Bug 892695 - $this becomes a non-object
$this becomes a non-object
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: php53 (Show other bugs)
5.10
All Linux
urgent Severity urgent
: rc
: ---
Assigned To: Web Stack Team
David Kutálek
: OtherQA
Depends On: 868375
Blocks: 921048 928849
  Show dependency treegraph
 
Reported: 2013-01-07 11:01 EST by Eric Rich
Modified: 2013-09-30 18:13 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 868375
Environment:
Last Closed: 2013-09-30 18:13:24 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
PHP Bug Tracker 50027 None None None Never

  None (edit)
Description Eric Rich 2013-01-07 11:01:25 EST
+++ This bug was initially created as a clone of Bug #868375 +++

Description of problem:
Issue is described in detail at https://bugs.php.net/bug.php?id=50027

A comment from the PHP bug tracker describes in full:
------
We encountered this bug yesterday (we could reproduce it quite easily with our code, but unfortunately we cannot disclose it), debugged it, found out that it was due to the GC corrupting the std_object_handlers prototype and once we knew that, we checked with the svn repo and saw that that was fixed in r303016.

The corruption that happens is that the read_property field of std_object_handlers gets set to NULL, because the GC treated the handler as a zval.
------

The bug is already fixed upstream in PHP 5.3.4 but as far as I could determine from the release notes within the rpm it is not yet backported by Red Hat to 5.3.3.

Because the bug causes complete application failure it should be considered as potentially serious enough to warrant backport, or otherwise considered for inclusion in the next release.

Version-Release number of selected component (if applicable):
php-5.3.3-14.el6_3.x86_64

--- Additional comment from Remi Collet on 2012-10-22 02:34:53 EDT ---

I think this is the same issue than Bug #848186.

For now, I really cannot reproduce this issue, have you any simple reproducer script ?

--- Additional comment from Damien on 2012-10-22 06:08:37 EDT ---

> I think this is the same issue than Bug #848186.

Apologies for the duplicate if that's the case. Unfortunately that bug doesn't seem to be publicly accessible so I couldn't find it when searching.

> For now, I really cannot reproduce this issue, have you any simple reproducer script ?

There is not a simple test case I can share (yet). We are still working on this and I will try to provide if possible.

In the meantime we have verified that running 5.3.17 does not exhibit the errors - so there is definitely a bug fixed between php-5.3.3-14.el6_3.x86_64 and 5.3.17 (PHP Group stock version) responsible for the behaviour we found. 

Our analysis points to the mentioned 50027 PHP Group bug report (fix for this was applied in 5.3.4) but we are still working to confirm which exact 5.3.x release introduces the fix for the problem we observed to make absolutely certain that 50027 is the bug responsible for it.

Regardless though, the bug in 50027 exists and was fixed by PHP Group - do you consider the issue itself to be important enough to backport, because it causes application code to crash (PHP Group already identified and confirmed this to be the case).

Research suggests it to commonly occur when writing an application built on top of the Zend Framework (there is probably some sequence of functions it uses which trigger it), so that is probably the best starting point for trying to build a test case to reproduce the bug. If we manage to produce a simple reproducer script I will be happy to share it.

--- Additional comment from Joe Orton on 2012-10-23 10:46:59 EDT ---

An experimental test package is available here:

http://people.redhat.com/~jorton/.el6test/

which has the upstream patch for the Zend garbage collector applied.

Since we've been unable to reproduce this issue internally (thus far), we'd very much appreciate hearing the results of any testing with these packages.

Please leave a comment here when you have downloaded the packages from that location.

--- Additional comment from Damien on 2012-10-24 12:09:59 EDT ---

Thanks. Downloaded.

Tested with the package provided and the errors experienced previously (when using the standard 5.3.3-14) are confirmed fixed.

--- Additional comment from Jonathan Lewis on 2013-01-03 14:25:19 EST ---

Joe,

We believe we've identified this issue in some of our production servers...

I'm not seeing any reference that this has actually been release for RHEL, has it been released or is there a way to receive the patched RPM?  It appears that link above is no longer functional for recieving the patch...

(In reply to comment #4)
> An experimental test package is available here:
> http://people.redhat.com/~jorton/.el6test/

which has the upstream patch for
> the Zend garbage collector applied.

Since we've been unable to reproduce
> this issue internally (thus far), we'd very much appreciate hearing the
> results of any testing with these packages.

Please leave a comment here
> when you have downloaded the packages from that location.

--- Additional comment from Joe Orton on 2013-01-04 03:57:05 EST ---

Jonathan - if you contact Red Hat Support they should be able to get you the appropriate RPMs; explain this is a known issue and reference this bug number.   E-mail me if you need further assistance.
Comment 10 errata-xmlrpc 2013-09-30 18:13:24 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-1307.html

Note You need to log in before you can comment on or make changes to this bug.