Edit report at https://bugs.php.net/bug.php?id=61388&edit=1
ID: 61388
User updated by: piotr dot nowak at onet dot eu
Reported by: piotr dot nowak at onet dot eu
Summary: ReflectionObject:getProperties called on ArrayObject
throws Segmentation Fault
Status: Open
Type: Bug
Package: Reflection related
-Operating System: Linux (Ubuntu)
+Operating System: Linux (Ubuntu) x64
PHP Version: 5.4.0
Block user comment: N
Private report: N
New Comment:
To be sure that problem doesn't come from the used package, I have compiled the
current version of 5.4 branch from SVN (revision #324259). It was compiled with
completely default configuration (only --prefix=/tmp/php/php-5.4 was used).
GDB traces:
piotr@piotr-Vostro-430:/tmp/php/php-5.4/bin$ gdb ./php
GNU gdb (Ubuntu/Linaro 7.3-0ubuntu2) 7.3-2011.08
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.launchpad.net/gdb-linaro/>...
Reading symbols from /tmp/php/php-5.4/bin/php...done.
(gdb) run /tmp/bug.php
Starting program: /tmp/php/php-5.4/bin/php /tmp/bug.php
Array
(
)
Array
(
)
Program received signal SIGSEGV, Segmentation fault.
0x000000000056b358 in _adddynproperty (pptr=<optimized out>,
num_args=<optimized out>, args=0x7fffffffb698,
hash_key=0x7fffffffb680) at
/tmp/php/php-src-5.4/ext/reflection/php_reflection.c:3835
3835 if (hash_key->arKey[0] == '\0') {
(gdb) bt
#0 0x000000000056b358 in _adddynproperty (pptr=<optimized out>,
num_args=<optimized out>,
args=0x7fffffffb698, hash_key=0x7fffffffb680) at
/tmp/php/php-src-5.4/ext/reflection/php_reflection.c:3835
#1 0x00000000006893cc in zend_hash_apply_with_arguments (ht=0x7ffff7fd72c0,
apply_func=0x56b310 <_adddynproperty>, num_args=2) at
/tmp/php/php-src-5.4/Zend/zend_hash.c:772
#2 0x000000000056a401 in zim_reflection_class_getProperties (ht=<optimized
out>, return_value=0x7ffff7fd7eb8,
return_value_ptr=<optimized out>, this_ptr=0x7ffff7fd7ee8,
return_value_used=<optimized out>)
at /tmp/php/php-src-5.4/ext/reflection/php_reflection.c:3876
#3 0x000000000071d1d9 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7ffff7fa2060)
at /tmp/php/php-src-5.4/Zend/zend_vm_execute.h:642
#4 0x00000000006d960c in execute (op_array=0x7ffff7fd64a0) at
/tmp/php/php-src-5.4/Zend/zend_vm_execute.h:410
#5 0x000000000067d205 in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
at /tmp/php/php-src-5.4/Zend/zend.c:1272
#6 0x000000000061de28 in php_execute_script (primary_file=0x7fffffffde60)
at /tmp/php/php-src-5.4/main/main.c:2473
#7 0x000000000071f6e7 in do_cli (argc=2, argv=0x7fffffffe238) at
/tmp/php/php-src-5.4/sapi/cli/php_cli.c:983
#8 0x0000000000425590 in main (argc=2, argv=0x7fffffffe238) at
/tmp/php/php-src-5.4/sapi/cli/php_cli.c:1356
(gdb) frame 0
#0 0x000000000056b358 in _adddynproperty (pptr=<optimized out>,
num_args=<optimized out>,
args=0x7fffffffb698, hash_key=0x7fffffffb680) at
/tmp/php/php-src-5.4/ext/reflection/php_reflection.c:3835
3835 if (hash_key->arKey[0] == '\0') {
(gdb) frame 1
#1 0x00000000006893cc in zend_hash_apply_with_arguments (ht=0x7ffff7fd72c0,
apply_func=0x56b310 <_adddynproperty>, num_args=2) at
/tmp/php/php-src-5.4/Zend/zend_hash.c:772
772 result = apply_func(p->pData TSRMLS_CC, num_args, args,
&hash_key);
(gdb) frame 2
#2 0x000000000056a401 in zim_reflection_class_getProperties (ht=<optimized
out>, return_value=0x7ffff7fd7eb8,
