ID: 34810 Updated by: [EMAIL PROTECTED] Reported By: antony at zend dot com -Status: Open +Status: Assigned Bug Type: Reproducible crash Operating System: Linux PHP Version: 5.1.0RC1 -Assigned To: +Assigned To: tony2001
Previous Comments: ------------------------------------------------------------------------ [2005-10-10 14:37:56] antony at zend dot com Description: ------------ mysqli::init(), mysqli::connect() and mysqli_warning::__construct() use wrong inherited $this pointer without checking if this_ptr really points to the mysqli_object. In particular conditions this can lead to segfault. Reproduce code: --------------- class DbConnection { private $link = NULL; public function connect() { $this->link = mysqli::init(); var_dump($this->link); } } $db = new DbConnection(); $db->connect(); Actual result: -------------- *** glibc detected *** free(): invalid pointer: 0xbfffece4 *** Program received signal SIGABRT, Aborted. [Switching to Thread 1076990336 (LWP 24078)] 0xffffe410 in ?? () (gdb) bt #0 0xffffe410 in ?? () #1 0xbfffe224 in ?? () #2 0x00000006 in ?? () #3 0x00005e0e in ?? () #4 0x400ec2c1 in raise () from /lib/tls/libc.so.6 #5 0x400edb75 in abort () from /lib/tls/libc.so.6 #6 0x401207aa in __libc_message () from /lib/tls/libc.so.6 #7 0x40126007 in malloc_printerr () from /lib/tls/libc.so.6 #8 0x401276cb in free () from /lib/tls/libc.so.6 #9 0x080c1364 in mysqli_objects_destroy_object (object=0x85585a8, handle=3) at /usr/src/dev/orig/php-src_5_1/ext/mysqli/mysqli.c:152 #10 0x0826ed46 in zend_objects_store_call_destructors (objects=0x84b36ec) at /usr/src/dev/orig/php-src_5_1/Zend/zend_objects_API.c:55 #11 0x08249416 in shutdown_destructors () at /usr/src/dev/orig/php-src_5_1/Zend/zend_execute_API.c:190 #12 0x082559a6 in zend_call_destructors () at /usr/src/dev/orig/php-src_5_1/Zend/zend.c:817 #13 0x08214b38 in php_request_shutdown (dummy=0x0) at /usr/src/dev/orig/php-src_5_1/main/main.c:1210 #14 0x082c1093 in main (argc=2, argv=0xbfffefb4) at /usr/src/dev/orig/php-src_5_1/sapi/cli/php_cli.c:1142 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=34810&edit=1