php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #24729 $obj = new $className; causes crash when $className is not set
Submitted: 2003-07-20 14:58 UTC Modified: 2003-07-20 15:46 UTC
From: proton at fangen dot net Assigned: helly (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 5CVS-2003-07-20 (dev) OS: *
Private report: No CVE-ID: None
 [2003-07-20 14:58 UTC] proton at fangen dot net
Description:
------------
Apache 2.0 / PHP 5-cvs crashes on Windows XP when trying to execute the following code if $className is not defined before it is used:

Reproduce code:
---------------
$c = new $className('whatever');

Expected result:
----------------
Fatal Error: Class '' was not found, or something like that


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-07-20 15:21 UTC] derick@php.net
Reproduced, this is the backtrace (the error message IS shown first though):

#0  0x08280b67 in zend_str_tolower_copy (
---Type <return> to continue, or q <return> to quit---
    dest=0x84351ec "Z\204?\217*?\217*ZZZZZZZZA", source=0x0, length=0)
    at /dat/dev/php/php-5.0.0dev/Zend/zend_operators.c:1655
1655		*result = *end;
(gdb) bt
#0  0x08280b67 in zend_str_tolower_copy (
    dest=0x84351ec "Z\204?\217*?\217*ZZZZZZZZA", source=0x0, length=0)
    at /dat/dev/php/php-5.0.0dev/Zend/zend_operators.c:1655
#1  0x082a4d1f in zend_str_tolower_dup (source=0x0, length=0)
    at /dat/dev/php/php-5.0.0dev/Zend/zend_operators.h:206
#2  0x0829ff9f in zend_fetch_class_handler (execute_data=0xbfffd0e0, 
    op_array=0x842f80c) at /dat/dev/php/php-5.0.0dev/Zend/zend_execute.c:2374
#3  0x0829c66a in execute (op_array=0x842f80c)
    at /dat/dev/php/php-5.0.0dev/Zend/zend_execute.c:1252
#4  0x408166d2 in xdebug_execute (op_array=0x842f80c)
    at /dat/dev/php/xdebug/xdebug.c:766
#5  0x0828382b in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /dat/dev/php/php-5.0.0dev/Zend/zend.c:1017
#6  0x08249b2c in php_execute_script (primary_file=0xbffff930)
    at /dat/dev/php/php-5.0.0dev/main/main.c:1695
#7  0x082aeea8 in main (argc=1, argv=0xbffff9d4)
    at /dat/dev/php/php-5.0.0dev/sapi/cli/php_cli.c:910
#8  0x406b4306 in __libc_start_main (main=0x82ae368 <main>, argc=1, 
    ubp_av=0xbffff9d4, init=0x808663c <_init>, fini=0x82afb10 <_fini>, 
    rtld_fini=0x4000d2dc <_dl_fini>, stack_end=0xbffff9cc)
    at ../sysdeps/generic/libc-start.c:129

 [2003-07-20 15:46 UTC] helly@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 09:01:32 2024 UTC