#36825 [Opn->Asn]: Exceptions thrown in ArrayObject::offsetGet cause segfault

tony2001 Wed, 22 Mar 2006 13:47:44 -0800

 ID:               36825
 Updated by:       [EMAIL PROTECTED]
 Reported By:      small at cybertronic dot com
-Status:           Open
+Status:           Assigned
 Bug Type:         SPL related
 Operating System: Linux
 PHP Version:      5.1.2
-Assigned To:      
+Assigned To:      tony2001



Previous Comments:
------------------------------------------------------------------------

[2006-03-22 22:40:36] judas dot iscariote at gmail dot com

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 46912511254464 (LWP 861)]
0x000000000050381f in spl_array_read_dimension_ex (check_inherited=1,
object=0xa13c60, offset=0xa19310, type=0)
    at /local/local/bodegon/php-debug/ext/spl/spl_array.c:265
265        ZVAL_ZVAL(intern->retval, rv, 1, 1);
(gdb) bt full
#0  0x000000000050381f in spl_array_read_dimension_ex
(check_inherited=1, object=0xa13c60, offset=0xa19310, type=0)
    at /local/local/bodegon/php-debug/ext/spl/spl_array.c:265
   is_ref = <value optimized out>
   refcount = <value optimized out>
   rv = (zval *) 0x0
   intern = (spl_array_object *) 0x9f17e0
#1  0x0000000000633c07 in zend_fetch_dimension_address
(result=0x7fffffdaa660, container_ptr=0xa198d8, dim=0xa19310,
    dim_is_tmp_var=0, type=0) at
/local/local/bodegon/php-debug/Zend/zend_execute.c:1164
   overloaded_result = <value optimized out>
   container = <value optimized out>
#2  0x0000000000642fe6 in ZEND_FETCH_DIM_R_SPEC_CV_CONST_HANDLER
(execute_data=0x7fffffdaa6f0)
    at zend_vm_execute.h:20430
   opline = (zend_op *) 0xa192c0
   dim = (zval *) 0xa19310
#3  0x0000000000628a3e in execute (op_array=0xa14cc0) at
zend_vm_execute.h:92
   execute_data = {opline = 0xa19518, function_state =
{function_symbol_table = 0xa19790, function = 0xa14cc0,
    reserved = {0x7fffffdacda0, 0x8d7138, 0x2aaaab642e9c, 0xc}}, fbc =
0x0, op_array = 0xa14cc0, object = 0x0,
  Ts = 0x7fffffdaa570, CVs = 0x7fffffdaa550, original_in_execution = 0
'\0', symbol_table = 0x8d7368,
  prev_execute_data = 0x0, old_error_reporting = 0x0}
#4  0x000000000060b784 in zend_execute_scripts (type=8, retval=<value
optimized out>, file_count=3)
    at /local/local/bodegon/php-debug/Zend/zend.c:1109
   files = {{gp_offset = 40, fp_offset = 48, overflow_arg_area =
0x7fffffdaa970, reg_save_area = 0x7fffffdaa880}}
   i = 1
   file_handle = (zend_file_handle *) 0x7fffffdacda0
   orig_op_array = (zend_op_array *) 0x0
   local_retval = (zval *) 0x0
#5  0x00000000005caa9b in php_execute_script
(primary_file=0x7fffffdacda0)
    at /local/local/bodegon/php-debug/main/main.c:1726
   realfile =
"/srv/www/htdocs/php-bugs/array-obejct.php\000a\000\000\000\000\000symlink\000&#65533;p\000\000\000\000\000`\006\000\000\000\000\000\0001\ta\000\000\000\000\000P&#65533;*\000\000\000\200]*\000\000`\006\000\000\000\000\000\000,\206\000\000\000\000\000
vj\000\000\000\000\000`&#65533;\177", '\0' <repeats 26 times>,
"&#65533;*\000\000\001", '\0' <repeats 15 times>,
"rawurldeP&#65533;*\000\000\000\000\000\000\000\000\000\0002O*\000\0000[j",
'\0' <repeats 13 times>...
   prepend_file_p = (zend_file_handle *) 0x0
   append_file_p = <value optimized out>
   prepend_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0,
handle = {fd = 0, fp = 0x0, stream = {
      handle = 0x0, reader = 0, closer = 0, fteller = 0, interactive =
0}}, free_filename = 0 '\0'}
   append_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0,
handle = {fd = 0, fp = 0x0, stream = {


PHP 5.1.3RC2-dev (cli) (built: Mar 22 2006 15:29:32) (DEBUG)

------------------------------------------------------------------------

[2006-03-22 22:09:33] small at cybertronic dot com

Description:
------------
Throwing exceptions in an overloaded offsetGet() functions seems to
cause segfaults in PHP 5.1.2.

Reproduce code:
---------------
<?php
    class foo extends ArrayObject {
        public function __construct($obj, $flags = 0, $iterator_class =
"ArrayIterator") {
        }

        public function offsetGet($key) {
            throw new Exception("hi");
        }
    }

    $test=new foo();
    try{
        $a=$test['bar'];
    } catch (Exception $e) {
        echo "got exception";
    }
?>


Expected result:
----------------
I expect the output:

got exception

Actual result:
--------------
I get a segfault, with backtrace as follows:

#0  0x081cb2cd in spl_array_read_dimension_ex ()
#1  0x081cb35f in spl_array_read_dimension ()
#2  0x08309d27 in zend_fetch_dimension_address ()
#3  0x0833d89e in ZEND_FETCH_DIM_R_SPEC_CV_CONST_HANDLER ()
#4  0x0830a386 in execute ()
#5  0x082ed585 in zend_execute_scripts ()
#6  0x082a917e in php_execute_script ()
#7  0x0835039d in main ()



------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=36825&edit=1

#36825 [Opn->Asn]: Exceptions thrown in ArrayObject::offsetGet cause segfault

Reply via email to