ID:               38019
 Updated by:       [EMAIL PROTECTED]
 Reported By:      judas dot iscariote at gmail dot com
-Status:           Assigned
+Status:           Closed
 Bug Type:         Reproducible crash
 Operating System: Linux 64 bit
 PHP Version:      5CVS-2006-07-05 (CVS)
 Assigned To:      dmitry
 New Comment:

Fixed in CVS HEAD and PHP_5_2.


Previous Comments:
------------------------------------------------------------------------

[2006-07-06 07:36:43] [EMAIL PROTECTED]

Dmitry, we've already discussed it - the problem is that
shutdown_executor() destroys classes first and then runs objects
destructors (in this case - it's mysqli_objects_free_storage()) which
can access already destroyed class entries.

Here is what valgrind says about it:
http://gcov.php.net/PHP_5_2/tests/ext/mysqli/tests/bug33491.mem
Though, no crash here, even with Zend MM disabled.

This patch: http://tony2001.phpclub.net/dev/tmp/bug38019.diff
fixes the problem for me and I don't see any new ones.

------------------------------------------------------------------------

[2006-07-05 23:11:00] judas dot iscariote at gmail dot com

Description:
------------
the following code segfaults in current PHP 5_2 and PHP 6 CVS in
**debug** mode.(just checked from the CVS, no need to try snapshots)

./configure --enable-debug --with-libdir=lib64
--with-mysqli=/usr/bin/mysql_config --with-zlib=/usr --disable-cgi

not sure if this is related with bug #38003..

        

Reproduce code:
---------------
<?php

class DB extends mysqli {

     private function __construct() {

         echo "bug";

     }

}

$DB = new DB();
?>



Expected result:
----------------
Fatal error: Call to private DB::__construct() from invalid context in
/srv/www/htdocs/singleton.php

Actual result:
--------------
Fatal error: Call to private DB::__construct() from invalid context in
/srv/www/htdocs/singleton.php on line 13

Program received signal SIGSEGV, Segmentation fault.
0x00000000005dd76a in instanceof_function_ex (instance_ce=0xa289b0,
ce=0x9ed4f0, interfaces_only=0 '\0')
    at /local/local/bodegon/php-debug/Zend/zend_operators.c:1600
1600                    if
(instanceof_function(instance_ce->interfaces[i], ce TSRMLS_CC)) {
(gdb) bt
#0  0x00000000005dd76a in instanceof_function_ex (instance_ce=0xa289b0,
ce=0x9ed4f0, interfaces_only=0 '\0')
    at /local/local/bodegon/php-debug/Zend/zend_operators.c:1600
#1  0x00000000005dd7ab in instanceof_function (instance_ce=<value
optimized out>, ce=<value optimized out>)
    at /local/local/bodegon/php-debug/Zend/zend_operators.c:1618
#2  0x000000000049e5d9 in mysqli_objects_free_storage (object=<value
optimized out>)
    at /local/local/bodegon/php-debug/ext/mysqli/mysqli.c:143
#3  0x000000000060329e in zend_objects_store_free_object_storage
(objects=0x8be600)
    at /local/local/bodegon/php-debug/Zend/zend_objects_API.c:86
#4  0x00000000005d8e8c in shutdown_executor () at
/local/local/bodegon/php-debug/Zend/zend_execute_API.c:281
#5  0x00000000005e5ab3 in zend_deactivate () at
/local/local/bodegon/php-debug/Zend/zend.c:854
#6  0x00000000005a417b in php_request_shutdown (dummy=<value optimized
out>)
    at /local/local/bodegon/php-debug/main/main.c:1300
#7  0x00000000006821ea in main (argc=2, argv=0x7fffffd96a48) at
/local/local/bodegon/php-debug/sapi/cli/php_cli.c:1250





------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=38019&edit=1

Reply via email to