From: smclean at gmail dot com Operating system: Linux PHP version: 5.0.3 PHP Bug Type: Reproducible crash Bug description: Autoload Interceptor causing unexplained instability
Description: ------------ Under special circumstances the autoload interceptor seems to cause instability. All instances of this crash I have been able to reproduce involve triggering the autoload interceptor by unserializing objects of undefined classes, with custom error handling configured. By either disabling the error handling, the autoload interceptor, or not unserializing the object, the crash is prevented. I titles this bug 'Autoload interceptor causing ...' because the crash always occurs within the autoload interceptor itself or soon after. In the given example, the actual crash occurs when attempting to simply cast a GET variable to a bool and print it, but if you change the parameters of the test, the crash can occur in a multitude of other places, including within the autoload interceptor itself (this is the location of the crash when I originally discovered it, but the reproducing scripts I created caused it to crash elsewhere). I attempted to generate a gdb backtrace, but unfortunately --enable-debug seemed to prevent the crash from occuring. I was able to duplicate this bug on three different Linux machines, each running php 5.0.3 on Slackware 10. Reproduce code: --------------- Download the following tarball: http://pio.longstair.com/misc/crash.tgz Execute: tar zxvf crash.tgz cd crash-2.0 php runme2.php Explanation: runme2.php loads custom error handling and an autoload interceptor include. It then attempts to unserialize a serialized undefined object, and print it out. This succeeds, but the environment becomes unstable, and a simple boolean cast segfaults it. runme1.php simply generates the serialized object string used in runme2.php Expected result: ---------------- Normal program termination Actual result: -------------- Segmentation Violation GDB: Program received signal SIGSEGV, Segmentation fault. zend_error (type=2056, format=0x21fd3500 <Address 0x21fd3500 out of bounds>) at /home/sean/instball/php-5.0.3/Zend/zend.c:985 985 if (Z_TYPE_P(retval) == IS_BOOL && Z_LVAL_P(retval) == 0) { -- Edit bug report at http://bugs.php.net/?id=31233&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=31233&r=trysnapshot4 Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=31233&r=trysnapshot50 Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=31233&r=trysnapshot51 Fixed in CVS: http://bugs.php.net/fix.php?id=31233&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=31233&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=31233&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=31233&r=needscript Try newer version: http://bugs.php.net/fix.php?id=31233&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=31233&r=support Expected behavior: http://bugs.php.net/fix.php?id=31233&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=31233&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=31233&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=31233&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=31233&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=31233&r=dst IIS Stability: http://bugs.php.net/fix.php?id=31233&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=31233&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=31233&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=31233&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=31233&r=mysqlcfg
