open
Bug Type: Reproducible crash
Operating System: SUSE LINUX 10.0 (i586)
PHP Version: 4.4.2
New Comment:
Almost forgot. PHP is configured in the standard way for this distro:
./configure --prefix=/usr --datadir=/usr/share/php
--mandir=/usr/share/man --bindir=/usr/bin --libdir=/usr/share
--includedir=/usr/include --sysconfdir=/etc --with-_lib=lib
--with-config-file-path=/etc --with-exec-dir=/usr/lib/php/bin
--disable-debug --enable-inline-optimization --enable-memory-limit
--enable-magic-quotes --enable-safe-mode --enable-sigchild
--disable-ctype --disable-session --without-mysql --disable-cli
--without-pear --with-openssl --with-apxs2=/usr/sbin/apxs2-prefork
i586-suse-linux
Previous Comments:
[2006-01-31 18:22:51] matt dot flaherty at hildebrand dot co dot uk
Description:
Apologies in advance if this turns out to be user error, but it seems
odd to me. A segmentation fault occurs when evaluating in a switch
statement an instance property of an overloaded class with which has a
__get() method. It does not matter whether the evaluated property is
native to the instance or overloaded. Also, native and overloaded
properties on an overloaded class instance don't like to be passed by
reference.
If you change the switch statements to cast the argument to (string),
as in "switch ((string)$decorator->bar) {" (a memory copy), then the
expected result occurs. If you leave either of the switch statements
alone there is a crash. Interestingly, with both of the switch
statements "fixed" and the block uncommented that calls function
reverse_me, the output looks like this:
%<
I can see that the value of bar is 'bar' and the value of myVar is
'mine'.
I've tested === and that worked okay.
So did ==.
subst function is okay too.
Fatal error: Only variables can be passed by reference in
/srv/www/htdocs/seagull/www/crash.php on line 54
%<
This is a native property on the instance so I can't understand why
passing by reference is bad. Turning off overloading produces the
expected result there, which is this:
%<
I can see that the value of bar is '' and the value of myVar is
'mine'.
I've tested === and that worked okay.
So did ==.
subst function is okay too.
Just passed by myVar by reference and reversed the string. The value is
now enim
I am not expecting a switch statemtent on bar to segfault.
Switch says the value of bar is not 'bar'. It's 'baz'.
I am not expecting a switch statemtent on myVar to segfault.
Switch says the value of myVar is not 'mine'. It's 'yours'.
%<
I have observed this behaviour in php 4.4.0 and 4.4.2. Very strange.
Reproduce code:
---
http://www.jellybee.co.uk/overload_fault.txt
Expected result:
I can see that the value of bar is 'bar' and the value of myVar is
'mine'.
I've tested === and that worked okay.
So did ==.
subst function is okay too.
I am not expecting a switch statemtent on bar to segfault.
Switch says the value of bar is not 'bar'. It's 'baz'.
I am not expecting a switch statemtent on myVar to segfault.
Switch says the value of myVar is not 'mine'. It's 'yours'.
Actual result:
--
Last few lines of Apache2 strace...
open("/srv/www/htdocs/seagull/www/crash.php", O_RDONLY) = 35
fstat64(35, {st_mode=S_IFREG|0644, st_size=2110, ...}) = 0
fstat64(35, {st_mode=S_IFREG|0644, st_size=2110, ...}) = 0
lseek(35, 0, SEEK_CUR) = 0
lseek(35, 0, SEEK_SET) = 0
read(35, "http://bugs.php.net/?id=36234&edit=1
#36234 [NEW]: segfault when testing property of an overloaded class in switch a statement
From: matt dot flaherty at hildebrand dot co dot uk
Operating system: SUSE LINUX 10.0 (i586)
PHP version: 4.4.2
PHP Bug Type: Reproducible crash
Bug description: segfault when testing property of an overloaded class in
switch a statement
Description:
Apologies in advance if this turns out to be user error, but it seems odd
to me. A segmentation fault occurs when evaluating in a switch statement
an instance property of an overloaded class with which has a __get()
method. It does not matter whether the evaluated property is native to the
instance or overloaded. Also, native and overloaded properties on an
overloaded class instance don't like to be passed by reference.
If you change the switch statements to cast the argument to (string), as
in "switch ((string)$decorator->bar) {" (a memory copy), then the expected
result occurs. If you leave either of the switch statements alone there is
a crash. Interestingly, with both of the switch statements "fixed" and the
block uncommented that calls function reverse_me, the output looks like
this:
%<
I can see that the value of bar is 'bar' and the value of myVar is
'mine'.
I've tested === and that worked okay.
So did ==.
subst function is okay too.
Fatal error: Only variables can be passed by reference in
/srv/www/htdocs/seagull/www/crash.php on line 54
%<
This is a native property on the instance so I can't understand why
passing by reference is bad. Turning off overloading produces the expected
result there, which is this:
%<
I can see that the value of bar is '' and the value of myVar is 'mine'.
I've tested === and that worked okay.
So did ==.
subst function is okay too.
Just passed by myVar by reference and reversed the string. The value is
now enim
I am not expecting a switch statemtent on bar to segfault.
Switch says the value of bar is not 'bar'. It's 'baz'.
I am not expecting a switch statemtent on myVar to segfault.
Switch says the value of myVar is not 'mine'. It's 'yours'.
%<
I have observed this behaviour in php 4.4.0 and 4.4.2. Very strange.
Reproduce code:
---
http://www.jellybee.co.uk/overload_fault.txt
Expected result:
I can see that the value of bar is 'bar' and the value of myVar is
'mine'.
I've tested === and that worked okay.
So did ==.
subst function is okay too.
I am not expecting a switch statemtent on bar to segfault.
Switch says the value of bar is not 'bar'. It's 'baz'.
I am not expecting a switch statemtent on myVar to segfault.
Switch says the value of myVar is not 'mine'. It's 'yours'.
Actual result:
--
Last few lines of Apache2 strace...
open("/srv/www/htdocs/seagull/www/crash.php", O_RDONLY) = 35
fstat64(35, {st_mode=S_IFREG|0644, st_size=2110, ...}) = 0
fstat64(35, {st_mode=S_IFREG|0644, st_size=2110, ...}) = 0
lseek(35, 0, SEEK_CUR) = 0
lseek(35, 0, SEEK_SET) = 0
read(35, "http://bugs.php.net/?id=36234&edit=1
--
Try a CVS snapshot (PHP 4.4):
http://bugs.php.net/fix.php?id=36234&r=trysnapshot44
Try a CVS snapshot (PHP 5.1):
http://bugs.php.net/fix.php?id=36234&r=trysnapshot51
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=36234&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=36234&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=36234&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=36234&r=needtrace
Need Reproduce Script:http://bugs.php.net/fix.php?id=36234&r=needscript
Try newer version:http://bugs.php.net/fix.php?id=36234&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=36234&r=support
Expected behavior:http://bugs.php.net/fix.php?id=36234&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=36234&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=36234&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=36234&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=36234&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=36234&r=dst
IIS Stability:http://bugs.php.net/fix.php?id=36234&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=36234&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=36234&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=36234&r=nozend
MySQL Configuration Error:http://bugs.php.net/fix.php?id=36234&r=mysqlcfg
