PHP :: Bug #32955 :: Variable variables in globals.

Bug #32955

Variable variables in globals.

Submitted:

2005-05-05 14:39 UTC

Modified:

2005-05-14 14:55 UTC

Votes:	4
Avg. Score:	4.5 ± 0.9
Reproduced:	2 of 2 (100.0%)
Same Version:	2 (100.0%)
Same OS:	2 (100.0%)

From:

isset at yandex dot ru

Assigned:

Status:

Not a bug

Package:

Reproducible crash

PHP Version:

5.0.4

OS:

Windows, Linux

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	isset at yandex dot ru
New email:
PHP Version:		OS:

New Comment:

[2005-05-05 14:39 UTC] isset at yandex dot ru

Description:
------------
Variable variables in globals. Crash. See reproduce code.

Reproduce code:
---------------
<?php
$var[1] = "user";
$var[2] = "name";
function check($var)
{
global $$var[1][$var[2]]; // <- Segmentation fault
echo $$var[1][$var[2]];
}
check($var);
?>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-05-05 19:36 UTC] tony2001@php.net

Reproducible with 5.0 and 4.3, HEAD is working fine.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1076963104 (LWP 16032)]
0x081ea2aa in zend_pzval_unlock_func (z=0x1) at /usr/src/dev/clean/php-src_5_0/Zend/zend_execute.c:66
66              z->refcount--;
(gdb) bt
#0  0x081ea2aa in zend_pzval_unlock_func (z=0x1) at /usr/src/dev/clean/php-src_5_0/Zend/zend_execute.c:66
#1  0x081ea3a9 in _get_zval_ptr (node=0x82d47c4, Ts=0xbfffc9d0, should_free=0xbfffc98c) at /usr/src/dev/clean/php-src_5_0/Zend/zend_execute.c:101
#2  0x081e1238 in zend_fetch_var_address (opline=0x82d47ac, Ts=0xbfffc9d0, type=1) at /usr/src/dev/clean/php-src_5_0/Zend/zend_execute.c:747
#3  0x081e3b63 in zend_fetch_w_handler (execute_data=0xbfffcb30, opline=0x82d47ac, op_array=0x82d4b00) at /usr/src/dev/clean/php-src_5_0/Zend/zend_execute.c:2043
#4  0x081e2a14 in execute (op_array=0x82d4b00) at /usr/src/dev/clean/php-src_5_0/Zend/zend_execute.c:1417
#5  0x081e5c17 in zend_do_fcall_common_helper (execute_data=0xbfffccc0, opline=0x82d32c0, op_array=0x82cee2c) at /usr/src/dev/clean/php-src_5_0/Zend/zend_execute.c:2767
#6  0x081e612c in zend_do_fcall_handler (execute_data=0xbfffccc0, opline=0x82d32c0, op_array=0x82cee2c) at /usr/src/dev/clean/php-src_5_0/Zend/zend_execute.c:2872
#7  0x081e2a14 in execute (op_array=0x82cee2c) at /usr/src/dev/clean/php-src_5_0/Zend/zend_execute.c:1417
#8  0x081bf0b6 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/dev/clean/php-src_5_0/Zend/zend.c:1076
#9  0x0817e530 in php_execute_script (primary_file=0xbffff0e0) at /usr/src/dev/clean/php-src_5_0/main/main.c:1638
#10 0x081ee703 in main (argc=2, argv=0xbffff1b4) at /usr/src/dev/clean/php-src_5_0/sapi/cli/php_cli.c:946

[2005-05-14 14:55 UTC] tony2001@php.net

Duplicate of bug #29707.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Jul 02 14:01:36 2025 UTC