#26268 [Opn->Ver]: An overload()ed class with __set() and another object contained crashes PHP

sniper Tue, 25 Nov 2003 02:28:09 -0800

 ID:               26268
 Updated by:       [EMAIL PROTECTED]
 Reported By:      l dot barnaba at openssl dot it
-Status:           Open
+Status:           Verified
 Bug Type:         Reproducible crash
 Operating System: FreeBSD 4.9-STABLE
-PHP Version:      4.3.4
+PHP Version:      4CVS-20031125
 New Comment:


Just FYI: This works fine with PHP 5..



Previous Comments:
------------------------------------------------------------------------

[2003-11-15 19:26:51] l dot barnaba at openssl dot it

Description:
------------
If you have an overloaded class containing:
* The three __call(), __get() and __set() methods;
* An associated object instantiated in the constructor;
* A call to call_user_func() or call_user_func_array() on the newly
created object;

PHP will crash with signal 11.

I have noticed that removing the __set() magic method makes all behave
correctly, and also not using auxiliary variables in the
call_user_func_array() call (e.g, using:
$obj = new Obj(); call_user_func_array(array(&$obj, $method), $params);
$this->_obj = $obj; instead of:
$this->_obj = new Obj(); call_user_func_array(array(&$this->_obj,
$method), $params); makes things work, but at the end of execution of
large scripts I get memory allocation errors in Unknown Line 0.

Configure line:
'./configure' '--enable-versioning' '--enable-memory-limit'
'--with-layout=GNU' '--with-zlib-dir=/usr' '--disable-all'
'--with-regex=php' '--with-pear' '--enable-ctype' '--enable-ftp'
'--with-gd' '--enable-gd-native-ttf' '--enable-gd-jis-conv'
'--with-freetype-dir=/usr/local' '--with-jpeg-dir=/usr/local'
'--with-png-dir=/usr/local' '--enable-gd-lzw-gif'
'--with-gmp=/usr/local' '--with-mcal=/usr/local'
'--with-mcrypt=/usr/local' '--with-mhash=/usr/local'
'--with-mime-magic=/usr/share/misc/magic.mime'
'--with-mysql=/usr/local' '--with-openssl-dir=/usr'
'--with-openssl=/usr' '--enable-overload' '--with-pcre-regex=yes'
'--with-pdflib=/usr/local' '--enable-posix' '--enable-session'
'--enable-sockets' '--with-sybase-ct=/usr/local' '--enable-sysvsem'
'--enable-sysvshm' '--enable-tokenizer' '--enable-wddx'
'--with-expat-dir=/usr/local' '--enable-xml' '--with-zip=/usr/local'
'--with-zlib=yes' '--with-apxs=/usr/local/sbin/apxs'
'--with-imap=/usr/local' '--with-imap-ssl=/usr/local'
'--with-ncurses=/usr' '--prefix=/usr/local' 'i386-portbld-freebsd4.9'

Running under apache 1.3.28, with no special flags added, also using
the -dist php.ini.

Backtrace:
#0  0x81989ec in execute (op_array=0x82b8e24) at
/usr/ports/lang/php4-cli/work/php-4.3.4/Zend/zend_execute.c:2004
2004                                                    expr_ptr =
*expr_ptr_ptr;
(gdb) bt
#0  0x81989ec in execute (op_array=0x82b8e24) at
/usr/ports/lang/php4-cli/work/php-4.3.4/Zend/zend_execute.c:2004
#1  0x817bdfc in call_user_function_ex (function_table=0x82c7418,
object_pp=0xbfbfe21c, function_name=0x82c7330,
retval_ptr_ptr=0xbfbfe220, param_count=0, params=0x82ca2a4,
no_separation=0, 
    symbol_table=0x0) at
/usr/ports/lang/php4-cli/work/php-4.3.4/Zend/zend_execute_API.c:567
#2  0x80cd812 in overload_call_method (ht=0, return_value=0x82b7664,
this_ptr=0x82b7fe4, return_value_used=1,
property_reference=0xbfbfe37c)
    at
/usr/ports/lang/php4-cli/work/php-4.3.4/ext/overload/overload.c:590
#3  0x8190230 in call_overloaded_function (T=0xbfbfe370, arg_count=0,
return_value=0x82b7664) at
/usr/ports/lang/php4-cli/work/php-4.3.4/Zend/zend_execute.c:978
#4  0x819559b in execute (op_array=0x82b85a4) at
/usr/ports/lang/php4-cli/work/php-4.3.4/Zend/zend_execute.c:1682
#5  0x81838ad in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at
/usr/ports/lang/php4-cli/work/php-4.3.4/Zend/zend.c:884
#6  0x815c5f3 in php_execute_script (primary_file=0xbfbffb1c) at
/usr/ports/lang/php4-cli/work/php-4.3.4/main/main.c:1729
#7  0x819c585 in main (argc=2, argv=0xbfbffb84) at
/usr/ports/lang/php4-cli/work/php-4.3.4/sapi/cli/php_cli.c:819

Thanks if you fix this bug :>.


Reproduce code:
---------------
class Base
{
    function Example() {
        print("Object instantiated\n");
    }
}

class Test
{
    var $_obj;

    function Test() {
        $this->_obj = new Base();
        call_user_func(array(&$this->_obj, 'Example'));
    }

    function __call($method, $params, &$return) { }
    function __get($property, &$value) { }
    function __set($property, $value) {
        $this->$property = $value;
        return true;
    }
}

overload('Test');
$t = new Test();


Expected result:
----------------
"Object Instantiated"

Actual result:
--------------
PHP Crashes with signal 11.


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=26268&edit=1

#26268 [Opn->Ver]: An overload()ed class with __set() and another object contained crashes PHP

Reply via email to