From: matteo at beccati dot com Operating system: NetBSD PHP version: 4.4.4 PHP Bug Type: Reproducible crash Bug description: PHP always segfaults with --without-sqlite
Description: ------------ Using $this outside of an object context doesn't throw a fatal error (it does on PHP 5.2.0). Subsequent static method calls throw warnings or exit with SIGSEGV if a custom error handler is set. The bug was also reproduced on Linux and on previous versions (4.4.3, 4.3.11). Reproduce code: --------------- http://beccati.com/php-this-bug.phps Expected result: ---------------- Calling Foo::bar(): BAR Setting $this->test = 1 Fatal error: Using $this when not in object context in /www/- on line 22 Actual result: -------------- Calling Foo::bar(): BAR Setting $this->test = 1 Calling Foo::bar(): Warning: Problem with method call - please report this bug in /tmp/php-this-bug.phps on line 25 BAR Setting a custom error handler Calling Foo::bar(): Segmentation fault (core dumped) -- Backtrace -- #0 0x081fa452 in zval_add_ref (p=0x846cb30) at /root/compile/php-4.4.4/Zend/zend_variables.c:85 No locals. #1 0x0820224c in zend_hash_copy (target=0x846ca24, source=0x846c124, pCopyConstructor=0x81fa44a <zval_add_ref>, tmp=0xbfbfcbcc, size=4) at /root/compile/php-4.4.4/Zend/zend_hash.c:804 p = (Bucket *) 0x846c324 new_entry = (void *) 0x846cb30 #2 0x081fa5b1 in _zval_copy_ctor (zvalue=0x8469c64, __zend_filename=0x8395ca0 "/root/compile/php-4.4.4/Zend/zend_builtin_functions.c", __zend_lineno=246) at /root/compile/php-4.4.4/Zend/zend_variables.c:125 tmp = (zval *) 0x82047fd original_ht = (HashTable *) 0x846c124 tmp_ht = (HashTable *) 0x846ca24 tmp = (zval *) 0x846ca24 original_ht = (HashTable *) 0x846c124 tmp_ht = (HashTable *) 0x8c #3 0x08204841 in zif_func_get_args (ht=0, return_value=0x8469ae4, this_ptr=0x0, return_value_used=1) at /root/compile/php-4.4.4/Zend/zend_builtin_functions.c:246 element = (zval *) 0x8469c64 p = (void **) 0x845d240 arg_count = 5 i = 4 #4 0x0820fd46 in execute (op_array=0x846c080) at /root/compile/php-4.4.4/Zend/zend_execute.c:1675 original_return_value = (zval **) 0x846b21c return_value_used = 1 execute_data = {opline = 0x846b204, function_state = { function_symbol_table = 0x0, function = 0x83f3280, reserved = {0x8200292, 0x8, 0x4, 0x8395720}}, fbc = 0x0, ce = 0x0, object = {ptr = 0x0}, Ts = 0xbfbfcc20, original_in_execution = 1 '\001', op_array = 0x846c080, prev_execute_data = 0xbfbfcf30} #5 0x081f21bd in call_user_function_ex (function_table=0x83f0040, object_pp=0x0, function_name=0x84699a4, retval_ptr_ptr=0xbfbfd010, param_count=5, params=0x8469aa4, no_separation=1, symbol_table=0x0) at /root/compile/php-4.4.4/Zend/zend_execute_API.c:570 i = 5 original_return_value = (zval **) 0xbfbfd2bc calling_symbol_table = (HashTable *) 0x846c124 original_function_state_ptr = <incomplete type> original_op_array = (zend_op_array *) 0x84629a4 original_opline_ptr = <incomplete type> orig_free_op1 = 0 orig_free_op2 = 0 orig_unary_op = <incomplete type> orig_binary_op = <incomplete type> function_name_copy = {value = {lval = 138844900, dval = 2.7654543777738803e-313, str = {val = 0x8469ae4 "¤ÆF\b", len = 13}, ht = 0x8469ae4, obj = {ce = 0x8469ae4, properties = 0xd}}, type = 3 '\003', is_ref = 0 '\0', refcount = 1} execute_data = {opline = 0x0, function_state = { function_symbol_table = 0x40, function = 0x846c080, reserved = { 0xbd6d7713, 0x40, 0x83d7554, 0x4}}, fbc = 0x0, ce = 0x0, object = { ptr = 0x0}, Ts = 0x0, original_in_execution = 36 '$', op_array = 0x0, prev_execute_data = 0xbfbfd240} #6 0x081fbe2d in zend_error (type=2, format=0x83968e0 "Problem with method call - please report this bug") at /root/compile/php-4.4.4/Zend/zend.c:846 args = 0xbfbfd038 "\001" usr_copy = 0xbfbfd038 "\001" params = (zval ***) 0x8469aa4 