|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #25547 error_handler and array index with function call
Submitted: 2003-09-15 13:37 UTC Modified: 2004-03-31 18:18 UTC
Avg. Score:3.8 ± 1.0
Reproduced:16 of 16 (100.0%)
Same Version:7 (43.8%)
Same OS:7 (43.8%)
From: cschneid at cschneid dot com Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 4CVS OS: *
Private report: No CVE-ID:
 [2003-09-15 13:37 UTC] cschneid at cschneid dot com
Error handler seems to destroy array indices if called due
to a undefined array index generated by a function.

Reproduce code:
function handler($errno, $errstr, $errfile, $errline)
        $test = "aaa";



Expected result:
    [bbbbbbb] => 1

Actual result:
    [aaa] => 1


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2003-10-15 08:19 UTC] cschneid at cschneid dot com
The problem seems to be that dim->value is overwritten, copying the value solves this. I don't have enough insight in Zend to know if this is a memory leak and the values should be freed at some point or if this is ok.

Hope this helps:

diff -u -u -r1.316.2.21 zend_execute.c
--- Zend/zend_execute.c 30 Jul 2003 16:33:54 -0000      1.316.2.21
+++ Zend/zend_execute.c 15 Oct 2003 12:17:10 -0000
@@ -626,7 +626,7 @@
                        offset_key_length = 0;
                        goto fetch_string_dim;
                case IS_STRING:
-                       offset_key = dim->value.str.val;
+                       offset_key = estrndup(dim->value.str.val, dim->value.str.len);
                        offset_key_length = dim->value.str.len;

 [2003-10-16 04:09 UTC]
You now have a memory leak. I tried something similar too. But we decided to look for a better solution where we don't gc the variable we still need.
 [2003-12-31 03:17 UTC]
The bug is fixed in PHP5 CVS (zend.c,v 1.260).
 [2004-01-04 17:49 UTC] cschneid at cschneid dot com
Problem still exists in PHP4 branch
 [2004-01-04 17:53 UTC] cschneid at cschneid dot com
A workaround patch (without memory leak ;-)) can be found at
 [2004-01-04 22:45 UTC] cvianna at stech dot net dot br
The patch applied perfectly, and the make test didnt find any error after this.

Altough, my problem ([Mon Jan  5 01:48:52 2004] [notice] child pid 3965 exit signal Segmentation fault (11)
) every time I access an php page, persists. Not associated :) Back to google.
 [2004-01-11 02:59 UTC] jclift at digitaldistribution dot com
That patch fixed my 4.3.4 release tarball, running on Sun's JDS, compiled in CLI mode.

Look like we'll be waiting for the 4.3.5 release now.


Regards and best wishes,

Justin Clift
 [2004-01-16 22:50 UTC] jclift at digitaldistribution dot com
Just experienced this when doing a "make test" with PHP 4.3.5RC1, on a newly installed Sun Java Desktop System (a stripped down version of SuSE Linux).
 [2004-02-15 18:41 UTC] bart at atsence dot nl
I am afraid the patch did not have the desired effect for me. I am still faced with the error (when making a make test) after compiling php with sablotron, see below.

I patched the php-4.3.4 tarball with:

patch -p1 < bug25547.patch

Result is an error

File to patch: php-4.3.4.tar.gz
patching file php-4.3.4.tar.gz
Hunk #1 FAILED at 638.
1 out of 1 hunk FAILED -- saving rejects to file php-4.3.4.tar.gz.rej

Bug #25547 (error_handler and array index with function call) [tests/lang/bug25547.phpt]
xslt_set_object function [ext/xslt/tests/xslt_set_object.phpt]

Ideas anyone?
 [2004-03-09 09:09 UTC] sm at netxcalibur dot com
This bug is still present in 4.3.4 and 4.3.5RC4 (aka php4-STABLE-200403091230), on both Linux Slackware 9.0 and 9.1. If patched as described, the bug disappears from both Linux/php versions.
 [2004-03-31 18:18 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Sat Oct 10 07:01:40 2015 UTC