PHP :: Bug #29893 :: Yet another Segmentation fault

Bug #29893	Yet another Segmentation fault
Submitted:	2004-08-30 10:47 UTC	Modified:	2004-08-30 10:58 UTC
From:	n dot favrefelix at free dot fr	Assigned:	andi (profile)
Status:	Closed	Package:	Scripting Engine problem
PHP Version:	5.0.1	OS:	Linux (Mandrake 10)
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	n dot favrefelix at free dot fr
New email:
PHP Version:		OS:

New Comment:

[2004-08-30 10:47 UTC] n dot favrefelix at free dot fr

Description:
------------
It seems that the following code crashes PHP.
I agree that it's not a good idea to do $table[$table] but I expect something else than a segmentation fault.

Reproduce code:
---------------
<?
$base = 50;
$base[$base] -= 0; // -= crashes PHP, = doesn't

die("Ok");
?>

Expected result:
----------------
A warning or a fatal error, then "OK", but not a segmentation fault...

Actual result:
--------------
Two new lines in my Apache error_log :

[Mon Aug 30 10:42:42 2004] [error] PHP Warning:  Cannot use a scalar value as an array in /www/test.php on line 3
[Mon Aug 30 10:42:42 2004] [notice] child pid 21974 exit signal Segmentation fault (11)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-08-30 10:50 UTC] guth at fiifo dot u-psud dot fr

Additionaly, the crash appears with the followings operators :

-=, += ^=, |=, etc.

<?
$base = 50;
$base[] += 0;

die("ok");
?>

This code doesn't work properly either.

[2004-08-30 10:51 UTC] tony2001@php.net

here is the backtrace:
-----
(gdb) r -f /www/index.php
Starting program: /home/dev/php-src_clean/sapi/cli/php -f /www/index.php

Program received signal SIGSEGV, Segmentation fault.
0x00000000 in ?? ()
(gdb) bt
#0  0x00000000 in ?? ()
#1  0x0819e71b in execute (op_array=0x8283d9c) at /home/dev/php-src_clean/Zend/zend_execute.c:1498
#2  0x08179f38 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/dev/php-src_clean/Zend/zend.c:1052
#3  0x08134713 in php_execute_script (primary_file=0xbffff850) at /home/dev/php-src_clean/main/main.c:1633
#4  0x081ac523 in main (argc=3, argv=0xbffff8e4) at /home/dev/php-src_clean/sapi/cli/php_cli.c:943
(gdb) f 1
#1  0x0819e71b in execute (op_array=0x8283d9c) at /home/dev/php-src_clean/Zend/zend_execute.c:1498
1498                    if (EX(opline)->handler(&execute_data TSRMLS_CC)) {
-----

[2004-08-30 10:56 UTC] derick@php.net

This works fine in PHP 4, assigning to the zend mastah:

derick@kossu:~$ php-4.3dev
<?
$base = 50;
$base[$base] -= 0; // -= crashes PHP, = doesn't

die("Ok");
?>

Warning: Cannot use a scalar value as an array in - on line 3

Call Stack:
    4.4567      11512   1. {main}() -:0


Variables in local scope:
  $base = 50

[2004-08-30 10:58 UTC] stas@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Jul 01 17:01:34 2025 UTC