return_value_ptr=<optimized out>, this_ptr=0x7ffff7fd7ee8,
return_value_used=<optimized out>)
at /tmp/php/php-src-5.4/ext/reflection/php_reflection.c:3876
3876 zend_hash_apply_with_arguments(properties TSRMLS_CC,
(apply_func_args_t) _adddynproperty, 2, &ce, return_value);
(gdb) frame 3
#3 0x000000000071d1d9 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7ffff7fa2060)
at /tmp/php/php-src-5.4/Zend/zend_vm_execute.h:642
642
fbc->internal_function.handler(opline->extended_value, ret->var.ptr,
(fbc->common.fn_flags & ZEND_ACC_RETURN_REFERENCE) ? &ret->var.ptr : NULL,
EX(object), RETURN_VALUE_USED(opline) TSRMLS_CC);
(gdb) frame 4
#4 0x00000000006d960c in execute (op_array=0x7ffff7fd64a0) at
/tmp/php/php-src-5.4/Zend/zend_vm_execute.h:410
410 if ((ret = OPLINE->handler(execute_data TSRMLS_CC)) >
0) {
(gdb) frame 5
#5 0x000000000067d205 in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
at /tmp/php/php-src-5.4/Zend/zend.c:1272
1272 zend_execute(EG(active_op_array) TSRMLS_CC);
(gdb) frame 6
#6 0x000000000061de28 in php_execute_script (primary_file=0x7fffffffde60)
at /tmp/php/php-src-5.4/main/main.c:2473
2473 retval = (zend_execute_scripts(ZEND_REQUIRE TSRMLS_CC,
NULL, 3, prepend_file_p, primary_file, append_file_p) == SUCCESS);
(gdb) frame 7
#7 0x000000000071f6e7 in do_cli (argc=2, argv=0x7fffffffe238) at
/tmp/php/php-src-5.4/sapi/cli/php_cli.c:983
983 php_execute_script(&file_handle
TSRMLS_CC);
(gdb) frame 8
#8 0x0000000000425590 in main (argc=2, argv=0x7fffffffe238) at
/tmp/php/php-src-5.4/sapi/cli/php_cli.c:1356
1356 exit_status = do_cli(argc, argv TSRMLS_CC);
(gdb)
Previous Comments:
------------------------------------------------------------------------
[2012-03-14 18:10:43] piotr dot nowak at onet dot eu
Description:
------------
When ReflectionObject::getProperty() method is called over ArrayObject instance
the Segmentation Fault is thrown.
The problem appears only when getting public properties from the instance which
was filled using simple brackets call (ex. $x[] = 'something') or numeric
access (ex. $x[0] = 'something'). The problem will not appear when you use
associative access (ex. $x['test'] = 'something').
Problem was seen on nginx+php_fpm but was also confirmed on the cli version.
Additionally the same code was working correctly from years - even on the last
5.3.10 version.
Some additional data:
* Php 5.4.0-1 for Ubuntu oneiric x86_64 was installed from Ondrej's launchpad
https://launchpad.net/~ondrej/+archive/php5
The problem is reproducible in the default configuration.
Test script:
---------------
$x=new ArrayObject();
$x[] = 'test string'; //will cause reflectionobject segfault
$x[0] = 'test string'; //will cause reflectionobject segfault
$x['test'] = 'test string'; //will work
$refl = new ReflectionClass($x);
print_r($refl->getProperties()); //works (but returns nothing)
$reflObj = new ReflectionObject($x);
print_r($reflObj->getProperties(
ReflectionProperty::IS_PRIVATE
| ReflectionProperty::IS_PROTECTED
| ReflectionProperty::IS_STATIC
)); //works (but returns nothing)
print_r($reflObj->getProperties(ReflectionProperty::IS_PUBLIC)); //SEGFAULT
print_r($reflObj->getProperties()); //SEGFAULT
Expected result:
----------------
For shown example it should simply pass without SEGFAULT or throw an Exception
/ Fatal Error if something is wrong on my side.
