ID: 45805
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
-Status: Open
+Status: Verified
Bug Type: Reproducible crash
Operating System: Linux
PHP Version: 5.3CVS-2008-08-13 (CVS)
-Assigned To:
+Assigned To: dmitry
Previous Comments:
------------------------------------------------------------------------
[2008-08-13 06:44:01] [EMAIL PROTECTED]
Description:
------------
The attached PHP script segfaults with both PHP_5_2 and PHP_5_3.
Reproduce code:
---------------
<?php
class PHPUnit_Util_ErrorHandler
{
public static function handleError($errno, $errstr, $errfile,
$errline)
{
throw new RuntimeException;
}
}
class A {
public function getX() {
return NULL;
}
}
class B {
public function foo() {
$obj = new A;
$source = &$obj->getX();
}
public function bar() {
$m = new ReflectionMethod('B', 'foo');
$m->invoke($this);
}
}
set_error_handler(
array('PHPUnit_Util_ErrorHandler', 'handleError'), E_ALL | E_STRICT
);
$o = new B;
$o->bar();
?>
Actual result:
--------------
[EMAIL PROTECTED] ~ % gdb php
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show
copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
(gdb) r test.php
Starting program: /usr/local/php-5.3/bin/php test.php
[Thread debugging using libthread_db enabled]
[New Thread 0xb77fc6b0 (LWP 21404)]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb77fc6b0 (LWP 21404)]
0x085674c0 in _get_zval_ptr_var (node=0x8a5546c, Ts=0x8c0f888,
should_free=0xbfe03efc, tsrm_ls=0x8a53070)
at /usr/local/src/php/php-5.3/Zend/zend_execute.c:197
197 if (T->str_offset.str->type != IS_STRING
(gdb) bt
#0 0x085674c0 in _get_zval_ptr_var (node=0x8a5546c, Ts=0x8c0f888,
should_free=0xbfe03efc, tsrm_ls=0x8a53070)
at /usr/local/src/php/php-5.3/Zend/zend_execute.c:197
#1 0x085c65fa in ZEND_ASSIGN_SPEC_CV_VAR_HANDLER
(execute_data=0x8c0f82c, tsrm_ls=0x8a53070)
at /usr/local/src/php/php-5.3/Zend/zend_vm_execute.h:27470
#2 0x085c69fd in ZEND_ASSIGN_REF_SPEC_CV_VAR_HANDLER
(execute_data=0x8c0f82c, tsrm_ls=0x8a53070)
at /usr/local/src/php/php-5.3/Zend/zend_vm_execute.h:27515
#3 0x085628ec in execute (op_array=0x8be2214, tsrm_ls=0x8a53070) at
/usr/local/src/php/php-5.3/Zend/zend_vm_execute.h:104
#4 0x08523d5e in zend_call_function (fci=0xbfe04144,
fci_cache=0xbfe04168, tsrm_ls=0x8a53070)
at /usr/local/src/php/php-5.3/Zend/zend_execute_API.c:876
#5 0x08237261 in zim_reflection_method_invoke (ht=1,
return_value=0x8be3e5c, return_value_ptr=0x0, this_ptr=0x8be0854,
return_value_used=0, tsrm_ls=0x8a53070) at
/usr/local/src/php/php-5.3/ext/reflection/php_reflection.c:2510
#6 0x085639bf in zend_do_fcall_common_helper_SPEC
(execute_data=0x8c0f738, tsrm_ls=0x8a53070)
at /usr/local/src/php/php-5.3/Zend/zend_vm_execute.h:315
#7 0x08564a4f in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x8c0f738, tsrm_ls=0x8a53070)
at /usr/local/src/php/php-5.3/Zend/zend_vm_execute.h:428
#8 0x085628ec in execute (op_array=0x8be2b68, tsrm_ls=0x8a53070) at
/usr/local/src/php/php-5.3/Zend/zend_vm_execute.h:104
#9 0x085347e4 in zend_execute_scripts (type=8, tsrm_ls=0x8a53070,
retval=0x0, file_count=3)
at /usr/local/src/php/php-5.3/Zend/zend.c:1199
#10 0x084ad611 in php_execute_script (primary_file=0xbfe06630,
tsrm_ls=0x8a53070)
at /usr/local/src/php/php-5.3/main/main.c:2073
#11 0x085d19a4 in main (argc=2, argv=0xbfe067a4) at
/usr/local/src/php/php-5.3/sapi/cli/php_cli.c:1132
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=45805&edit=1
