PHP :: Bug #54401 :: DatePeriod crashes when constructor is not called

Bug #54401

DatePeriod crashes when constructor is not called

Submitted:

2011-03-27 15:32 UTC

Modified:

2020-02-26 23:27 UTC

Votes:	3
Avg. Score:	2.3 ± 0.9
Reproduced:	1 of 2 (50.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

felipe@php.net

Assigned:

cmb (profile)

Status:

Duplicate

Package:

Reproducible crash

PHP Version:

Irrelevant

OS:

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	felipe@php.net
New email:
PHP Version:		OS:

New Comment:

[2011-03-27 15:32 UTC] felipe@php.net

Description:
------------
DatePeriod relies on constructor being called before trying to iterate over its data.

Test script:
---------------
<?php

class foo extends DatePeriod {
	public function __construct() { }
}

foreach (new foo as $y);

Expected result:
----------------
No crash

Actual result:
--------------
Crash

#0  memcpy () at ../sysdeps/i386/i686/memcpy.S:75
#1  0xbffff2c8 in ?? ()
#2  0x0806ec1f in date_period_it_rewind (iter=0x8b1e584, tsrm_ls=0x89022a0) at /home/felipe/dev/php5/ext/date/php_date.c:1902
#3  0x0855330a in ZEND_FE_RESET_SPEC_VAR_HANDLER (execute_data=0x8ade614, tsrm_ls=0x89022a0)
    at /home/felipe/dev/php5/Zend/zend_vm_execute.h:8816
#4  0x08531442 in execute (op_array=0x8ab2ba0, tsrm_ls=0x89022a0) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:107
#5  0x084fef3d in zend_execute_scripts (type=8, tsrm_ls=0x89022a0, retval=0x0, file_count=3) at /home/felipe/dev/php5/Zend/zend.c:1194
#6  0x0847ad48 in php_execute_script (primary_file=0xbffff488, tsrm_ls=0x89022a0) at /home/felipe/dev/php5/main/main.c:2270
#7  0x085dada7 in main (argc=2, argv=0xbffff604) at /home/felipe/dev/php5/sapi/cli/php_cli.c:1193

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-04-05 00:38 UTC] felipe@php.net

-Status: Open +Status: Assigned -Assigned To: +Assigned To: derick

[2012-06-03 18:30 UTC] felipe@php.net

-Package: Date/time related +Package: Reproducible crash

[2012-07-04 11:33 UTC] felipe@php.net

-Private report: No +Private report: Yes

[2012-07-08 08:47 UTC] reeze dot xia at gmail dot com

This bug look the same as https://bugs.php.net/bug.php?id=62500. 
It initialize private data in constructor, when extend the class without
calling it's construtor may cause segfault. The DateInterval add a checking
before performance any operation, if it's not initialized an warning will be 
raised.

This may be fixed this way too.

[2012-07-14 16:46 UTC] felipe@php.net

-Type: Security +Type: Bug

[2017-10-24 07:58 UTC] kalle@php.net

-Status: Assigned +Status: Open -Assigned To: derick +Assigned To:

[2018-05-23 13:09 UTC] xKhorasan+php at gmail dot com

It seems that this is already fixed in https://bugs.php.net/bug.php?id=75002 .

[2020-02-26 23:27 UTC] cmb@php.net

-Status: Open +Status: Duplicate -Assigned To: +Assigned To: cmb

[2020-02-26 23:27 UTC] cmb@php.net

Like xKhorasan said (thanks!).  So I'm marking this as duplicate
of bug #75002.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Jan 30 18:01:29 2025 UTC