php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #50611 Segfault when trying $var =& $non_array_var[some_index]
Submitted: 2009-12-30 08:30 UTC Modified: 2009-12-30 08:50 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:2 (66.7%)
Same OS:2 (66.7%)
From: an0nym at narod dot ru Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 5.3.1, 5.3.0, 5.2.10 OS: FreeBSD 7.2-RELEASE-p3 etc
Private report: No CVE-ID: None
View Developer Edit
 [2009-12-30 08:30 UTC] an0nym at narod dot ru 
Description:
------------
Segmentation fault occurs when trying to assign a var to a reference onto some index of a string variable. (I know it's dumb, but no segfault should occur, but a Fatal error: ...)

Reproduce code:
---------------
<?php
$value1 = 'foobar';
$value2 = &$value1[0];

Expected result:
----------------
Fatal Error

Actual result:
--------------
Segmentation Fault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-12-30 08:35 UTC] mikhail dot v dot gavrilov at gmail dot com 
Can confirm this.
OS: (Windows 2003 SP2 || Windows XP SP3) && PHP 5.3.1 NTS VC6
 [2009-12-30 08:45 UTC] an0nym at narod dot ru 
Segfault occurs on 
Windows 2003/XP, PHP 5.3.1, NTS, VC6, FastCGI
Debian, PHP 5.3.0-3
FreeBSD, PHP 5.2.10
FreeBSD, PHP 5.3.1

Fatal error occurs on
Ubuntu 6.3, PHP 5.2.10-2
FreeBSD, PHP 5.2.9
FreeBSD, PHP 5.2.6
FreeBSD, PHP 5.2.11
 [2009-12-30 08:49 UTC] akrus at flygroup dot st 
Also can confirm this. Tried to debug with gdb under FreeBSD with php 5.3.1:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x29f01040 (LWP 100325)]
0x0841c6de in ZEND_FETCH_DIM_W_SPEC_CV_CONST_HANDLER (execute_data=0x2e203020) at zend_vm_execute.h:23571
23571                   Z_DELREF_PP(EX_T(opline->result.u.var).var.ptr_ptr);
(gdb) bt full
#0  0x0841c6de in ZEND_FETCH_DIM_W_SPEC_CV_CONST_HANDLER (execute_data=0x2e203020) at zend_vm_execute.h:23571
        opline = (zend_op *) 0x29f21e4c
        container = Variable "container" is not available.
 [2009-12-30 08:50 UTC] jani@php.net 
Already fixed in 5.3.2RC1 and 5.2.12 (or at least 5.2.13-dev :)

Fatal error: Cannot create references to/from string offsets nor overloaded objects in /home/jani/t.php on line 4
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Jul 10 19:01:34 2025 UTC