ID: 12049
User updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Open
Bug Type: Reproducible crash
Operating System: Debian GNU/Linux
PHP Version: 4.0.6
New Comment:

This code reproduces the crash:


class A{}
class B extends A {}
class D extends C
{
    function zoom()
      {
        return (parent::zoom());
      }
}
class E extends D {}
class C extends B
{
  function C()
    {
      $this->x = 5;
    }
}

class Storage
{
  var $items; 
  function Storage()
    {
      $this->items=array();
    }
  function add()
    {
      $foo = new E();
      $this->items[] = $foo;
      end($this->items);
      return key($this->items);
    }
  function get($who)
    {
        return $this->items[$who];
    }
}

$Store = new Storage();
$ID = $Store->add();
$Obj = $Store->get($ID);

//Segfaults here
$Obj->zoom();



Previous Comments:
------------------------------------------------------------------------

[2001-07-11 09:28:48] [EMAIL PROTECTED]

PHP is crashing on a call to an object method.  Currently,
the code is too complex to paste here. Will try to create
simpler example. Here's a gdb backtrace:

# gdb /usr/sbin/apache.dbg
GNU gdb 19990928
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public
License, and you are
welcome to change it and/or distribute copies of it under
certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show
warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...
(gdb) run -X
Starting program: /usr/sbin/apache.dbg -X

Program received signal SIGSEGV, Segmentation fault.
0x40267713 in execute (op_array=0x8237f04) at
../../Zend/zend_execute.c:1140
1140
                                zend_fetch_var_address(&opline->result, &opline->op1,
&opline->op2, Ts, BP_VAR_W ELS_CC);
(gdb) bt
#0  0x40267713 in execute (op_array=0x8237f04)
    at ../../Zend/zend_execute.c:1140
#1  0x40269f0f in execute (op_array=0x8237f04)
    at ../../Zend/zend_execute.c:1544
#2  0x40269f0f in execute (op_array=0x8237f04)
    at ../../Zend/zend_execute.c:1544
#3  0x40269f0f in execute (op_array=0x8237f04)
    at ../../Zend/zend_execute.c:1544
#4  0x40269f0f in execute (op_array=0x8237f04)
    at ../../Zend/zend_execute.c:1544
#5  0x40269f0f in execute (op_array=0x8237f04)
    at ../../Zend/zend_execute.c:1544
#6  0x40269f0f in execute (op_array=0x8237f04)
    at ../../Zend/zend_execute.c:1544
#7  0x40269f0f in execute (op_array=0x8237f04)
    at ../../Zend/zend_execute.c:1544
#8  0x40269f0f in execute (op_array=0x8237f04)
    at ../../Zend/zend_execute.c:1544
#9  0x40269f0f in execute (op_array=0x8237f04)
    at ../../Zend/zend_execute.c:1544
#10 0x40269f0f in execute (op_array=0x8237f04)
    at ../../Zend/zend_execute.c:1544
#11 0x40269f0f in execute (op_array=0x8237f04)
---Type <return> to continue, or q <return> to quit---q
 at ../../Zend/zend_execute.c:1544Quit
(gdb) p opline
$1 = (zend_op *) 0x823de5c
(gdb) p *optline
$2 = {opcode = 83 'S', result = {op_type = 4, u = {constant
= {value = {
          lval = 0, dval = 0, str = {val = 0x0, len = 0}, ht
= 0x0, obj = {
            ce = 0x0, properties = 0x0}}, type = 0 '\000',
is_ref = 0 '\000', 
        refcount = 0}, var = 0, opline_num = 0, fetch_type = 0, 
      op_array = 0x0, EA = {var = 0, type = 0}}}, op1 =
{op_type = 1, u = {
      constant = {value = {lval = 136544148, dval =
1.0677440727493824e-313, 
          str = {val = 0x8237f94 "other", len = 5}, ht =
0x8237f94, obj = {
            ce = 0x8237f94, properties = 0x5}}, type = 3
'\003', 
        is_ref = 1 '\001', refcount = 2}, var = 136544148, 
      opline_num = 136544148, fetch_type = 136544148,
op_array = 0x8237f94, 
      EA = {var = 136544148, type = 5}}}, op2 = {op_type =
8, u = {constant = {
        value = {lval = 1, dval = 4.9406564584124654e-324,
str = {
            val = 0x1 <Address 0x1 out of bounds>, len = 0},
ht = 0x1, obj = {
            ce = 0x1, properties = 0x0}}, type = 0 '\000',
is_ref = 0 '\000', 
        refcount = 0}, var = 1, opline_num = 1, fetch_type = 1, 
      op_array = 0x1, EA = {var = 1, type = 0}}},
extended_value = 0, 
  lineno = 1056}
(gdb) 

------------------------------------------------------------------------



ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at http://bugs.php.net/?id=12049&edit=1


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to