ID: 30328
Updated by: [EMAIL PROTECTED]
Reported By: flying at dom dot natm dot ru
-Status: Open
+Status: Verified
Bug Type: Reproducible crash
Operating System: windows 2000
-PHP Version: 5.0.2
+PHP Version: 5.0.4-dev, 5.1-dev
Previous Comments:
------------------------------------------------------------------------
[2004-11-04 15:00:06] [EMAIL PROTECTED]
This actually happens with $testvar defined to anything that will
evaluate to "" for the member (including being undefined).
So:
$testvar= ''; // or NULL, or FALSE, or omitted altogether
$test = new Test();
echo $test->$testvar;
The zend_std_read_property() object handler converts the member to a
string before trying to read it, so in each of the above cases (whether
not defined at all, being defined to an empty string, NULL, or FALSE),
the __get argument $name is an empty string (created with
STR_EMPTY_ALLOC() in convert_to_string()) and makes PHP crash at
shutdown.
Now a crash *only* happens if the argument $name is an empty string
*and* left unmodified (e.g. having $name.= '' in the __get method will
not cause the problem).
Maybe this gives a hint at how to solve the problem.
------------------------------------------------------------------------
[2004-10-05 15:27:51] [EMAIL PROTECTED]
Seems to be 5.0.x specific - I can't reproduce it with 5.1-dev.
Notice: Undefined variable: testvar in /www/index.php on line 13
__get() called:
Program received signal SIGSEGV, Segmentation fault.
0x4207c0dc in mempcpy () from /lib/tls/libc.so.6
(gdb) bt
#0 0x4207c0dc in mempcpy () from /lib/tls/libc.so.6
#1 0x4206e660 in _IO_file_xsputn () from /lib/tls/libc.so.6
#2 0x42062e32 in fwrite () from /lib/tls/libc.so.6
#3 0x081c601a in sapi_cli_single_write (str=0x0, str_length=136509472)
at /home/dev/php-src_PHP_5_0/sapi/cli/php_cli.c:192
#4 0x081c4692 in sapi_cli_ub_write (str=0x0, str_length=136509472) at
/home/dev/php-src_PHP_5_0/sapi/cli/php_cli.c:205
#5 0x0815d563 in php_ub_body_write_no_header (str=0x0,
str_length=136509472) at /home/dev/php-src_PHP_5_0/main/output.c:684
#6 0x0815c1aa in php_body_write (str=0x0, str_length=136509472) at
/home/dev/php-src_PHP_5_0/main/output.c:119
#7 0x0814da36 in php_body_write_wrapper (str=0x0,
str_length=136509472) at /home/dev/php-src_PHP_5_0/main/main.c:1242
#8 0x0819251c in zend_print_zval_ex (write_func=0x814da15
<php_body_write_wrapper>, expr=0xbfffd2b0, indent=0)
at /home/dev/php-src_PHP_5_0/Zend/zend.c:288
#9 0x0819249a in zend_print_zval (expr=0xbfffd300, indent=0) at
/home/dev/php-src_PHP_5_0/Zend/zend.c:269
#10 0x08191c2f in zend_print_variable (var=0xbfffd300) at
/home/dev/php-src_PHP_5_0/Zend/zend_variables.c:168
#11 0x081b9d2d in zend_echo_handler (execute_data=0xffd45008,
opline=0x2ca910bf, op_array=0x2c641c08) at
/home/dev/php-src_PHP_5_0/Zend/zend_execute.c:1989
------------------------------------------------------------------------
[2004-10-05 12:37:01] flying at dom dot natm dot ru
Description:
------------
PHP 5.0.2 on Windows 2000 SP4.
There is reproducible crash happens when one tries to pass undefined
variable to a class with defined __get() function.
Example code:
<?php
class Test {
function __construct() {}
public function __get($name)
{
echo '__get() called: '.$name;
return($name);
}
};
$test = new Test();
echo $test->$testvar;
?>
Running this code from under Apache results in HTTP 500 error, running
it from shell results to some garbage to be shown on screen and program
exit. However running it as:
php.exe test.php >log
results in following text appearing in log:
Notice: Undefined variable: testvar in C:\web\test.php on line 13
__get() called:
Moreover changing return($name); inside __get() to returning anything
else (either static value or some other variable) results in crash
disappearing.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=30328&edit=1
