#46749 [Opn->Ver]: Crash when repeatedly attempting to assign to property of non-object.

felipe Thu, 04 Dec 2008 07:32:22 -0800

 ID:               46749
 Updated by:       [EMAIL PROTECTED]
 Reported By:      robin_fernandes at uk dot ibm dot com
-Status:           Open
+Status:           Verified
 Bug Type:         Reproducible crash
 Operating System: *
 PHP Version:      6CVS-2008-12-04 (snap)
 New Comment:


I can reproduce it.

1...2...
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1225472304 (LWP 8923)]
0x0846bc91 in gc_remove_zval_from_buffer (zv=0x895149c,
tsrm_ls=0x87a9050) at /home/felipe/dev/php6/Zend/zend_gc.h:189
189             root->next->prev = root->prev;
(gdb) bt
#0  0x0846bc91 in gc_remove_zval_from_buffer (zv=0x895149c,
tsrm_ls=0x87a9050) at /home/felipe/dev/php6/Zend/zend_gc.h:189
#1  0x0841beaf in _zval_ptr_dtor (zval_ptr=0xbfcf97e8,
__zend_filename=0x878582c "/home/felipe/dev/php6/Zend/zend_execute.c",
__zend_lineno=604)
    at /home/felipe/dev/php6/Zend/zend_execute_API.c:455
#2  0x0849ca24 in zend_assign_to_object (result=0x8951438,
object_ptr=0x8951720, property_name=0x8951464, value_op=0x8951498,
Ts=0x8984188, opcode=136, tsrm_ls=0x87a9050)
    at /home/felipe/dev/php6/Zend/zend_execute.c:604
#3  0x0849c652 in ZEND_ASSIGN_OBJ_SPEC_VAR_CONST_HANDLER
(execute_data=0x8984134, tsrm_ls=0x87a9050) at
/home/felipe/dev/php6/Zend/zend_vm_execute.h:10561
#4  0x08477033 in execute (op_array=0x8950c9c, tsrm_ls=0x87a9050) at
/home/felipe/dev/php6/Zend/zend_vm_execute.h:104
#5  0x084372bf in zend_execute_scripts (type=8, tsrm_ls=0x87a9050,
retval=0x0, file_count=3) at /home/felipe/dev/php6/Zend/zend.c:1723
#6  0x083935e8 in php_execute_script (primary_file=0xbfcfbc98,
tsrm_ls=0x87a9050) at /home/felipe/dev/php6/main/main.c:2216
#7  0x084edc28 in main (argc=2, argv=0xbfcfbe14) at
/home/felipe/dev/php6/sapi/cli/php_cli.c:1141



Previous Comments:
------------------------------------------------------------------------

[2008-12-04 15:30:47] robin_fernandes at uk dot ibm dot com

In fact, the class C above is not necessary to get the crash; here is a
shorter reproduce script. Expected and actual output as above.

<?php
$nonEmptyString = 'hello';
$i=0;
while ($i++<10) {
        echo "$i...";
        @$nonEmptyString->prop = 'Will eventually cause crash';
}
echo "Done."
?>

------------------------------------------------------------------------

[2008-12-04 15:26:55] robin_fernandes at uk dot ibm dot com

Description:
------------
The script below crashes consistently on Windows and Linux on the
latest php6 snap.

This seems to be specific to HEAD: I could NOT recreate the crash on
the latest 5_2 and 5_3 snaps.

Reproduce code:
---------------
<?php
Class C {
        public $nonEmptyString = 'hello';
}

$c = new C;
$i=0;
while ($i++<10) {
        echo "$i...";
        @$c->nonEmptyString->prop = "Will eventually cause crash";
}
echo "Done."
?>

Expected result:
----------------
1...2...3...4...5...6...7...8...9...10...Done.

Actual result:
--------------
1...2...[crash]


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=46749&edit=1

#46749 [Opn->Ver]: Crash when repeatedly attempting to assign to property of non-object.

Reply via email to