Home Original page

"unset($this)" can make the program crash

Bug #68370 "unset($this)" can make the program crash
Submitted: 2014-11-07 09:06 UTC Modified: 2014-11-10 04:44 UTC
From: drewparoski at gmail dot com Assigned: laruence (profile)
Status: Closed Package: Reproducible crash
PHP Version: 5.6.2 OS: CentOS Linux 6.3
Private report: No CVE-ID: None

 [2014-11-07 09:06 UTC] drewparoski at gmail dot com

Description:
------------
Doing "unset($this);" inside a non-static method can make the program crash.

I provided an example that crashes on PHP 5.3.0 - 5.6.2.

Test script:
---------------
<?php
class C {
  public function test() {
    unset($this);
    return get_defined_vars();
  }
}
$c = new C();
$x = $c->test();
unset($c, $x);
echo "Done\n";

Expected result:
----------------
Done

Actual result:
--------------
Segmentation fault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

 [2014-11-08 07:16 UTC] drewparoski at gmail dot com

-Status: Feedback +Status: Open

 [2014-11-08 07:16 UTC] drewparoski at gmail dot com

Backtrace (PHP 5.5.8):

#0  0x00000000006dcc11 in gc_zval_possible_root (zv=0x7ffff7fd9b70)
    at /home/user/php-5.5.8/Zend/zend_gc.c:143
#1  0x00000000006ca03b in zend_hash_destroy (ht=0x7ffff7fdd288)
    at /home/user/php-5.5.8/Zend/zend_hash.c:560
#2  0x00000000006bbccb in _zval_dtor_func (zvalue=0x7ffff7fd9b10)
    at /home/user/php-5.5.8/Zend/zend_variables.c:45
#3  0x00000000006ae170 in _zval_dtor (zvalue=0x7ffff7fd9b10)
    at /home/user/php-5.5.8/Zend/zend_variables.h:35
#4  i_zval_ptr_dtor (zval_ptr=0x7ffff7fd9b10)
    at /home/user/php-5.5.8/Zend/zend_execute.h:81
#5  _zval_ptr_dtor (zval_ptr=<optimized out>)
    at /home/user/php-5.5.8/Zend/zend_execute_API.c:426
#6  0x00000000006cbe4c in zend_hash_del_key_or_index (
    ht=0xdd9d28 <executor_globals+360>, arKey=<optimized out>,
    nKeyLength=<optimized out>, h=<optimized out>, flag=<optimized out>)
    at /home/user/php-5.5.8/Zend/zend_hash.c:532
#7  0x00000000006ad9ae in zend_delete_variable (ex=0x0,
    ht=0xdd9d28 <executor_globals+360>, name=0x7ffff7ec91b8 "x", name_len=2,
    hash_value=5863869)
    at /home/user/php-5.5.8/Zend/zend_execute_API.c:1687
#8  0x000000000073d5ef in ZEND_UNSET_VAR_SPEC_CV_UNUSED_HANDLER (
    execute_data=0x7ffff7fa6160)
    at /home/user/php-5.5.8/Zend/zend_vm_execute.h:38539home/user
#9  0x000000000072ff50 in execute_ex (execute_data=0x7ffff7fa6160)
    at /home/user/php-5.5.8/Zend/zend_vm_execute.h:363
#10 0x00000000006bbff9 in zend_execute_scripts (type=8, retval=0x0,
    file_count=3) at /home/user/php-5.5.8/Zend/zend.c:1316
#11 0x000000000065dde9 in php_execute_script (primary_file=0x7fffffffddc0)
    at /home/user/php-5.5.8/main/main.c:2506
#12 0x000000000076c7ec in do_cli (argc=2, argv=0xddc090)
    at /home/user/php-5.5.8/sapi/cli/php_cli.c:994
#13 0x000000000076cf88 in main (argc=2, argv=0xddc090)
    at /home/user/php-5.5.8/sapi/cli/php_cli.c:1378

 [2014-12-23 06:08 UTC] jaydeep dot ghosh at floretmedia dot org

unset($c, $x);
what this line means , i have no idea. can anyone help me out wid this.