PHP :: Bug #27335 :: http_build_query segfaults when passing an array with numeric indices

Bug #27335	http_build_query segfaults when passing an array with numeric indices
Submitted:	2004-02-20 15:18 UTC	Modified:	2004-02-20 15:31 UTC
From:	benjcarson at digitaljunkies dot ca	Assigned:
Status:	Closed	Package:	*URL Functions
PHP Version:	5CVS-2004-02-20 (dev)	OS:	Linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	benjcarson at digitaljunkies dot ca
New email:
PHP Version:		OS:

New/Additional Comment:

[2004-02-20 15:18 UTC] benjcarson at digitaljunkies dot ca

Description:
------------
http_build_query segfaults if its argument is an array that has numeric indices.

gdb backtrace:

#0  php_url_encode_hash_ex (ht=0x40690c8c, formstr=0xbfffd2d0, num_prefix=0x0,
    num_prefix_len=0, key_prefix=0x0, key_prefix_len=0, key_suffix=0x0,
    key_suffix_len=0, type=0x0) at /usr/src/php5-200402201830/ext/standard/http.c:64
#1  0x081b962c in zif_http_build_query (ht=138264191, return_value=0x406902fc,
    this_ptr=0x0, return_value_used=1)
    at /usr/src/php5-200402201830/ext/standard/http.c:204
#2  0x08224ede in zend_do_fcall_common_helper (execute_data=0xbfffd470,
    opline=0x40690a68, op_array=0x4069075c)
    at /usr/src/php5-200402201830/Zend/zend_execute.c:2642
#3  0x0822505e in zend_do_fcall_handler (execute_data=0xbfffd470,
    opline=0x40690a68, op_array=0x83dbe7f)
    at /usr/src/php5-200402201830/Zend/zend_execute.c:2771
#4  0x08221388 in execute (op_array=0x4069075c)
    at /usr/src/php5-200402201830/Zend/zend_execute.c:1339
#5  0x082032ff in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /usr/src/php5-200402201830/Zend/zend.c:1053
#6  0x081ca76f in php_execute_script (primary_file=0xbffff860)
    at /usr/src/php5-200402201830/main/main.c:1647
#7  0x08235a2e in main (argc=2, argv=0xbffff924)
    at /usr/src/php5-200402201830/sapi/cli/php_cli.c:941


Reproduce code:
---------------
<?php
$arr[0] = "a";
$q = http_build_query($arr);
echo $q;
?>


Expected result:
----------------
0=a

Actual result:
--------------
Segmentation fault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-02-20 15:26 UTC] benjcarson at digitaljunkies dot ca

I should also add that http_build_query will segfault if a numeric index is used in a sub-array of its argument as well:

$arr = array("foo"=>"bar",
             "baz"=>array("one", "two", "three"));
$q = http_build_query($arr);

will also segfault.

[2004-02-20 15:31 UTC] pollita@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Apr 28 00:01:28 2024 UTC