From:
Operating system: Any
PHP version: 5.3.8
Package: SPL related
Bug Type: Bug
Bug description:spl_autoload_call crashes with multiple autoloaders if some
return nothing
Description:
------------
spl_autoload_call initializes retval to null at the start of the function,
but
does not reinitialize it to null after destroying the return value of each
autoloader call. As a result, if a subsequent autoloader call does not have
any
return value, then the old dangling pointer is used, resulting in a null
pointer
reference and a segmentation fault, bus error or other entertaining symptom
depending on the time of day.
Many common autoloaders, such as the Symfony autoloaders, always return
true or
false depending on whether they load a class, even though the documentation
for
spl_autoload_register does not call for this at all. This is probably
because
the developers learned the hard way that autoloaders won't play nice
together
unless they return something due to this bug.
A good example of an autoloader that does trigger this bug is the one
provided
with the Amazon AWS standard library for PHP. Their implementation does not
return a value, so PHP segfaults (or similar) if it is later in the chain
of
autoloaders.
This bug can be fixed as follows:
if (retval) {
zval_ptr_dtor(&retval);
}
Becomes:
if (retval) {
zval_ptr_dtor(&retval);
retval = NULL;
}
Patch attached.
Expected result:
----------------
Multiple autoloaders play nice.
Actual result:
--------------
If an autoloader other than the first one has no return value a PHP crash
takes
place due to a dangling pointer to a destroyed value.
--
Edit bug report at https://bugs.php.net/bug.php?id=60042&edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=60042&r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=60042&r=trysnapshot53
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=60042&r=trysnapshottrunk
Fixed in SVN:
https://bugs.php.net/fix.php?id=60042&r=fixed
Fixed in SVN and need be documented:
https://bugs.php.net/fix.php?id=60042&r=needdocs
Fixed in release:
https://bugs.php.net/fix.php?id=60042&r=alreadyfixed
Need backtrace:
https://bugs.php.net/fix.php?id=60042&r=needtrace
Need Reproduce Script:
https://bugs.php.net/fix.php?id=60042&r=needscript
Try newer version:
https://bugs.php.net/fix.php?id=60042&r=oldversion
Not developer issue:
https://bugs.php.net/fix.php?id=60042&r=support
Expected behavior:
https://bugs.php.net/fix.php?id=60042&r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=60042&r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=60042&r=submittedtwice
register_globals:
https://bugs.php.net/fix.php?id=60042&r=globals
PHP 4 support discontinued:
https://bugs.php.net/fix.php?id=60042&r=php4
Daylight Savings: https://bugs.php.net/fix.php?id=60042&r=dst
IIS Stability:
https://bugs.php.net/fix.php?id=60042&r=isapi
Install GNU Sed:
https://bugs.php.net/fix.php?id=60042&r=gnused
Floating point limitations:
https://bugs.php.net/fix.php?id=60042&r=float
No Zend Extensions:
https://bugs.php.net/fix.php?id=60042&r=nozend
MySQL Configuration Error:
https://bugs.php.net/fix.php?id=60042&r=mysqlcfg
