php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #28487 crash when function declared in switch is called
Submitted: 2004-05-22 12:54 UTC Modified: 2004-09-06 01:00 UTC
Votes:19
Avg. Score:4.6 ± 0.7
Reproduced:19 of 19 (100.0%)
Same Version:1 (5.3%)
Same OS:3 (15.8%)
From: tomas dot matousek at matfyz dot cz Assigned:
Status: No Feedback Package: Scripting Engine problem
PHP Version: 5.0.0RC2 OS: WinXP
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: tomas dot matousek at matfyz dot cz
New email:
PHP Version: OS:

 

 [2004-05-22 12:54 UTC] tomas dot matousek at matfyz dot cz 
Description:
------------
PHP crashes when an arbitrary function declared in a switch statement is called.

Reproduce code:
---------------
<?
$x = 1;

switch($x)
{
  case 1:
    function f() { }
  
    break;  
}

f();
?>

Expected result:
----------------
no crash

Actual result:
--------------
crash

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-07-13 18:07 UTC] fixxxer at php5 dot ru 
The bug exists in the last snapshot php5-200407131230.
Tested under FreeBSD 4.9 and Windows XP.

(gdb) bt
#0  zend_switch_free_handler (execute_data=0xbfbfe314, opline=0x84f8824, op_array=0x8504780)
    at /usr/ports/lang/php5/work/php-5.0.0RC3/Zend/zend_execute.c:65
#1  0x823fbcf in execute (op_array=0x8504780) at /usr/ports/lang/php5/work/php-5.0.0RC3/Zend/zend_execute.c:1391
#2  0x825d8c5 in zend_do_fcall_common_helper (execute_data=0xbfbfe404, opline=0x850e368, op_array=0x8505124)
    at /usr/ports/lang/php5/work/php-5.0.0RC3/Zend/zend_execute.c:2728
#3  0x825dd22 in zend_do_fcall_by_name_handler (execute_data=0xbfbfe404, opline=0x850e368, op_array=0x8505124)
    at /usr/ports/lang/php5/work/php-5.0.0RC3/Zend/zend_execute.c:2810
#4  0x823fbcf in execute (op_array=0x8505124) at /usr/ports/lang/php5/work/php-5.0.0RC3/Zend/zend_execute.c:1391
#5  0x821e32e in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /usr/ports/lang/php5/work/php-5.0.0RC3/Zend/zend.c:1061
#6  0x81e3ba5 in php_execute_script (primary_file=0xbfbffac0) at /usr/ports/lang/php5/work/php-5.0.0RC3/main/main.c:1627
#7  0x82688ce in main (argc=3, argv=0xbfbffb3c) at /usr/ports/lang/php5/work/php-5.0.0RC3/sapi/cli/php_cli.c:943
 [2004-07-20 16:35 UTC] jb-php at microbasic dot net 
I have the same problem, example :
<?
$somecode=1;
switch($somecode){
	case 1:
		function test(){
			echo "success";
		}
		test();
		break;
}
?>
With php5 final, this code was working with php 4.3.7
 [2004-07-24 21:22 UTC] Jared dot Williams1 at ntworld dot com 
Just discovered this one with

PHP Version 5.1.0-dev 
System  Windows NT WIN2KS 5.0 build 2195  
Build Date  Jul 23 2004 16:22:08  

and

PHP Version 5.1.0-dev 
System  Windows NT WIN2KS 5.0 build 2195  
Build Date  Jul 24 2004 20:15:28
 [2004-07-29 09:59 UTC] stefan at hotpaenz dot de 
I experienced this crash on Linux 2.6.3 with PHP 4.3.3 and 
PHP 5.1.0-dev snapshot 200407271430. Perhaps somebody 
should set the category to "reproducible crash". 
 
This is the PHP 5.1.0-dev backtrace: 
 
#0  0x08271843 in zend_switch_free_handler  
(execute_data=0xbfffd5a0, opline=0x8726fe4,  
op_array=0x8721970, tsrm_ls=0x8430018)  
at /root/php/200407271430/php5-5.0.0/Zend/zend_execute.c:200  
  
200 if (!T(opline->op1.u.var).var.ptr_ptr) {  
  
(gdb) bt  
  
#0  0x08271843 in zend_switch_free_handler  
(execute_data=0xbfffd5a0, opline=0x8726fe4,  
op_array=0x8721970, tsrm_ls=0x8430018)  
at /root/php/200407271430/php5-5.0.0/Zend/zend_execute.c:200  
  
#1  0x0826c0b5 in execute (op_array=0x8721970,  
tsrm_ls=0x8430018)  
at /root/php/200407271430/php5-5.0.0/Zend/zend_execute.c:1391  
  
#2  0x0826fe63 in zend_do_fcall_common_helper  
(execute_data=0xbfffd670, opline=0x8725ecc,  
op_array=0x8721b94, tsrm_ls=0x8430018)  
at /root/php/200407271430/php5-5.0.0/Zend/zend_execute.c:2728  
  
#3  0x0826c0b5 in execute (op_array=0x8721b94,  
tsrm_ls=0x8430018)  
at /root/php/200407271430/php5-5.0.0/Zend/zend_execute.c:1391  
  
#4  0x0824ce31 in zend_execute_scripts (type=8,  
tsrm_ls=0x8430018, retval=0x0, file_count=3)  
at /root/php/200407271430/php5-5.0.0/Zend/zend.c:1068  
  
#5  0x08210044 in php_execute_script  
(primary_file=0xbffffa40, tsrm_ls=0x8430018)  
at /root/php/200407271430/php5-5.0.0/main/main.c:1631  
  
#6  0x08278bfc in main (argc=2, argv=0xbffffb04)  
at /root/php/200407271430/php5-5.0.0/sapi/cgi/cgi_main.c:1568
 [2004-08-29 12:59 UTC] tony2001@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip

Seems to be fixed. Please, test it again.
 [2004-09-06 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2005-03-15 13:43 UTC] fonya at fatav dot hu 
I have the similar problem with this.
In cli interface everything work right, but the apache web server is segfaults. The code working with php 4.3.8

apache: 2.0.53
php: 5.0.3

The system is Linux/FC3, and FC test /prepre4 :)/

The code:
<?

$mi=1;

switch ($mi) {
case 1:
        function Lufi() {
                global $cucc;
                return(666);
        }
break;
}

echo microtime()."<br>";

echo Lufi();


?>

--
Fonya
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 15:01:30 2024 UTC