php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #24710 $obj->foo = "bar"; print $obj->{0}; segfaults
Submitted: 2003-07-18 17:28 UTC Modified: 2003-07-22 12:21 UTC
From: swalk at prp dot physik dot tu-darmstadt dot de Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 4.3.3RC2-dev OS: *
Private report: No CVE-ID:
 [2003-07-18 17:28 UTC] swalk at prp dot physik dot tu-darmstadt dot de
Description:
------------
This little script creates a segfault on every version of php i came across (4.3.2, 4.3.3rc1, 5.0.0b2). When you replace 0 with "0", it works.


Reproduce code:
---------------
<?php
$obj->foo = "bar"; // or anything else that creates an object
print $obj->{0};
?>


Expected result:
----------------
Notice: undefined property: 0... or something alike

Actual result:
--------------
(gdb) bt
#0  0x08146cf8 in zend_hash_find (ht=0x8211f64, arKey=0x0, nKeyLength=4, pData=0xbfffca9c)
    at /home/et/sources/php-4.3.2/Zend/zend_hash.c:875
#1  0x08151e70 in zend_fetch_property_address_inner (ht=0x8211f64, op2=0x8219910, Ts=0xbfffcb40, type=0)
    at /home/et/sources/php-4.3.2/Zend/zend_execute.c:199
#2  0x0814c6b9 in zend_fetch_property_address (result=0x82198f0, op1=0x8215244, op2=0x8219910, Ts=0xbfffcb40, type=0)
    at /home/et/sources/php-4.3.2/Zend/zend_execute.c:930
#3  0x08150e97 in execute (op_array=0x82156a4) at /home/et/sources/php-4.3.2/Zend/zend_execute.c:1328
#4  0x081426f1 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/et/sources/php-4.3.2/Zend/zend.c:869
#5  0x0811d2fb in php_execute_script (primary_file=0xbffff070) at /home/et/sources/php-4.3.2/main/main.c:1671
#6  0x08153932 in main (argc=4, argv=0xbffff0f4) at /home/et/sources/php-4.3.2/sapi/cli/php_cli.c:806
#7  0x420158f7 in __libc_start_main () from /lib/i686/libc.so.6


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-07-19 09:40 UTC] sniper@php.net
Verified with latest PHP_4_3 CVS, same backtrace. (removed all the irrelevant comments, they didn't have any extra value to them)

 [2003-07-22 12:21 UTC] zeev@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

(Will be a part of 4.3.3)
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 17 12:01:59 2014 UTC