[PHP-BUG] Bug #51329 [NEW]: call_user_func_array() crashes with autoload in recursive calls

gergely dot fabian at radix-technologies dot com Fri, 19 Mar 2010 02:30:10 -0700

From:             
Operating system: Ubuntu
PHP version:      5.2.13
Package:          Reproducible crash
Bug Type:         Bug
Bug description:call_user_func_array() crashes with autoload in recursive calls


Description:
------------
PHP 5.2.13 (cli) (built: Mar 19 2010 09:37:12) (configured with ./configure
--prefix=$HOME --enable-debug)

2.6.31-20-generic #58-Ubuntu SMP Fri Mar 12 04:38:19 UTC 2010 x86_64
GNU/Linux



Calling class methods with call_user_func_array() in a recursive call-chain
- if call_user_func_array() autoloads the subsequent class on each step -
will cause a Segmentation fault (if the recursion is enough deep).



If I run the sample script then I'll get a Segmentation fault at 31st
call.

This was reproducible both on PHP 5.2.13 and 5.2.10-2ubuntu6.4.

There is no segfault though if call_user_func_array() is preceded by a call
to class_exists().

Test script:
---------------
$limit = 50;

for($i = 1; $i <= $limit; $i++){

  $f = "<?php

echo \"P$i loaded\\n\";

class P$i{

  public static function execute_me(){

    return \"P$i executed\\n\";

  }

}";

  file_put_contents("P$i.class.php", $f);

}

function __autoload($class_name) {

    require_once $class_name . '.class.php';

}

function callback($limit, $i = 1){

  //class_exists("P$i");

  echo call_user_func_array(array("P$i", 'execute_me'), array());

  if($i < $limit) callback($limit, $i+1);

}

callback($limit);

Expected result:
----------------
P1 loaded

P1 executed

P2 loaded

P2 executed

P3 loaded

P3 executed

...

...

P50 loaded

P50 executed

Actual result:
--------------
P1 loaded

P1 executed

P2 loaded

P2 executed

P3 loaded

P3 executed

...

...

P30 loaded

P30 executed

P31 loaded

Segmentation fault (writing memory)



This is the gdb backtrace:



Core was generated by `php call_user_func_array_bug.php'.

Program terminated with signal 11, Segmentation fault.

#0  0x0000000000586ee9 in zif_call_user_func_array (ht=<value optimized
out>, return_value=0x1d5adf8, return_value_ptr=<value optimized out>, 

    this_ptr=<value optimized out>, return_value_used=<value optimized
out>) at /home/user/opt/php-5.2.13/ext/standard/basic_functions.c:5201

5201            func_params_ht = Z_ARRVAL_PP(params);

(gdb) bt

#0  0x0000000000586ee9 in zif_call_user_func_array (ht=<value optimized
out>, return_value=0x1d5adf8, return_value_ptr=<value optimized out>, 

    this_ptr=<value optimized out>, return_value_used=<value optimized
out>) at /home/user/opt/php-5.2.13/ext/standard/basic_functions.c:5201

#1  0x00000000006526b0 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e2611b0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:200

#2  0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#3  0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e261490) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#4  0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#5  0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e261770) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#6  0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#7  0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e261a50) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#8  0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#9  0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e261d30) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#10 0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#11 0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e262010) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#12 0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#13 0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e2622f0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#14 0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#15 0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e2625d0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#16 0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#17 0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e2628b0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#18 0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#19 0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e262b90) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#20 0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#21 0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e262e70) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#22 0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#23 0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e263150) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#24 0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#25 0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e263430) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#26 0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#27 0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e263710) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#28 0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#29 0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e2639f0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#30 0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#31 0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e263cd0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#32 0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#33 0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e263fb0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#34 0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#35 0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e264290) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#36 0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#37 0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e264570) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#38 0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#39 0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e264850) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#40 0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#41 0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e264b30) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#42 0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#43 0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e264e10) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#44 0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#45 0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e2650f0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#46 0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#47 0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e2653d0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#48 0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#49 0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e2656b0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#50 0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#51 0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e265990) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#52 0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#53 0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e265c70) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#54 0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#55 0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e265f50) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#56 0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#57 0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e266230) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#58 0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#59 0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e266510) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#60 0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#61 0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e2667f0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#62 0x000000000064df04 in execute (op_array=0x1d414a0) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#63 0x0000000000652056 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff1e266b30) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:234

#64 0x000000000064df04 in execute (op_array=0x1d12c20) at
/home/user/opt/php-5.2.13/Zend/zend_vm_execute.h:92

#65 0x000000000062b96a in zend_execute_scripts (type=<value optimized out>,
retval=0x0, file_count=3) at /home/user/opt/php-5.2.13/Zend/zend.c:1134

#66 0x00000000005ea9d3 in php_execute_script (primary_file=<value optimized
out>) at /home/user/opt/php-5.2.13/main/main.c:2036

#67 0x000000000069a1e7 in main (argc=<value optimized out>, argv=<value
optimized out>) at /home/user/opt/php-5.2.13/sapi/cli/php_cli.c:1165

-- 
Edit bug report at http://bugs.php.net/bug.php?id=51329&edit=1
-- 
Try a snapshot (PHP 5.2):            
http://bugs.php.net/fix.php?id=51329&r=trysnapshot52
Try a snapshot (PHP 5.3):            
http://bugs.php.net/fix.php?id=51329&r=trysnapshot53
Try a snapshot (PHP 6.0):            
http://bugs.php.net/fix.php?id=51329&r=trysnapshot60
Fixed in SVN:                        
http://bugs.php.net/fix.php?id=51329&r=fixed
Fixed in SVN and need be documented: 
http://bugs.php.net/fix.php?id=51329&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=51329&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=51329&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=51329&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=51329&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=51329&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=51329&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=51329&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=51329&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=51329&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=51329&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=51329&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=51329&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=51329&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=51329&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=51329&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=51329&r=mysqlcfg

[PHP-BUG] Bug #51329 [NEW]: call_user_func_array() crashes with autoload in recursive calls

Reply via email to