Segmentation fault when runkit_import overwrites private or protected static properties modifed via reflection #42

Closed
DeuceSeven opened this Issue Oct 21, 2012 · 3 comments

Projects

None yet

2 participants

@DeuceSeven

A segmentation fault occurs when using runkit_import to reset private or protected static properties that were modifed via reflection. The server is running PHP 5.3.3 with Zend Engine v2.3.0 and runkit was updated with the master branch on 10/19/2012.

TestClass.php (class to be reloaded)

class TestClass{
   private static $property;
}

TestReload.php (class to duplicate error)

require_once('TestClass.php');

$oTestReload = new TestReload('TestClass');
unset($oTestReload);

class TestReload{

   private $refClass;

   public function TestReload($sClass){
      
      $this->refClass = new ReflectionClass($sClass);
      
      // Verify default property values
      $this->GetProperties();
   
      // Change property values
      $this->SetProperties('test');

      // Verify property values were changed
      $this->GetProperties();
      
      // Reload class
      $oReload = new Reload('TestClass.php');
      unset($oReload);

      // Verify the property values were reset to default
      $this->GetProperties();

      unset($this->refClass);
   }
   
   private function GetProperties(){
      $aProps = $this->refClass->getStaticProperties();
      var_dump($aProps);
   }
   
   private function SetProperties($sValue){
      $aProps = $this->refClass->getStaticProperties();
      foreach($aProps as $sKey => $oProp){
         $refProp = $this->refClass->getProperty($sKey);
         $refProp->setAccessible(true);
         $refProp->setValue($sValue);
         unset($refProp);
      }
   }
}

class Reload{
   public function Reload($sClassPath){
      runkit_import($sClassPath, (RUNKIT_IMPORT_OVERRIDE|RUNKIT_IMPORT_CLASS_STATIC_PROPS));
   }
}

result

array(1) {
  ["property"]=>
  NULL
}
array(1) {
  ["property"]=>
  string(4) "test"
}
Segmentation fault

expected result

array(1) {
  ["property"]=>
  NULL
}
array(1) {
  ["property"]=>
  string(4) "test"
}
array(1) {
  ["property"]=>
  NULL
}

gdb results

Program terminated with signal 11, Segmentation fault.
#0  0x00007f480f7c28ca in php_runkit_import_class_static_props (ht=, return_value=0x2675928, return_value_ptr=, 
    this_ptr=, return_value_used=) at /home/test/runkit/runkit_import.c:287
287                                     || (Z_TYPE_PP(pp) & IS_CONSTANT_TYPE_MASK) == IS_CONSTANT

gdb backtrace

#0  0x00007f480f7c28ca in php_runkit_import_class_static_props (ht=, return_value=0x2675928, return_value_ptr=, 
    this_ptr=, return_value_used=) at /home/test/runkit/runkit_import.c:287
#1  php_runkit_import_classes (ht=, return_value=0x2675928, return_value_ptr=, this_ptr=, 
    return_value_used=) at /home/test/runkit/runkit_import.c:490
#2  zif_runkit_import (ht=, return_value=0x2675928, return_value_ptr=, this_ptr=, 
    return_value_used=) at /home/test/runkit/runkit_import.c:679
#3  0x00007f4813f3c00e in xdebug_execute_internal () from /usr/lib64/php/modules/xdebug.so
#4  0x00000000005f5266 in ?? ()
#5  0x00000000005cc780 in execute ()
#6  0x00007f4813f3bcc7 in xdebug_execute () from /usr/lib64/php/modules/xdebug.so
#7  0x00000000005f4f66 in ?? ()
#8  0x00000000005cc780 in execute ()
#9  0x00007f4813f3bcc7 in xdebug_execute () from /usr/lib64/php/modules/xdebug.so
#10 0x00000000005f4f66 in ?? ()
#11 0x00000000005cc780 in execute ()
#12 0x00007f4813f3bcc7 in xdebug_execute () from /usr/lib64/php/modules/xdebug.so
#13 0x00000000005a6ebd in zend_execute_scripts ()
#14 0x0000000000555128 in php_execute_script ()
#15 0x0000000000630bf5 in ?? ()
#16 0x0000003c7ae1ecdd in __libc_start_main () from /lib64/libc.so.6
#17 0x0000000000421ea9 in _start ()

Please let me know if you need anything else. Your help is greatly appreciated.

Jon

@zenovich zenovich added a commit that referenced this issue Oct 27, 2012
@zenovich Replacing private and protected static properties with runkit_import …
…was corrected, a new test was added (#42)
d069e23
@zenovich
Owner

Thanks for the report. The issue has been fixed.

@zenovich
Owner
zenovich commented Nov 4, 2012

DeuceSeven, please recheck the latest master. Can I close the issue?

@DeuceSeven DeuceSeven closed this Nov 5, 2012
@DeuceSeven

This issue has been resolved. Thanks again for your help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment