Edit report at https://bugs.php.net/bug.php?id=64280&edit=1
ID: 64280
User updated by: bobwei9 at hotmail dot com
Reported by: bobwei9 at hotmail dot com
Summary: __destruct loop segfaults
-Status: Feedback
+Status: Open
Type: Bug
Package: Reproducible crash
Operating System: Mac OS X Mountain Lion
PHP Version: master-Git-2013-02-22 (Git)
Block user comment: N
Private report: N
New Comment:
I'd consider creating a int implicit_function_call_count to the EG and
incrementing it in zend_call_function (in zend_execute_API.h) (before the next
call to f.ex. zend_execute) and then decrement? And check then there for a
limit and abort it necessary with an E_ERROR? Should not be loads of code?
xdebug? Does everything have to be external to the core?
Previous Comments:
------------------------------------------------------------------------
[2013-02-23 10:10:56] larue...@php.net
you can refer to xdebug.max_nesting_level
anyway, implement such protection needs a lots of work, yes we can simple add
a
count to zend_call_function, but there are many implicit function call, like
autoloading, toString etc.
and for op_array execution, it is executed via zend_execute which is not this
"function call"
so if we add such counter to zend_call_function, many confused question will be
come.
------------------------------------------------------------------------
[2013-02-22 17:44:12] bobwei9 at hotmail dot com
Description:
------------
A destruct loop segfaults due "KERN_PROTECTION_FAILURE".
Please add some sort of counter (until 1000 for example) to every destructor to
avoid segmentation faults.
____
It is not funny when someone thinks he has to produce endless core dumps...
Test script:
---------------
<?php
class getDestructed {
public function __destruct() {
new self;
}
}
$class = new getDestructed;
Expected result:
----------------
Fatal error: Allowed memory size of %ul bytes exhausted at
Zend/zend_execute.h:%s (tried to allocate %i bytes) in xxx on line 3
or some restriction by a counter
Actual result:
--------------
#1 0x0000000100823ce7 in zend_call_function (fci=0x7fff5f400578,
fci_cache=0x7fff5f400500, tsrm_ls=0x1016110c0) at zend_execute_API.c:941
#2 0x000000010086ab02 in zend_call_method (object_pp=0x7fff5f4006e8,
obj_ce=0x1015e22a0, fn_proxy=0x7fff5f4006f8, function_name=0x100e47510
"__destruct", function_name_len=10, retval_ptr_ptr=0x0, param_count=0,
arg1=0x0, arg2=0x0, tsrm_ls=0x1016110c0) at zend_interfaces.c:97
#3 0x00000001008804f8 in zend_objects_destroy_object (object=0x1027f5be0,
handle=2483, tsrm_ls=0x1016110c0) at zend_objects.c:123
#4 0x000000010088e60b in zend_objects_store_del_ref_by_handle_ex (handle=2483,
handlers=0x100ef1188, tsrm_ls=0x1016110c0) at zend_objects_API.c:207
#5 0x000000010088e374 in zend_objects_store_del_ref (zobject=0x1027f5b60,
tsrm_ls=0x1016110c0) at zend_objects_API.c:173
#6 0x0000000100839c66 in _zval_dtor_func (zvalue=0x1027f5b60,
__zend_filename=0x100e49301 "Zend/zend_execute.h", __zend_lineno=81) at
zend_variables.c:54
#7 0x00000001008f4e7a in i_zval_ptr_dtor [inlined] () at
/private/var/root/php-patch/Zend/zend_execute.h:35
#8 0x00000001008f4e7a in ZEND_NEW_SPEC_HANDLER (execute_data=0x1027402f0,
tsrm_ls=0x1016110c0) at zend_variables.h:760
#9 0x000000010089147f in execute_ex (execute_data=0x1027402f0,
tsrm_ls=0x1016110c0) at zend_vm_execute.h:356
#10 0x0000000100892390 in zend_execute (op_array=0x1015e3790,
tsrm_ls=0x1016110c0) at zend_vm_execute.h:381
[...an infinite time of the same error message...]
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=64280&edit=1
