php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #50611 Segfault when trying $var =& $non_array_var[some_index]
Submitted: 2009-12-30 08:30 UTC Modified: 2009-12-30 08:50 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:2 (66.7%)
Same OS:2 (66.7%)
From: an0nym at narod dot ru Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 5.3.1, 5.3.0, 5.2.10 OS: FreeBSD 7.2-RELEASE-p3 etc
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: an0nym at narod dot ru
New email:
PHP Version: OS:

 

 [2009-12-30 08:30 UTC] an0nym at narod dot ru 
Description:
------------
Segmentation fault occurs when trying to assign a var to a reference onto some index of a string variable. (I know it's dumb, but no segfault should occur, but a Fatal error: ...)

Reproduce code:
---------------
<?php
$value1 = 'foobar';
$value2 = &$value1[0];

Expected result:
----------------
Fatal Error

Actual result:
--------------
Segmentation Fault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-12-30 08:35 UTC] mikhail dot v dot gavrilov at gmail dot com 
Can confirm this.
OS: (Windows 2003 SP2 || Windows XP SP3) && PHP 5.3.1 NTS VC6
 [2009-12-30 08:45 UTC] an0nym at narod dot ru 
Segfault occurs on 
Windows 2003/XP, PHP 5.3.1, NTS, VC6, FastCGI
Debian, PHP 5.3.0-3
FreeBSD, PHP 5.2.10
FreeBSD, PHP 5.3.1

Fatal error occurs on
Ubuntu 6.3, PHP 5.2.10-2
FreeBSD, PHP 5.2.9
FreeBSD, PHP 5.2.6
FreeBSD, PHP 5.2.11
 [2009-12-30 08:49 UTC] akrus at flygroup dot st 
Also can confirm this. Tried to debug with gdb under FreeBSD with php 5.3.1:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x29f01040 (LWP 100325)]
0x0841c6de in ZEND_FETCH_DIM_W_SPEC_CV_CONST_HANDLER (execute_data=0x2e203020) at zend_vm_execute.h:23571
23571                   Z_DELREF_PP(EX_T(opline->result.u.var).var.ptr_ptr);
(gdb) bt full
#0  0x0841c6de in ZEND_FETCH_DIM_W_SPEC_CV_CONST_HANDLER (execute_data=0x2e203020) at zend_vm_execute.h:23571
        opline = (zend_op *) 0x29f21e4c
        container = Variable "container" is not available.
 [2009-12-30 08:50 UTC] jani@php.net 
Already fixed in 5.3.2RC1 and 5.2.12 (or at least 5.2.13-dev :)

Fatal error: Cannot create references to/from string offsets nor overloaded objects in /home/jani/t.php on line 4
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat Jul 12 02:01:35 2025 UTC