PHP :: Bug #14161 :: segfault after strange code

Bug #14161	segfault after strange code
Submitted:	2001-11-21 10:08 UTC	Modified:	2002-08-13 23:32 UTC
From:	hegyvari at ardents dot hu	Assigned:
Status:	Closed	Package:	Scripting Engine problem
PHP Version:	4.0.6	OS:	Redhat 6.2
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	hegyvari at ardents dot hu
New email:
PHP Version:		OS:

New Comment:

[2001-11-21 10:08 UTC] hegyvari at ardents dot hu

<?
$str='1,2,3,4,5,6,7,8,9';
echo $str[0][NO];
echo $str[0][NO];
echo $str[0][NO];
echo $str[0][NO];
echo $str[0][NO];
echo $str[0][NO];
echo $str[0][NO];
echo "end.";
?>

check http://mail.ardents.hu:701/info.php3 for a phpinfo();

This piece of code causes Apache to segfault. It is a distilled version, the original error was a typo inside a complex function, hidden inside a loop. It took more than a day to find. PHP4.0.5 produced the same result.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-11-21 10:10 UTC] hegyvari at ardents dot hu

Forgot to mention, that the code finishes, that is the "end" string appears in the browser. You have to check the apache error log to see the segfault. Of course if this type of code is in a function, the script will die inside the function.

[2001-11-21 10:12 UTC] mj@php.net

FYI: I get "access denied" when accessing http://mail.ardents.hu:701/info.php3.

[2001-11-21 10:18 UTC] mfischer@php.net

Reproduced with 4.0.6 (crash) and reported memory leak with current CVS:

mfischer@debian:~/src/php/bugtest$ php -f 14161.php
end../zend_execute.c(1962) :  Freeing 0x082FC3E4 (3 bytes), script=14161.php
zend_variables.c(106) : Actual location (location was relayed)
Last leak repeated 6 times


Reclassifying this as a ZE problem.

[2001-11-21 10:18 UTC] hegyvari at ardents dot hu

It works here, is that dot at the end of php3 really there?

The configuration is PHP4.0.6 compiled with:

 './configure' '--with-oci8' '--with-apache=/coca/install/apache_1.3.22/' '--enable-sigchild' '--enable-track-vars' '--with-mysql' '--with-pgsql=/usr/local/pgsql'

[2001-12-14 13:27 UTC] yohgaki@php.net

It does not crash with 4.1.0 CVS.
Is there something special to make PHP crash?
Could you try 4.1.0?

[2001-12-14 14:06 UTC] mfischer@php.net

As I said, it doesn't crash but it leaks:

mfischer@ficken:~/src/php/bugtest$ php -f 14161.php
end.
./zend_execute.c(1962) :  Freeing 0x082E0B64 (3 bytes), script=14161.php
zend_variables.c(106) : Actual location (location was relayed)
mfischer@ficken:~/src/php/bugtest$ cat 14161.php
<?
        #$str='1,2,3,4,5,6,7,8,9';
        $str = '';
        echo $str[0][NO];
        echo "end.";
?>

mfischer@ficken:~/src/php/bugtest$ php -f 14161.php
end.
./zend_execute.c(1962) :  Freeing 0x082E0B64 (3 bytes), script=14161.php
zend_variables.c(106) : Actual location (location was relayed)

[2002-01-05 16:49 UTC] lobbin@php.net

Any updates on this?

[2002-01-26 05:34 UTC] sander@php.net

Reopened.

[2002-08-13 23:32 UTC] kalowsky@php.net

This bug has been fixed in CVS. You can grab a snapshot of the
CVS version at http://snaps.php.net/. In case this was a documentation 
problem, the fix will show up soon at http://www.php.net/manual/.
In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites.
Thank you for the report, and for helping us make PHP better.

I think this has been fixed in CVS... give it a try.  If I'm wrong, re-open it.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue May 06 09:01:28 2025 UTC