I am using this method for analysing complicated objects (in this case it was a
PropelObjectCollection object from Propel ORM).
Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x000000000052e94d in _adddynproperty (pptr=0x7fffffffb830, num_args=40,
args=0x7fffffffb738,
hash_key=0x7fffffffb720) at
/build/buildd/php5-5.4.0/ext/reflection/php_reflection.c:3835
3835 /build/buildd/php5-5.4.0/ext/reflection/php_reflection.c: No such file
or directory.
in /build/buildd/php5-5.4.0/ext/reflection/php_reflection.c
(gdb) bt
#0 0x000000000052e94d in _adddynproperty (pptr=0x7fffffffb830, num_args=40,
args=0x7fffffffb738, hash_key=0x7fffffffb720)
at /build/buildd/php5-5.4.0/ext/reflection/php_reflection.c:3835
#1 0x00000000006a9a2c in zend_hash_apply_with_arguments (ht=0x7ffff7fdabc8,
apply_func=0x52e900 <_adddynproperty>, num_args=2)
at /build/buildd/php5-5.4.0/Zend/zend_hash.c:772
#2 0x000000000052d938 in zim_reflection_class_getProperties (ht=-134371384,
return_value=0x7ffff7fda970, return_value_ptr=0x7fffffffb738,
this_ptr=0x7ffff7fda8c8,
return_value_used=-134370960)
at /build/buildd/php5-5.4.0/ext/reflection/php_reflection.c:3876
#3 0x0000000000742b89 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7ffff7f9e060)
at /build/buildd/php5-5.4.0/Zend/zend_vm_execute.h:642
#4 0x00000000006fcbef in execute (op_array=0x7ffff7fd2540)
at /build/buildd/php5-5.4.0/Zend/zend_vm_execute.h:410
#5 0x000000000069ce90 in zend_execute_scripts (type=0, retval=0x8f7fd2448,
file_count=3)
at /build/buildd/php5-5.4.0/Zend/zend.c:1272
#6 0x000000000063c743 in php_execute_script (primary_file=0x0)
at /build/buildd/php5-5.4.0/main/main.c:2473
#7 0x0000000000745221 in do_cli (argc=0, argv=0x7fffffffe50b)
at /build/buildd/php5-5.4.0/sapi/cli/php_cli.c:983
#8 0x000000000042c843 in main (argc=32767, argv=0xd341f0)
at /build/buildd/php5-5.4.0/sapi/cli/php_cli.c:1356
(gdb) frame 4
#4 0x00000000006fcbef in execute (op_array=0x7ffff7fd2540)
at /build/buildd/php5-5.4.0/Zend/zend_vm_execute.h:410
410 /build/buildd/php5-5.4.0/Zend/zend_vm_execute.h: No such file or
directory.
in /build/buildd/php5-5.4.0/Zend/zend_vm_execute.h
(gdb) frame 3
#3 0x0000000000742b89 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7ffff7f9e060)
at /build/buildd/php5-5.4.0/Zend/zend_vm_execute.h:642
642 in /build/buildd/php5-5.4.0/Zend/zend_vm_execute.h
(gdb) frame 2
#2 0x000000000052d938 in zim_reflection_class_getProperties (ht=-134371384,
return_value=0x7ffff7fda970, return_value_ptr=0x7fffffffb738,
this_ptr=0x7ffff7fda8c8,
return_value_used=-134370960)
at /build/buildd/php5-5.4.0/ext/reflection/php_reflection.c:3876
3876 /build/buildd/php5-5.4.0/ext/reflection/php_reflection.c: No such file
or directory.
in /build/buildd/php5-5.4.0/ext/reflection/php_reflection.c
(gdb)
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=61388&edit=1
