#48248 [NEW]: SIGSEGV when access to private property via &__get

ladislav at marek dot su Tue, 12 May 2009 10:10:03 -0700

From:             ladislav at marek dot su
Operating system: Linux
PHP version:      5.3CVS-2009-05-12 (snap)
PHP Bug Type:     Reproducible crash
Bug description:  SIGSEGV when access to private property via &__get


Description:
------------
Attempt to access private property of extended class when the parent class
has method '__get' which returns reference, causing segmentation fault.

Compiled only with --enable-debug.

Reproduce code:
---------------
class A
{
    public function & __get($name)
    {
        return $this->test;
    }
}

class B extends A
{
    private $test;
}


$b = new B;
var_dump($b->test);

Expected result:
----------------
NULL

Actual result:
--------------
#0  0x00000000007b4859 in zend_std_get_property_ptr_ptr (object=0x29d83c8,
member=0x29dbca8) at
/root/php/php5.3-200905121430/Zend/zend_object_handlers.c:588
#1  0x00000000007b9b2e in zend_fetch_property_address
(result=0x7f0590a24350, container_ptr=0xdd73c0, prop_ptr=0x29dbca8,
type=1)
    at /root/php/php5.3-200905121430/Zend/zend_execute.c:1156
#2  0x000000000082e580 in ZEND_FETCH_OBJ_W_SPEC_UNUSED_CONST_HANDLER
(execute_data=0x7f0590a242a8)
    at /root/php/php5.3-200905121430/Zend/zend_vm_execute.h:17494
#3  0x00000000007ba081 in execute (op_array=0x29ddae0) at
/root/php/php5.3-200905121430/Zend/zend_vm_execute.h:104
#4  0x000000000077bcd3 in zend_call_function (fci=0x7fff98bb4d10,
fci_cache=0x7fff98bb4ca0) at
/root/php/php5.3-200905121430/Zend/zend_execute_API.c:936
#5  0x00000000007a684b in zend_call_method (object_pp=0x7fff98bb4db8,
obj_ce=0x29dbe18, fn_proxy=0x29dbfd8, function_name=0xb4dd62 "__get",
    function_name_len=5, retval_ptr_ptr=0x7fff98bb4dc8, param_count=1,
arg1=0x29dca60, arg2=0x0) at
/root/php/php5.3-200905121430/Zend/zend_interfaces.c:97
#6  0x00000000007b29e9 in zend_std_call_getter (object=0x29d83c8,
member=0x29dca60) at
/root/php/php5.3-200905121430/Zend/zend_object_handlers.c:81
#7  0x00000000007b383a in zend_std_read_property (object=0x29d83c8,
member=0x29d98c0, type=0)
    at /root/php/php5.3-200905121430/Zend/zend_object_handlers.c:350
#8  0x000000000084944b in
zend_fetch_property_address_read_helper_SPEC_CV_CONST (type=0,
execute_data=0x7f0590a24090)
    at /root/php/php5.3-200905121430/Zend/zend_vm_execute.h:23769
#9  0x0000000000849574 in ZEND_FETCH_OBJ_R_SPEC_CV_CONST_HANDLER
(execute_data=0x7f0590a24090) at
/root/php/php5.3-200905121430/Zend/zend_vm_execute.h:23794
#10 0x00000000007ba081 in execute (op_array=0x29d8f90) at
/root/php/php5.3-200905121430/Zend/zend_vm_execute.h:104
#11 0x000000000078b381 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /root/php/php5.3-200905121430/Zend/zend.c:1188
#12 0x0000000000719fad in php_execute_script (primary_file=0x7fff98bb7620)
at /root/php/php5.3-200905121430/main/main.c:2182
#13 0x000000000086fd03 in main (argc=2, argv=0x7fff98bb7868) at
/root/php/php5.3-200905121430/sapi/cli/php_cli.c:1188

-- 
Edit bug report at http://bugs.php.net/?id=48248&edit=1
-- 
Try a CVS snapshot (PHP 5.2):        
http://bugs.php.net/fix.php?id=48248&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):        
http://bugs.php.net/fix.php?id=48248&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):        
http://bugs.php.net/fix.php?id=48248&r=trysnapshot60
Fixed in CVS:                        
http://bugs.php.net/fix.php?id=48248&r=fixedcvs
Fixed in CVS and need be documented: 
http://bugs.php.net/fix.php?id=48248&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=48248&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=48248&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=48248&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=48248&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=48248&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=48248&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=48248&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=48248&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=48248&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=48248&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=48248&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=48248&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=48248&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=48248&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=48248&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=48248&r=mysqlcfg

#48248 [NEW]: SIGSEGV when access to private property via &__get

Reply via email to