|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2003-06-08 13:51 UTC] zeev@php.net
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Mon Nov 03 01:00:01 2025 UTC |
Hi: When switching on the result of an assignment to a member variable, and the switch statement has more than one non-default case, ZE2 crashes in compare_function. Here's a test script: <?php class grim_reaper { function slaughter($val) { switch ($this->foo = $val) { case 'foo': break; case "Remove this case and I don't crash": break; } } } $r = new grim_reaper(); $r->slaughter('ze2'); ?> Here's some valgrind output: ==3548== Conditional jump or move depends on uninitialised value(s) ==3548== at 0x8175234: zend_case_handler (/archive/Sources/web-server/php-5.0-cvs/Zend/zend_execute.c:3101) ==3548== by 0x816EC54: execute (/archive/Sources/web-server/php-5.0-cvs/Zend/zend_execute.c:1247) ==3548== by 0x8173AE8: zend_do_fcall_common_helper (/archive/Sources/web-server/php-5.0-cvs/Zend/zend_execute.c:2654) ==3548== by 0x8173F3E: zend_do_fcall_by_name_handler (/archive/Sources/web-server/php-5.0-cvs/Zend/zend_execute.c:2725) ==3548== ==3548== Conditional jump or move depends on uninitialised value(s) ==3548== at 0x8178DF8: _get_zval_ptr (/archive/Sources/web-server/php-5.0-cvs/Zend/zend_execute.c:73) ==3548== by 0x8175295: zend_case_handler (/archive/Sources/web-server/php-5.0-cvs/Zend/zend_execute.c:3106) ==3548== by 0x816EC54: execute (/archive/Sources/web-server/php-5.0-cvs/Zend/zend_execute.c:1247) ==3548== by 0x8173AE8: zend_do_fcall_common_helper (/archive/Sources/web-server/php-5.0-cvs/Zend/zend_execute.c:2654) ==3548== ==3548== Invalid read of size 1 ==3548== at 0x81557BD: compare_function (/archive/Sources/web-server/php-5.0-cvs/Zend/zend_operators.c:1189) ==3548== by 0x8156173: is_equal_function (/archive/Sources/web-server/php-5.0-cvs/Zend/zend_operators.c:1346) ==3548== by 0x81752AD: zend_case_handler (/archive/Sources/web-server/php-5.0-cvs/Zend/zend_execute.c:3106) ==3548== by 0x816EC54: execute (/archive/Sources/web-server/php-5.0-cvs/Zend/zend_execute.c:1247) ==3548== Address 0xC is not stack'd, malloc'd or free'd Here's a gdb backtrace: #0 0x081557bd in compare_function (result=0xbfffd47c, op1=0x0, op2=0x821d398) at /archive/Sources/web-server/php-5.0-cvs/Zend/zend_operators.c:1189 #1 0x08156174 in is_equal_function (result=0xbfffd47c, op1=0x0, op2=0x821d398) at /archive/Sources/web-server/php-5.0-cvs/Zend/zend_operators.c:1346 #2 0x081752ae in zend_case_handler (execute_data=0xbfffd4a0, op_array=0x821e67c) at /archive/Sources/web-server/php-5.0-cvs/Zend/zend_execute.c:3106 #3 0x0816ec55 in execute (op_array=0x821e67c) at /archive/Sources/web-server/php-5.0-cvs/Zend/zend_execute.c:1247 #4 0x08173ae9 in zend_do_fcall_common_helper (execute_data=0xbfffd6b0, op_array=0x82172fc) at /archive/Sources/web-server/php-5.0-cvs/Zend/zend_execute.c:2654 #5 0x08173f3f in zend_do_fcall_by_name_handler (execute_data=0xbfffd6b0, op_array=0x82172fc) at /archive/Sources/web-server/php-5.0-cvs/Zend/zend_execute.c:2725 #6 0x0816ec55 in execute (op_array=0x82172fc) at /archive/Sources/web-server/php-5.0-cvs/Zend/zend_execute.c:1247 #7 0x08159c1d in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /archive/Sources/web-server/php-5.0-cvs/Zend/zend.c:1008 #8 0x0811a3de in php_execute_script (primary_file=0xbffffab0) at /archive/Sources/web-server/php-5.0-cvs/main/main.c:1678 #9 0x0817d574 in main (argc=2, argv=0xbffffb54) at /archive/Sources/web-server/php-5.0-cvs/sapi/cli/php_cli.c:909 #10 0x401aabb4 in __libc_start_main () from /lib/libc.so.6 Let me know if there's anything else I can do. Thanks, - Dave dave@codewhore.org