retval = (zval *) 0x0 z_error_type = (zval *) 0x8469924 z_error_message = (zval *) 0x84698e4 z_error_filename = (zval *) 0x8469964 z_error_lineno = (zval *) 0x8469a24 z_context = (zval *) 0x8469a64 error_filename = 0x8460f64 "/tmp/php-this-bug.phps" error_lineno = 31 orig_user_error_handler = (zval *) 0x84699a4 #7 0x0820ff13 in execute (op_array=0x84629a4) at /root/compile/php-4.4.4/Zend/zend_execute.c:1710 this_ptr = (zval **) 0x846c330 null_ptr = (zval *) 0x0 calling_symbol_table = (HashTable *) 0x83ee7cc original_return_value = (zval **) 0x846c1b0 return_value_used = 0 execute_data = {opline = 0x8468420, function_state = { function_symbol_table = 0x846c124, function = 0x8462e24, reserved = {0x0, 0x0, 0xbfbfe8dc, 0x0}}, fbc = 0x8462e24, ce = 0x8462e80, object = { ptr = 0x8460b64}, Ts = 0xbfbfd040, original_in_execution = 0 '\0', op_array = 0x84629a4, prev_execute_data = 0x0} #8 0x081fc14b in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/compile/php-4.4.4/Zend/zend.c:934 files = 0xbfbfd2f4 "" i = 1 file_handle = <incomplete type> orig_op_array = (zend_op_array *) 0x0 local_retval = (zval *) 0x0 #9 0x081c34a1 in php_execute_script (primary_file=0xbfbfe8dc) at /root/compile/php-4.4.4/main/main.c:1752 orig_bailout = {136409924, 138247356, -1077942308, -1077941980, 137986052, -1077941880, 0, 0, 0, 0, 0, 0, 0} orig_bailout_set = 1 '\001' prepend_file_p = (zend_file_handle *) 0x0 append_file_p = (zend_file_handle *) 0x0 prepend_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0}, free_filename = 0 '\0'} append_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0}, free_filename = 0 '\0'} old_cwd = 0xbfbfd300 "" old_primary_file_path = 0xbfbfea5b "php-this-bug.phps" retval = 0 #10 0x08217aec in main (argc=2, argv=0xbfbfe988) at /root/compile/php-4.4.4/sapi/cli/php_cli.c:832 orig_bailout = {0 <repeats 13 times>} orig_bailout_set = 0 '\0' exit_status = 0 c = -1 file_handle = {type = 2 '\002', filename = 0xbfbfe310 "/tmp/php-this-bug.phps", opened_path = 0x0, handle = { fd = -1116784864, fp = 0xbd6f3720}, free_filename = 0 '\0'} behavior = 1 orig_optind = 1 orig_optarg = 0x0 arg_free = 0xbfbfea5b "php-this-bug.phps" arg_excp = (char **) 0xbfbfe98c script_file = 0xbfbfea5b "php-this-bug.phps" global_vars = {head = 0x0, tail = 0x0, size = 4, count = 0, dtor = 0, persistent = 0 '\0', traverse_ptr = 0xbd6fa0c0} interactive = 0 module_started = 1 lineno = 1 exec_direct = 0x0 param_error = 0x0 hide_argv = 0 #11 0x08071046 in ___start () -- Edit bug report at http://bugs.php.net/?id=39819&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=39819&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=39819&r=trysnapshot52 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=39819&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=39819&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=39819&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=39819&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=39819&r=needscript Try newer version: http://bugs.php.net/fix.php?id=39819&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=39819&r=support Expected behavior: http://bugs.php.net/fix.php?id=39819&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=39819&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=39819&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=39819&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=39819&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=39819&r=dst IIS Stability: http://bugs.php.net/fix.php?id=39819&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=39819&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=39819&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=39819&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=39819&r=mysqlcfg
