PHP :: Bug #26487 :: crash on .= assign to a non-existent array element

Bug #26487	crash on .= assign to a non-existent array element
Submitted:	2003-12-01 08:53 UTC	Modified:	2003-12-02 05:39 UTC
From:	friosa at pnpitalia dot it	Assigned:
Status:	Not a bug	Package:	Reproducible crash
PHP Version:	5.0.0b2 (beta2)	OS:	athlon suse linux 9
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	friosa at pnpitalia dot it
New email:
PHP Version:		OS:

New/Additional Comment:

[2003-12-01 08:53 UTC] friosa at pnpitalia dot it

Description:
------------
crash on := assign to a non-existent array element
php 5.00 (beta2)
php 5.00 (200311291630)

hope that the example i easy enough, i'm not in condition now to put here a back trace sorry :( i will try it later.

./configure
--prefix=/usr/local
--with-config-file-path=/etc/php5.ini
--disable-posix
--disable-session
--disable-tokenizer
--without-sqlite
--disable-cgi
--disable-shared
--enable-shared=no
--with-mysql
--with-mysql-sock=/var/lib/mysql/mysql.sock
--with-informix=/opt/informix
--with-libxml-dir=/pnp
--with-dom=/pnp
--with-dom-xslt=/pnp
--with-dom-exslt=/pnp
--enable-simplexml
--enable-pcntl
--enable-sigchild
--enable-mime-magic
--with-gnu-ld
--with-pcre-regex
--enable-ftp

[PHP Modules]
ctype
dom
ftp
informix
libxml
mysql
pcntl
pcre
simplexml
standard
xml

[Zend Modules]


Reproduce code:
---------------
#! /usr/local/bin/php
# try.php
<?php
$ar = array();
$ar[0] .= "pluto";
?>

./try.php
Segmentation fault



Expected result:
----------------
$ar[0] == "pluto";
OR
an error displayed

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-12-01 11:45 UTC] sniper@php.net

Can you please try adding 'error_reporting(0);' as first line in your script to see if the crash happens in the error output function.

[2003-12-01 12:24 UTC] friosa at pnpitalia dot it

Still the same result, I've tryed also something else ..
I suggest the problem is with ".=" operator 

./configure \
--enable-debug \
--prefix=/INSTALL/php_latest2 \
--with-config-file-path=/etc/php5.ini \
--disable-cgi \
make && make install

./bin/php try1.php
<?
$ar = array('a');
$ar[0] .= 'b';
?>
Segmentation fault (core dumped)

./bin/php try2.php ... still the same

<?
$ar = array('a');
$ar[0] = $ar[0]  . 'b';
$ar[0] = 'ab';
echo "ok";
?>

[2003-12-01 12:36 UTC] sniper@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip

[2003-12-01 13:01 UTC] friosa at pnpitalia dot it

downloaded and compiled with minimum requirements

./bin/php try1.php ; ./bin/php try2.php ; ./bin/php try3.php
Segmentation fault (core dumped)
Segmentation fault (core dumped)
ok

[2003-12-01 13:37 UTC] sniper@php.net

Try this:

# rm config.cache
# ./configure --disable-all --disable-cgi --enable-debug
# make clean && make
# sapi/cli/php try.php

[2003-12-01 13:59 UTC] friosa at pnpitalia dot it

sapi/cli/php ../try1.php ; sapi/cli/php ../try2.php ; sapi/cli/php ../try3.php
Segmentation fault
Segmentation fault
ok

I've tryed with php 4.3.4 (compiled with the previous options) and it work fine
... and gdm still don't help me

[2003-12-02 00:03 UTC] sniper@php.net

What gcc version are you using? And bison? flex?

[2003-12-02 03:44 UTC] friosa at pnpitalia dot it

LD_LIBRARY_PATH=$INFORMIXDIR/lib/dmi:$INFORMIXDIR/lib:$INFORMIXDIR/lib/esql:$INFORMIXDIR/incl/tools:$INFORMIXDIR/incl/esql
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=k6 -O6 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=k6 -O6 -pipe -fomit-frame-pointer"

# gcc --version
gcc (GCC) 3.3.1 (SuSE Linux)

# bison --version
bison (GNU Bison) 1.75
Scritto da Robert Corbett e Richard Stallman.

# flex --version
flex version 2.5.4

# autoconf --version
autoconf (GNU Autoconf) 2.57
Written by David J. MacKenzie and Akim Demaille.

# automake --version
automake (GNU automake) 1.7.6
Written by Tom Tromey <tromey@redhat.com>.

[2003-12-02 04:07 UTC] friosa at pnpitalia dot it

EUREKA !!!

unset CHOST
unset CFLAGS
unset CXXFLAGS

./configure --disable-all --disable-cgi --enable-debug
make
sapi/cli/php ../try2.php

with php5-200312020830 it's OK !!! :D

I wasn't thinking about the optimizations flags I've chosen before, they are in my /etc/profile so I don't see them very often :P .

do u advise me to send to gnu people a report ?

[2003-12-02 04:19 UTC] sniper@php.net

Yeah, this is not PHP bug.. -O6 is really asking for all problems there can possibly be..

[2003-12-02 05:31 UTC] friosa at pnpitalia dot it

FINALLY

the difference is beetween -O2 and -O3 so:

theese ones *work*:
CHOST="i686-pc-linux-gnu"
CFLAGS="-pipe -O2 -march=athlon-xp -mfpmath=sse,387 -mieee-fp -malign-double -m128bit-long-double -maccumulate-outgoing-args -fmove-all-movables"
CXXFLAGS=$CFLAGS

this one does NOT!
CFLAGS="-pipe -O3 -march=athlon-xp -mfpmath=sse,387 -mieee-fp -malign-double -m128bit-long-double -maccumulate-outgoing-args -fmove-all-movables"

[2003-12-02 05:39 UTC] derick@php.net

-O6 is the same as -O3 because there is no -O6 at all...

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 25 09:01:29 2024 UTC