Mantis - Quercus
Viewing Issue Advanced Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
5932 major always 08-03-15 09:50 01-05-16 12:18
Reporter: tobia Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: new Product Version: 4.0.36  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
Summary: 0005932: NPE when including a newly created file
Description: Create a new file, output some PHP code to it, which will try to access some variables from $this, then include it. This is what is done by many templating libraries, for instance Dwoo.

Expected results: the included code is run in the current environment, including a functional $this pointer.

Actual results: NPE in ThisFieldExpr.init(ThisFieldExpr.java:89)

See sample code.

If the file was created in a different request, it works.
Steps To Reproduce:
Additional Information:
Relationships
Attached Files:  test2.php [^] (224 bytes) 08-03-15 09:50

Notes
(0006646)
tobia   
08-04-15 08:26   
As a followup, I ran a bisect and found out that the bug was introduced between 4.0.38 and 4.0.39, in particular between r10174 and r10175. Therefore the bug was introduced as part of r10175, "quercus initial refactor of private methods/fields".

The problem seems to happen when a file that was just created (e.g. using "file_put_contents") is included (using "include") from inside a class method and the included file uses "$this". This is commonly used by templating engines, which fail to run under recent Quercus versions (since january 2014.)

If the included file is already present in the filesystem, the include seems to work.

When it fails (see attached test script, which fails every time) the problem is that the parser creates ThisExpr with _classDef = null and this causes a NPE later on when ThisFieldExpr.eval is called.

Here is the stacktrace of the creation, where the parses passes null (line numbers are relative to r10175):

ThisExpr.<init>(InterpretedClassDef) line: 51
ExprFactory.createThis(InterpretedClassDef) line: 240
QuercusParser.parseVariable() line: 3921
...

I haven't been able to find a workaround.
(0006658)
tobia   
10-26-15 05:02   
I have run into this bug again: another way to trigger it is to put an eval() in a class constructor and have the evaluated code try to use $this to call a method on the object being constructed.

It's an intermittent or "cold" bug, meaning that after a while it goes away on its own. But a servlet restart brings it up again.
(0006670)
am-immanuel   
01-05-16 12:18   
Please check, whether https://github.com/am-immanuel/quercus/releases/tag/4.0.47 [^] fixes this issue. Then I can provide a minimal patch for fixing this bug.