From: spam at cimmanon dot org
Operating system: OpenBSD
PHP version: 5.0.4
PHP Bug Type: Reproducible crash
Bug description: Require/include file in destructor causes segfault
Description:
------------
Including a file inside the destructor of a class causes Apache to
segfault, if the file is attempting to print properties of the object.
This did not happen in 5.0.3 (stable).
The problem seems to be in the included file itself. Setting and printing
local variables seems to work just fine, it's the printing of the object's
properties that causes the segfault.
Reproduce code:
---------------
<?
/* main script */
class a {
var $foo = '';
var $bar = '';
function __construct() {
$this->foo = 5;
$this->bar = 'boo';
}
function __destruct() {
print $this->bar;
include('include.php');
}
}
$test = new a;
?>
<?
/* include.php */
print $this->foo;
?>
Expected result:
----------------
This should print "boo", then "5".
Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x09d63402 in yy_push_state (new_state=6) at
Zend/zend_language_scanner.c:5990 5990
yy_start_stack[yy_start_stack_ptr++] = YY_START;(gdb) bt
#0 0x09d63402 in yy_push_state (new_state=6) at
Zend/zend_language_scanner.c:5990#1 0x09d6025f in lex_scan
(zendlval=0xcfbf40c4) at Zend/zend_language_scanner.c:4021#2
0x09d6d975
in zendlex (zendlval=0xcfbf40c0) at
/usr/ports/www/php5/core/w-php5-core-5.0.4/php-5.0.4/Zend/
zend_compile.
c:3688#3 0x09d5effd in zendparse () at Zend/
zend_language_parser.c:2221
#4 0x09d5f4a2 in compile_file (file_handle=<incomplete type>,
type=2)
at Zend/zend_language_scanner.c:3157
#5 0x09d5f632 in compile_filename (type=2,
filename=0x3c147324) at
Zend/zend_language_scanner.c:3202#6 0x09da0dad in
zend_include_or_eval_handler (execute_data=0xcfbf4310,
opline=0x3c147308, op_array=0x3c082f24) at
/usr/ports/www/php5/core/w-php5-core-5.0.4/php-5.0.4/Zend/
zend_execute.
c:3551#7 0x09d9b2ea in execute (op_array=0x3c082f24)
at
/usr/ports/www/php5/core/w-php5-core-5.0.4/php-5.0.4/Zend/
zend_execute.
c:1406#8 0x09d701b0 in zend_call_function (fci=0xcfbf44b0,
fci_cache=0xcfbf4490) at
/usr/ports/www/php5/core/w-php5-core-5.0.4/php-5.0.4/Zend/
zend_execute_
API.c:852#9 0x09d890b6 in zend_call_method
(object_pp=0xcfbf453c,
obj_ce=0x3c111c24, fn_proxy=0x0, function_name=0x29c61fb6
"__destruct", function_name_len=10, retval_ptr_ptr=0x0,
param_count=0,
arg1=0x0, arg2=0x0) at
/usr/ports/www/php5/core/w-php5-core-5.0.4/php-5.0.4/Zend/
zend_interfac
es.c:86#10 0x09d8cf64 in zend_objects_destroy_object
(object=0x3c137ce4,
handle=1) at
/usr/ports/www/php5/core/w-php5-core-5.0.4/php-5.0.4/Zend/
zend_objects.
c:78#11 0x09d8f218 in zend_objects_store_call_destructors
(objects=0x29c874d0) at
/usr/ports/www/php5/core/w-php5-core-5.0.4/php-5.0.4/Zend/
zend_objects_
API.c:54#12 0x09d6ecbd in shutdown_executor ()
at
/usr/ports/www/php5/core/w-php5-core-5.0.4/php-5.0.4/Zend/
zend_execute_
API.c:207#13 0x09d79ede in zend_deactivate ()
at
/usr/ports/www/php5/core/w-php5-core-5.0.4/php-5.0.4/Zend/
zend.c:817#14
0x09d40077 in php_request_shutdown (dummy=0x0) at
/usr/ports/www/php5/core/w-php5-core-5.0.4/php-5.0.4/main/
main.c:1216#15
0x09da5d0a in apache_php_module_main (r=0x3c07b034,
display_source_mode=0) at
/usr/ports/www/php5/core/w-php5-core-5.0.4/php-5.0.4/sapi/
apache/sapi_a
pache.c:60#16 0x09da679e in send_php (r=0x3c07b034,
display_source_mode=0, filename=0x0) at
/usr/ports/www/php5/core/w-php5-core-5.0.4/php-5.0.4/sapi/
apache/mod_ph
p5.c:622#17 0x09da6932 in send_parsed_php (r=0x3c07b034)
at
/usr/ports/www/php5/core/w-php5-core-5.0.4/php-5.0.4/sapi/
apache/mod_ph
p5.c:637#18 0x1c036732 in ap_invoke_handler ()
---Type <return> to continue, or q <return> to quit---
#19 0x1c046e57 in ap_some_auth_required ()
#20 0x1c047007 in ap_process_request ()
#21 0xcfbf4bb0 in ?? ()
#22 0x00000003 in ?? ()
#23 0x3c07b034 in ?? ()
#24 0x3c07b034 in ?? ()
#25 0x3c078044 in ?? ()
#26 0xcfbf4be8 in ?? ()
#27 0x1c03fdbd in ap_child_terminate ()
--
Edit bug report at http://bugs.php.net/?id=32686&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=32686&r=trysnapshot4
Try a CVS snapshot (php5.0):
http://bugs.php.net/fix.php?id=32686&r=trysnapshot50
Try a CVS snapshot (php5.1):
http://bugs.php.net/fix.php?id=32686&r=trysnapshot51
Fixed in CVS: http://bugs.php.net/fix.php?id=32686&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=32686&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=32686&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=32686&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=32686&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=32686&r=support
Expected behavior: http://bugs.php.net/fix.php?id=32686&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=32686&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=32686&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=32686&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=32686&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=32686&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=32686&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=32686&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=32686&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=32686&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=32686&r=mysqlcfg
