Midgard reflection of user_values causes segfault on missing values

[bergie]

<?php
$reflector = new midgard_reflection_class('midgard_snippet');
echo $reflector->get_user_value('typeof');
?>

causes:

#0  __strlen_sse2 () at ../sysdeps/i386/i686/multiarch/strlen.S:99
No locals.
#1  0x00b717ee in ?? () from /usr/lib/php5/20090626+lfs/midgard2.so
No symbol table info available.
#2  0x083600fa in zend_do_fcall_common_helper_SPEC (execute_data=0x916ff9c)
   at /build/buildd/php5-5.3.3/Zend/zend_vm_execute.h:316
       opline = 0x9170aa0
       should_change_scope = 1 '\001'
#3  0x08336bbe in execute (op_array=0x9170598)
   at /build/buildd/php5-5.3.3/Zend/zend_vm_execute.h:107
       ret = 0
       execute_data = 0x91a2124
       nested = 0 '\000'
       original_in_execution = 0 '\000'
       op_array = 0x0
#4  0x0830ccb6 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
   at /build/buildd/php5-5.3.3/Zend/zend.c:1266
       i = 1
       file_handle = 0x9170598
       orig_op_array = 0x0
       orig_retval_ptr_ptr = 0x0
#5  0x082b1434 in php_execute_script (primary_file=0xbffff314)
   at /build/buildd/php5-5.3.3/main/main.c:2288
       realfile =
"/home/bergie/Projects/MidgardMVC/midgardmvc_ui_create/test.php\000\000S\000\000\000\260mv\000\370\263x\000\177lv\000\212ov\000v\222\021\000X\000\000\000\220\222c\000`e\376\267\300\263x\000\377\377\377\377\364\317\022\000\324\244\031\000v\222\021\000\222(d\000\353\267\031\000`\204\376\267
A\376\267\320@\376\267\002\000\000\000
\360\021\000)\244\031\000(e\376\267\364\317\022\000\000\033c\000\021\000\000\000d\341\377\277D\230\021\000\366\256\027\000Z\222\021\000\222(d\000\353\267\031\000\364\237x\000\021\000\000^\364/\031\000l\351\377\277m\351\377\277\030\341\377\277\260\260\027\000\f\341\377\277\304\b\031\000\370{\204\b\000\000\000\000\210\355\377\277\035y\030\000l\351\377\277\272\b\031\000\064\000\000\000\250\202\376\267\021\000\000\000\000\000\000\000\001\000\000\000d\000\000\000\320@\376\267g"...
       __orig_bailout = 0xbffff12c
       __bailout = {{__jmpbuf = {142121328, 1, 142247552, -1073745848,
             -690350716, 2137154795}, __mask_was_saved = 0,
           __saved_mask = {__val = 0xbfffdf14}}}
       prepend_file_p = 0x0
       append_file_p = 0x0
       prepend_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0,
         opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {
---Type <return> to continue, or q <return> to quit---
             handle = 0x0, isatty = 0, mmap = {len = <unknown type>,
               pos = <unknown type>, map = 0x0, buf = 0x0,
               old_handle = 0x0, old_closer = 0}, reader = 0, fsizer = 0,
             closer = 0}}, free_filename = 0 '\000'}
       append_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0,
         opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {
             handle = 0x0, isatty = 0, mmap = {len = <unknown type>,
               pos = <unknown type>, map = 0x0, buf = 0x0,
               old_handle = 0x0, old_closer = 0}, reader = 0, fsizer = 0,
             closer = 0}}, free_filename = 0 '\000'}
       retval = 0
       primary_file = 0xbffff314
#6  0x083a3d9b in main (argc=2, argv=0xbffff454)
   at /build/buildd/php5-5.3.3/sapi/cli/php_cli.c:1196
       __bailout = {{__jmpbuf = {-1073744149, -1073742885, -1073742847,
             -1073742831, -1073742745, -1073742695},
           __mask_was_saved = -1073742684, __saved_mask = {
             __val = 0xbffff484}}}
       exit_status = 1735550306
       c = 0
       file_handle = {type = 943141681,
         filename = 0x30312e32 <Address 0x30312e32 out of bounds>,
         opened_path = 0x34373835 <Address 0x34373835 out of bounds>,
         handle = {fd = 808925485, fp = 0x3037392d, stream = {
             handle = 0x3037392d, isatty = 875837492, mmap = {
               len = <unknown type>, pos = <unknown type>,
               map = 0x3d444957,
               buf = 0x30333137 <Address 0x30333137 out of bounds>,
               old_handle = 0x31373133, old_closer = 0x4f4e4700},
             reader = 0x4b5f454d, fsizer = 0x49525945,
             closer = 0x435f474e}}, free_filename = 79 'O'}
       behavior = 1
       reflection_what = 0x2 <Address 0x2 out of bounds>
       orig_optind = 0
       orig_optarg = 0xbffff5e3 "ORBIT_SOCKETDIR=/tmp/orbit-bergie"
       arg_excp = 0xbffff458
       script_file = 0xbffff5da "test.php"
       interactive = 1174208
       module_started = 1028801875
       request_started = 1426089324
       lineno = 1969516397
       exec_direct = 0x646c0b "\201\303\351\063\024"
---Type <return> to continue, or q <return> to quit---
       exec_run = 0x83a2270
"U\211\345\203\344\360WVS\350\266\003\315\377\201\303\362v>"
       exec_begin = 0x8066c80
"1\355^\211\341\203\344\360PTRh0N:\bh@N:\bQVhp\":\b\350\253\343\377\377\364\220\220\220\220\220\220\220\220\220\220\220\220\220\220U\211\345S\203\354\004\200=`\033y\b"
       exec_end = 0x0
       hide_argv = 0
       ini_entries_len = -2103063241

Note that

<?php
$reflector = new midgard_reflection_class('midgard_person');
echo $reflector->get_user_value('typeof');
?>

works because there is a user_value set for this type.

[piotras]

Proposed patch:

diff --git a/php_reflection_workaround.c b/php_reflection_workaround.c
index 9fb2fc7..bb8b03f 100644
--- a/php_reflection_workaround.c
+++ b/php_reflection_workaround.c
@@ -315,6 +315,9 @@ static PHP_METHOD(php_midgard_reflection_class, get_user_value)
const gchar *value = midgard_reflector_object_get_schema_value(Z_STRVAL_P(class_name), field_name);
zval_ptr_dtor(&class_name);

•   if (!value)
  

•           RETURN_NULL();  
  

  • RETURN_STRING(value, 1);
    }

[indeyets]

was fixed by piotras