Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:81477
Return-Path: <xinchen.h@zend.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 6279 invoked from network); 31 Jan 2015 10:15:56 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 31 Jan 2015 10:15:56 -0000
Authentication-Results: pb1.pair.com header.from=laruence@php.net; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=xinchen.h@zend.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain zend.com designates 209.85.215.43 as permitted sender)
X-PHP-List-Original-Sender: xinchen.h@zend.com
X-Host-Fingerprint: 209.85.215.43 mail-la0-f43.google.com  
Received: from [209.85.215.43] ([209.85.215.43:38294] helo=mail-la0-f43.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 25/D0-01805-B5BACC45 for <internals@lists.php.net>; Sat, 31 Jan 2015 05:15:55 -0500
Received: by mail-la0-f43.google.com with SMTP id q1so28154730lam.2
        for <internals@lists.php.net>; Sat, 31 Jan 2015 02:15:51 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc:content-type;
        bh=VgCvVjXtPOED6PYwNlVgEfz/ATGxeyhlDWt2lxQX3A8=;
        b=Rbt3rfrB35EjkAcNQhoPpfrVt7Zo1yACAF5LFkvgF5Eo0c+qi3NvZf87vuPHCuTTq+
         0qO36SDzcm15bG2YaQsegiSuLG5b99/Pce5+Nw6yusqSy3ztHTFtPzs+21S5NR800ICT
         FLmYluLrzRqzGx9Ivtm/PVEeEcrTkD+VvwsyitPlypR9yLvoeg333fLG2FStkNlf6JM+
         mtTw04YFxjcDpZ3DoR2PQoJ2pmaRgDrHD3pvdilDUhqWlQZNMVo459XKYXkSxJzysOws
         3DWzeBdCcY+vCsozclUvvG2dt59s8kYT3MBydWvXFwJSWU2+Ps20aRUG2muf7MBrOou9
         RfrQ==
X-Gm-Message-State: ALoCoQlgFqMod2TmdYEho53QaW5OPyyv6tGn/UMV5526l0wxMiqlJhwOcY4Pf5jBVPItQ1S8uTwN5/IWmkyYE/Yauy0NqokXsGqwzdCd5Y3Nlg9Wi3Fi/ETZJyOwCdQhouriT/sX0DalU/ELiZha8Y3PVtIEQ4OkLQ==
X-Received: by 10.112.167.136 with SMTP id zo8mr10570991lbb.17.1422699351551;
        Sat, 31 Jan 2015 02:15:51 -0800 (PST)
Received: from mail-la0-f48.google.com (mail-la0-f48.google.com. [209.85.215.48])
        by mx.google.com with ESMTPSA id q9sm3236576lbo.29.2015.01.31.02.15.50
        for <internals@lists.php.net>
        (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
        Sat, 31 Jan 2015 02:15:50 -0800 (PST)
Received: by mail-la0-f48.google.com with SMTP id pv20so28033306lab.7
        for <internals@lists.php.net>; Sat, 31 Jan 2015 02:15:49 -0800 (PST)
X-Received: by 10.152.10.4 with SMTP id e4mr10593491lab.62.1422699349613; Sat,
 31 Jan 2015 02:15:49 -0800 (PST)
MIME-Version: 1.0
Received: by 10.114.28.193 with HTTP; Sat, 31 Jan 2015 02:15:29 -0800 (PST)
In-Reply-To: <54CC8115.20705@lerdorf.com>
References: <54CC625E.8030802@lerdorf.com> <CALJZF3gcNP_9Xq-hO74GD2N89E8fSf32asn2D6z5BVgH2UzCwA@mail.gmail.com>
 <54CC8115.20705@lerdorf.com>
Date: Sat, 31 Jan 2015 18:15:29 +0800
Message-ID: <CABBJUpe-Fj687crHyniinfE4NPuuJBrShqKAivEK_oXHKD3p-g@mail.gmail.com>
To: Rasmus Lerdorf <rasmus@lerdorf.com>
Cc: Michael Wallner <mike@php.net>, PHP Internals <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] Magic getter bug tickled by Moodle
From: laruence@php.net (Xinchen Hui)

Hey:

On Sat, Jan 31, 2015 at 3:15 PM, Rasmus Lerdorf <rasmus@lerdorf.com> wrote:
> On 01/30/2015 11:13 PM, Michael Wallner wrote:
>>
>> On 31 Jan 2015 06:04, "Rasmus Lerdorf" <rasmus@lerdorf.com
>> <mailto:rasmus@lerdorf.com>> wrote:
>>>
>>> There is something weird going on with PHP7 and the moodle_page class
>>> and all its magic methods. It dies with a:
>>>
>>> /var/www/moodle/blocks/navigation/block_navigation.php(223) : Notice -
>>> Undefined property: moodle_page::$navigation
>>> /var/www/moodle/blocks/navigation/block_navigation.php(223) : Fatal
>>> error - __clone method called on non-object
>>>
>>> That code is:
>>>
>>> 222   $this->page->navigation->initialise();
>>> 223   return clone($this->page->navigation);
>>>
>>> See:
>>>
>> https://github.com/moodle/moodle/blob/master/blocks/navigation/block_navigation.php#L222-L223
>>>
>>> $this->page_navigation is created on that initial call through the
>>> wonders of this magic:
>>>
>>> https://github.com/moodle/moodle/blob/master/lib/pagelib.php#L757-L772
>>>
>>> Which somehow leads us to read 8 bytes in a free'ed block:
>>>
>>> https://gist.github.com/anonymous/f9d1f53b1205d29d86cc
>>>
>>> but I am not having much luck dwindling it down to a simpler reproduce
>>> case. If you know this code or have a couple of hours to spare, could
>>> you see if you could reduce it to something more manageable for us?
>>>
>>> (and yes, same code is fine in 5.6)
>>>
>>
>> Here's a similar bug,  too: https://bugs.php.net/bug.php?id=68933&edit=1
>
> Ah, good catch. Yes,
> https://gist.github.com/arjenschol/3d94195ca51aa44db1c6 looks like a
> similar pattern to what Moodle is doing in that part of the code that
> seems to trigger this.
must be fixed,
https://github.com/php/php-src/commit/1a60175e2595a24ebc3b6d80a112d574c6c98f58

thanks
>
> -Rasmus
>



-- 
Xinchen Hui
@Laruence
http://www.laruence.com/