PHP :: Bug #27439 :: Segfault in CVS

Bug #27439

Segfault in CVS

Submitted:

2004-02-29 11:16 UTC

Modified:

2004-03-03 18:28 UTC

Votes:	2
Avg. Score:	5.0 ± 0.0
Reproduced:	2 of 2 (100.0%)
Same Version:	1 (50.0%)
Same OS:	1 (50.0%)

From:

kase at gmx dot net

Assigned:

andi (profile)

Status:

Closed

Package:

Scripting Engine problem

PHP Version:

5CVS-2004-02-29 (dev)

OS:

all

Private report:

CVE-ID:

None

View Developer Edit

[2004-02-29 11:16 UTC] kase at gmx dot net

Description:
------------
I get a segfault with this script:



Reproduce code:
---------------
<?php
class test {
    public function start() {
        foreach ( $this->array as $foo ) {
            $foo->any_method();
        }
    }
}
$test = new test();
$test->start();
?>

Expected result:
----------------
If $this->array is an array with objects, the method any_method() should be called on $foo. (works well)

If $this->array is an array with strings, int, ..., php should display an error. (works well) (Fatal error: Call to a member function any_method() on a non-object in /var/www/legendz/web/test/test.php5 on line 5 )

If $this->array is an empty array, nothing should happen. (but php crashes)

Actual result:
--------------
(gdb) bt
#0  0x082128b4 in zend_fetch_obj_w_handler (execute_data=0xbfffd840,
    opline=0x404e9518, op_array=0x404dd7d4)
    at /home/kase/php5-200402271430/Zend/zend_execute.c:2044
#1  0x08210be0 in execute (op_array=0x404dd7d4)
    at /home/kase/php5-200402271430/Zend/zend_execute.c:1339
#2  0x082143c9 in zend_do_fcall_common_helper (execute_data=0xbfffd9f0,
    opline=0x404e84dc, op_array=0x404dd018)
    at /home/kase/php5-200402271430/Zend/zend_execute.c:2675
#3  0x082147f6 in zend_do_fcall_by_name_handler (execute_data=0xbfffd9f0,
    opline=0x404e84dc, op_array=0x404dd018)
    at /home/kase/php5-200402271430/Zend/zend_execute.c:2757
#4  0x08210be0 in execute (op_array=0x404dd018)
    at /home/kase/php5-200402271430/Zend/zend_execute.c:1339
#5  0x081f0289 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/kase/php5-200402271430/Zend/zend.c:1041
#6  0x081b0a13 in php_execute_script (primary_file=0xbffffd48)
    at /home/kase/php5-200402271430/main/main.c:1650
#7  0x0821d16c in main (argc=2, argv=0xbffffde4)
    at /home/kase/php5-200402271430/sapi/cgi/cgi_main.c:1573

Patches

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-03-01 06:41 UTC] reiersol at online dot no

In my code, it crashes even if it's an array of strings. Copying the array first seems to make it work.

[2004-03-01 13:39 UTC] kase at gmx dot net

Yes, it will also crashes, if it is an array of strings, sorry. I don?t know anymore, how I modified my code yesterday, to get this error output.

Today, i found another class, that crashes with segfault in a foreach. This time, it is an array of _correct_ objects, but it crashes, too. The backtrace of this crash is very similar. I don`t have a short reproduce code yet.

[2004-03-03 18:28 UTC] pajoye@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Mon Aug 19 20:01:28 2024 UTC