|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #27335 http_build_query segfaults when passing an array with numeric indices
Submitted: 2004-02-20 15:18 UTC Modified: 2004-02-20 15:31 UTC
From: benjcarson at digitaljunkies dot ca Assigned:
Status: Closed Package: *URL Functions
PHP Version: 5CVS-2004-02-20 (dev) OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: benjcarson at digitaljunkies dot ca
New email:
PHP Version: OS:


 [2004-02-20 15:18 UTC] benjcarson at digitaljunkies dot ca
http_build_query segfaults if its argument is an array that has numeric indices.

gdb backtrace:

#0  php_url_encode_hash_ex (ht=0x40690c8c, formstr=0xbfffd2d0, num_prefix=0x0,
    num_prefix_len=0, key_prefix=0x0, key_prefix_len=0, key_suffix=0x0,
    key_suffix_len=0, type=0x0) at /usr/src/php5-200402201830/ext/standard/http.c:64
#1  0x081b962c in zif_http_build_query (ht=138264191, return_value=0x406902fc,
    this_ptr=0x0, return_value_used=1)
    at /usr/src/php5-200402201830/ext/standard/http.c:204
#2  0x08224ede in zend_do_fcall_common_helper (execute_data=0xbfffd470,
    opline=0x40690a68, op_array=0x4069075c)
    at /usr/src/php5-200402201830/Zend/zend_execute.c:2642
#3  0x0822505e in zend_do_fcall_handler (execute_data=0xbfffd470,
    opline=0x40690a68, op_array=0x83dbe7f)
    at /usr/src/php5-200402201830/Zend/zend_execute.c:2771
#4  0x08221388 in execute (op_array=0x4069075c)
    at /usr/src/php5-200402201830/Zend/zend_execute.c:1339
#5  0x082032ff in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /usr/src/php5-200402201830/Zend/zend.c:1053
#6  0x081ca76f in php_execute_script (primary_file=0xbffff860)
    at /usr/src/php5-200402201830/main/main.c:1647
#7  0x08235a2e in main (argc=2, argv=0xbffff924)
    at /usr/src/php5-200402201830/sapi/cli/php_cli.c:941

Reproduce code:
$arr[0] = "a";
$q = http_build_query($arr);
echo $q;

Expected result:

Actual result:
Segmentation fault


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2004-02-20 15:26 UTC] benjcarson at digitaljunkies dot ca
I should also add that http_build_query will segfault if a numeric index is used in a sub-array of its argument as well:

$arr = array("foo"=>"bar",
             "baz"=>array("one", "two", "three"));
$q = http_build_query($arr);

will also segfault.
 [2004-02-20 15:31 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Sun May 28 16:03:40 2023 UTC