PHP :: Bug #26487 :: crash on .= assign to a non-existent array element

Bug #26487	crash on .= assign to a non-existent array element
Submitted:	2003-12-01 08:53 UTC	Modified:	2003-12-02 05:39 UTC
From:	friosa at pnpitalia dot it	Assigned:
Status:	Not a bug	Package:	Reproducible crash
PHP Version:	5.0.0b2 (beta2)	OS:	athlon suse linux 9
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	friosa at pnpitalia dot it
New email:
PHP Version:		OS:

New Comment:

[2003-12-01 08:53 UTC] friosa at pnpitalia dot it

Description:
------------
crash on := assign to a non-existent array element
php 5.00 (beta2)
php 5.00 (200311291630)

hope that the example i easy enough, i'm not in condition now to put here a back trace sorry :( i will try it later.

./configure
--prefix=/usr/local
--with-config-file-path=/etc/php5.ini
--disable-posix
--disable-session
--disable-tokenizer
--without-sqlite
--disable-cgi
--disable-shared
--enable-shared=no
--with-mysql
--with-mysql-sock=/var/lib/mysql/mysql.sock
--with-informix=/opt/informix
--with-libxml-dir=/pnp
--with-dom=/pnp
--with-dom-xslt=/pnp
--with-dom-exslt=/pnp
--enable-simplexml
--enable-pcntl
--enable-sigchild
--enable-mime-magic
--with-gnu-ld
--with-pcre-regex
--enable-ftp

[PHP Modules]
ctype
dom
ftp
informix
libxml
mysql
pcntl
pcre
simplexml
standard
xml

[Zend Modules]


Reproduce code:
---------------
#! /usr/local/bin/php
# try.php
<?php
$ar = array();
$ar[0] .= "pluto";
?>

./try.php
Segmentation fault



Expected result:
----------------
$ar[0] == "pluto";
OR
an error displayed

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-12-01 11:45 UTC] sniper@php.net

Can you please try adding 'error_reporting(0);' as first line in your script to see if the crash happens in the error output function.

[2003-12-01 12:24 UTC] friosa at pnpitalia dot it

Still the same result, I've tryed also something else ..
I suggest the problem is with ".=" operator 

./configure \
--enable-debug \
--prefix=/INSTALL/php_latest2 \
--with-config-file-path=/etc/php5.ini \
--disable-cgi \
make && make install

./bin/php try1.php
<?
$ar = array('a');
$ar[0] .= 'b';
?>
Segmentation fault (core dumped)

./bin/php try2.php ... still the same

<?
$ar = array('a');
$ar[0] = $ar[0]  . 'b';
$ar[0] = 'ab';
echo "ok";
?>

[2003-12-01 12:36 UTC] sniper@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip

[2003-12-01 13:01 UTC] friosa at pnpitalia dot it

downloaded and compiled with minimum requirements

./bin/php try1.php ; ./bin/php try2.php ; ./bin/php try3.php
Segmentation fault (core dumped)
Segmentation fault (core dumped)
ok

[2003-12-01 13:37 UTC] sniper@php.net

Try this:

# rm config.cache
# ./configure --disable-all --disable-cgi --enable-debug
# make clean && make
# sapi/cli/php try.php

[2003-12-01 13:59 UTC] friosa at pnpitalia dot it

sapi/cli/php ../try1.php ; sapi/cli/php ../try2.php ; sapi/cli/php ../try3.php
Segmentation fault
Segmentation fault
ok

I've tryed with php 4.3.4 (compiled with the previous options) and it work fine
... and gdm still don't help me

[2003-12-02 00:03 UTC] sniper@php.net

What gcc version are you using? And bison? flex?

[2003-12-02 03:44 UTC] friosa at pnpitalia dot it

LD_LIBRARY_PATH=$INFORMIXDIR/lib/dmi:$INFORMIXDIR/lib:$INFORMIXDIR/lib/esql:$INFORMIXDIR/incl/tools:$INFORMIXDIR/incl/esql
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=k6 -O6 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=k6 -O6 -pipe -fomit-frame-pointer"

# gcc --version
gcc (GCC) 3.3.1 (SuSE Linux)

# bison --version
bison (GNU Bison) 1.75
Scritto da Robert Corbett e Richard Stallman.

# flex --version
flex version 2.5.4

# autoconf --version
autoconf (GNU Autoconf) 2.57
Written by David J. MacKenzie and Akim Demaille.

# automake --version
automake (GNU automake) 1.7.6
Written by Tom Tromey <tromey@redhat.com>.

[2003-12-02 04:07 UTC] friosa at pnpitalia dot it

EUREKA !!!

unset CHOST
unset CFLAGS
unset CXXFLAGS

./configure --disable-all --disable-cgi --enable-debug
make
sapi/cli/php ../try2.php

with php5-200312020830 it's OK !!! :D

I wasn't thinking about the optimizations flags I've chosen before, they are in my /etc/profile so I don't see them very often :P .

do u advise me to send to gnu people a report ?

[2003-12-02 04:19 UTC] sniper@php.net

Yeah, this is not PHP bug.. -O6 is really asking for all problems there can possibly be..

[2003-12-02 05:31 UTC] friosa at pnpitalia dot it

FINALLY

the difference is beetween -O2 and -O3 so:

theese ones *work*:
CHOST="i686-pc-linux-gnu"
CFLAGS="-pipe -O2 -march=athlon-xp -mfpmath=sse,387 -mieee-fp -malign-double -m128bit-long-double -maccumulate-outgoing-args -fmove-all-movables"
CXXFLAGS=$CFLAGS

this one does NOT!
CFLAGS="-pipe -O3 -march=athlon-xp -mfpmath=sse,387 -mieee-fp -malign-double -m128bit-long-double -maccumulate-outgoing-args -fmove-all-movables"

[2003-12-02 05:39 UTC] derick@php.net

-O6 is the same as -O3 because there is no -O6 at all...

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Jul 04 11:01:37 2025 UTC