PHP :: Bug #24658 :: class hints with array

Bug #24658

class hints with array_walk() causing crash

Submitted:

2003-07-15 01:09 UTC

Modified:

2003-08-04 03:46 UTC

Votes:	1
Avg. Score:	4.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

eric at cosky dot com

Assigned:

Status:

Closed

Package:

Scripting Engine problem

PHP Version:

5CVS-20030718

OS:

irrelevant

Private report:

CVE-ID:

None

View Add Comment Developer Edit

[2003-07-15 01:09 UTC] eric at cosky dot com

Description:
------------
The following code crashes my install of PHP from July 13, 2003. Removing the class hint in BoomWalker eliminates the crash.

Reproduce code:
---------------
class SomeClass {}
class CrashClass {
	function Boom()
	{
		$a = array( 0,1,2 );
		array_walk(&$a, "BoomWalker", &$this);
	}
}
function BoomWalker(SomeClass &$arrayItem, &$key, &$crashObj) {}
$c = new CrashClass;
$c->Boom();


Expected result:
----------------
Nothing.

Actual result:
--------------
System alert for PHP crashing.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-07-18 00:08 UTC] sniper@php.net

Backtrace:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (runnable)]
0x817b4fc in zend_assign_to_variable_reference (result=0x4029dee0, variable_ptr_ptr=0x4029a940, 
    value_ptr_ptr=0x4028f9d8, Ts=0x0) at /usr/src/web/php/php5/Zend/zend_execute.c:238
238                     T(result->u.var).var.ptr_ptr = variable_ptr_ptr;
(gdb) bt
#0  0x817b4fc in zend_assign_to_variable_reference (result=0x4029dee0, variable_ptr_ptr=0x4029a940, 
    value_ptr_ptr=0x4028f9d8, Ts=0x0) at /usr/src/web/php/php5/Zend/zend_execute.c:238
#1  0x8197be9 in zend_recv_handler (execute_data=0xbfffccec, op_array=0x8244858)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2988
#2  0x817e77e in execute (op_array=0x8244858) at /usr/src/web/php/php5/Zend/zend_execute.c:1194
#3  0x815c0f1 in fast_call_user_function (function_table=0x81e9c78, object_pp=0x0, function_name=0x4029cec4, 
    retval_ptr_ptr=0xbfffce44, param_count=3, params=0xbfffce5c, no_separation=0, symbol_table=0x0, 
    function_pointer=0x81e516c) at /usr/src/web/php/php5/Zend/zend_execute_API.c:693
#4  0x80cc434 in php_array_walk (target_hash=0x4029cd1c, userdata=0x4028f9cc, recursive=0)
    at /usr/src/web/php/php5/ext/standard/array.c:990
#5  0x80cc5ff in zif_array_walk (ht=3, return_value=0x4029cf24, this_ptr=0x0, return_value_used=0)
    at /usr/src/web/php/php5/ext/standard/array.c:1045
#6  0x8195cdf in zend_do_fcall_common_helper (execute_data=0xbfffd03c, op_array=0x4029dc84)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2634
#7  0x8196384 in zend_do_fcall_handler (execute_data=0xbfffd03c, op_array=0x4029dc84)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2763
#8  0x817e77e in execute (op_array=0x4029dc84) at /usr/src/web/php/php5/Zend/zend_execute.c:1194
#9  0x8195dd1 in zend_do_fcall_common_helper (execute_data=0xbfffd28c, op_array=0x4029a8b4)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2661
#10 0x8196128 in zend_do_fcall_by_name_handler (execute_data=0xbfffd28c, op_array=0x4029a8b4)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2732
#11 0x817e77e in execute (op_array=0x4029a8b4) at /usr/src/web/php/php5/Zend/zend_execute.c:1194
#12 0x816589f in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/web/php/php5/Zend/zend.c:1017
#13 0x8133255 in php_execute_script (primary_file=0xbffff628) at /usr/src/web/php/php5/main/main.c:1695
#14 0x81a1614 in main (argc=2, argv=0xbffff694) at /usr/src/web/php/php5/sapi/cli/php_cli.c:910
#15 0x401b19cb in __libc_start_main (main=0x81a099c <main>, argc=2, argv=0xbffff694, init=0x806a744 <_init>, 
    fini=0x81a1fe4 <_fini>, rtld_fini=0x4000aea0 <_dl_fini>, stack_end=0xbffff68c)
    at ../sysdeps/generic/libc-start.c:92

[2003-08-04 03:46 UTC] zeev@php.net

This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun May 12 18:01:31 2024 UTC