|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #24710 $obj->foo = "bar"; print $obj->{0}; segfaults
Submitted: 2003-07-18 17:28 UTC Modified: 2003-07-22 12:21 UTC
From: swalk at prp dot physik dot tu-darmstadt dot de Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 4.3.3RC2-dev OS: *
Private report: No CVE-ID: None
 [2003-07-18 17:28 UTC] swalk at prp dot physik dot tu-darmstadt dot de
This little script creates a segfault on every version of php i came across (4.3.2, 4.3.3rc1, 5.0.0b2). When you replace 0 with "0", it works.

Reproduce code:
$obj->foo = "bar"; // or anything else that creates an object
print $obj->{0};

Expected result:
Notice: undefined property: 0... or something alike

Actual result:
(gdb) bt
#0  0x08146cf8 in zend_hash_find (ht=0x8211f64, arKey=0x0, nKeyLength=4, pData=0xbfffca9c)
    at /home/et/sources/php-4.3.2/Zend/zend_hash.c:875
#1  0x08151e70 in zend_fetch_property_address_inner (ht=0x8211f64, op2=0x8219910, Ts=0xbfffcb40, type=0)
    at /home/et/sources/php-4.3.2/Zend/zend_execute.c:199
#2  0x0814c6b9 in zend_fetch_property_address (result=0x82198f0, op1=0x8215244, op2=0x8219910, Ts=0xbfffcb40, type=0)
    at /home/et/sources/php-4.3.2/Zend/zend_execute.c:930
#3  0x08150e97 in execute (op_array=0x82156a4) at /home/et/sources/php-4.3.2/Zend/zend_execute.c:1328
#4  0x081426f1 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/et/sources/php-4.3.2/Zend/zend.c:869
#5  0x0811d2fb in php_execute_script (primary_file=0xbffff070) at /home/et/sources/php-4.3.2/main/main.c:1671
#6  0x08153932 in main (argc=4, argv=0xbffff0f4) at /home/et/sources/php-4.3.2/sapi/cli/php_cli.c:806
#7  0x420158f7 in __libc_start_main () from /lib/i686/


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2003-07-19 09:40 UTC]
Verified with latest PHP_4_3 CVS, same backtrace. (removed all the irrelevant comments, they didn't have any extra value to them)

 [2003-07-22 12:21 UTC]
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at
In case this was a documentation problem, the fix will show up soon at

In case this was a website problem, the change will show
up on the site and on the mirror sites in short time.
Thank you for the report, and for helping us make PHP better.

(Will be a part of 4.3.3)
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Sun Jun 04 16:03:38 2023 UTC