PHP :: Bug #26675 :: Segfault on ArrayAccess use

Bug #26675	Segfault on ArrayAccess use
Submitted:	2003-12-19 20:20 UTC	Modified:	2003-12-22 11:25 UTC
From:	xi at ngs dot ru	Assigned:	helly (profile)
Status:	Closed	Package:	Reproducible crash
PHP Version:	5.0.0b3	OS:	*
Private report:	No	CVE-ID:	None

View Developer Edit

[2003-12-19 20:20 UTC] xi at ngs dot ru

Description:
------------
The following code produces segfault using snapshot php5-200312191230.

Reproduce code:
---------------
<?php
class A implements ArrayAccess
{
    private $array = array();

    public function offsetExists( $offset )
    { return isset( $this->array[ $offset ] ); }
    
    public function offsetGet( $offset )
    { return $this->array[ $offset ]; }

    public function offsetSet( $offset, $data )
    { $this->array[ $offset ] = $data; }

    public function offsetUnset( $offset )
    { unset( $this->array[ $offset ] ); }
}
$a = new A();
$a[] = 'Segfault here!';
?>

Expected result:
----------------
String added to $a

Actual result:
--------------
Segmentation fault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-12-20 02:52 UTC] eru@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

[2003-12-20 03:32 UTC] xi at ngs dot ru

Backtrace:

#0  zend_call_function (fci=0xbfffd4c0, fci_cache=0xbfffd4a0)
    at /home/simeon/php/php5-200312191230/Zend/zend_execute_API.c:668
#1  0x08141822 in zend_call_method (object_pp=0xbfffd550, obj_ce=0x4032b6dc, 
    fn_proxy=0x0, function_name=0x81941be "offsetset", function_name_len=9, 
    retval_ptr_ptr=0x0, param_count=136060708, arg1=0x0, arg2=0x4032a568)
    at /home/simeon/php/php5-200312191230/Zend/zend_interfaces.c:79
#2  0x081430ae in zend_std_write_dimension (object=0x4032c1cc, offset=0x0, 
    value=0x4032a568)
    at /home/simeon/php/php5-200312191230/Zend/zend_object_handlers.c:405
#3  0x08157410 in zend_assign_to_object (result=0x4032a4f0, 
    object_ptr=0x4032c250, op2=0x4032a520, value_op=0x4032a560, Ts=0xbfffd610, 
    opcode=147) at /home/simeon/php/php5-200312191230/Zend/zend_execute.c:416
#4  0x081517e0 in zend_assign_dim_handler (execute_data=0xbfffd6f0, 
    op_array=0x40324e5c)
    at /home/simeon/php/php5-200312191230/Zend/zend_execute.c:2058
#5  0x0814f5fd in execute (op_array=0x40324e5c)
    at /home/simeon/php/php5-200312191230/Zend/zend_execute.c:1260
#6  0x0813515a in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/simeon/php/php5-200312191230/Zend/zend.c:1030
#7  0x081017ef in php_execute_script (primary_file=0xbffffac0)
    at /home/simeon/php/php5-200312191230/main/main.c:1638
#8  0x0815a312 in main (argc=2, argv=0xbffffb44)
    at /home/simeon/php/php5-200312191230/sapi/cli/php_cli.c:910

[2003-12-20 05:31 UTC] derick@php.net

I could verify this.

[2003-12-22 11:25 UTC] helly@php.net

This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Oct 26 16:00:01 2025 UTC