PHP :: Bug #28487 :: crash when function declared in switch is called

Bug #28487

crash when function declared in switch is called

Submitted:

2004-05-22 12:54 UTC

Modified:

2004-09-06 01:00 UTC

Votes:	19
Avg. Score:	4.6 ± 0.7
Reproduced:	19 of 19 (100.0%)
Same Version:	1 (5.3%)
Same OS:	3 (15.8%)

From:

tomas dot matousek at matfyz dot cz

Assigned:

Status:

No Feedback

Package:

Scripting Engine problem

PHP Version:

5.0.0RC2

OS:

WinXP

Private report:

CVE-ID:

None

View Developer Edit

[2004-05-22 12:54 UTC] tomas dot matousek at matfyz dot cz

Description:
------------
PHP crashes when an arbitrary function declared in a switch statement is called.

Reproduce code:
---------------
<?
$x = 1;

switch($x)
{
  case 1:
    function f() { }
  
    break;  
}

f();
?>

Expected result:
----------------
no crash

Actual result:
--------------
crash

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-07-13 18:07 UTC] fixxxer at php5 dot ru

The bug exists in the last snapshot php5-200407131230.
Tested under FreeBSD 4.9 and Windows XP.

(gdb) bt
#0  zend_switch_free_handler (execute_data=0xbfbfe314, opline=0x84f8824, op_array=0x8504780)
    at /usr/ports/lang/php5/work/php-5.0.0RC3/Zend/zend_execute.c:65
#1  0x823fbcf in execute (op_array=0x8504780) at /usr/ports/lang/php5/work/php-5.0.0RC3/Zend/zend_execute.c:1391
#2  0x825d8c5 in zend_do_fcall_common_helper (execute_data=0xbfbfe404, opline=0x850e368, op_array=0x8505124)
    at /usr/ports/lang/php5/work/php-5.0.0RC3/Zend/zend_execute.c:2728
#3  0x825dd22 in zend_do_fcall_by_name_handler (execute_data=0xbfbfe404, opline=0x850e368, op_array=0x8505124)
    at /usr/ports/lang/php5/work/php-5.0.0RC3/Zend/zend_execute.c:2810
#4  0x823fbcf in execute (op_array=0x8505124) at /usr/ports/lang/php5/work/php-5.0.0RC3/Zend/zend_execute.c:1391
#5  0x821e32e in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /usr/ports/lang/php5/work/php-5.0.0RC3/Zend/zend.c:1061
#6  0x81e3ba5 in php_execute_script (primary_file=0xbfbffac0) at /usr/ports/lang/php5/work/php-5.0.0RC3/main/main.c:1627
#7  0x82688ce in main (argc=3, argv=0xbfbffb3c) at /usr/ports/lang/php5/work/php-5.0.0RC3/sapi/cli/php_cli.c:943

[2004-07-20 16:35 UTC] jb-php at microbasic dot net

I have the same problem, example :
<?
$somecode=1;
switch($somecode){
	case 1:
		function test(){
			echo "success";
		}
		test();
		break;
}
?>
With php5 final, this code was working with php 4.3.7

[2004-07-24 21:22 UTC] Jared dot Williams1 at ntworld dot com

Just discovered this one with

PHP Version 5.1.0-dev 
System  Windows NT WIN2KS 5.0 build 2195  
Build Date  Jul 23 2004 16:22:08  

and

PHP Version 5.1.0-dev 
System  Windows NT WIN2KS 5.0 build 2195  
Build Date  Jul 24 2004 20:15:28

[2004-07-29 09:59 UTC] stefan at hotpaenz dot de

I experienced this crash on Linux 2.6.3 with PHP 4.3.3 and 
PHP 5.1.0-dev snapshot 200407271430. Perhaps somebody 
should set the category to "reproducible crash". 
 
This is the PHP 5.1.0-dev backtrace: 
 
#0  0x08271843 in zend_switch_free_handler  
(execute_data=0xbfffd5a0, opline=0x8726fe4,  
op_array=0x8721970, tsrm_ls=0x8430018)  
at /root/php/200407271430/php5-5.0.0/Zend/zend_execute.c:200  
  
200 if (!T(opline->op1.u.var).var.ptr_ptr) {  
  
(gdb) bt  
  
#0  0x08271843 in zend_switch_free_handler  
(execute_data=0xbfffd5a0, opline=0x8726fe4,  
op_array=0x8721970, tsrm_ls=0x8430018)  
at /root/php/200407271430/php5-5.0.0/Zend/zend_execute.c:200  
  
#1  0x0826c0b5 in execute (op_array=0x8721970,  
tsrm_ls=0x8430018)  
at /root/php/200407271430/php5-5.0.0/Zend/zend_execute.c:1391  
  
#2  0x0826fe63 in zend_do_fcall_common_helper  
(execute_data=0xbfffd670, opline=0x8725ecc,  
op_array=0x8721b94, tsrm_ls=0x8430018)  
at /root/php/200407271430/php5-5.0.0/Zend/zend_execute.c:2728  
  
#3  0x0826c0b5 in execute (op_array=0x8721b94,  
tsrm_ls=0x8430018)  
at /root/php/200407271430/php5-5.0.0/Zend/zend_execute.c:1391  
  
#4  0x0824ce31 in zend_execute_scripts (type=8,  
tsrm_ls=0x8430018, retval=0x0, file_count=3)  
at /root/php/200407271430/php5-5.0.0/Zend/zend.c:1068  
  
#5  0x08210044 in php_execute_script  
(primary_file=0xbffffa40, tsrm_ls=0x8430018)  
at /root/php/200407271430/php5-5.0.0/main/main.c:1631  
  
#6  0x08278bfc in main (argc=2, argv=0xbffffb04)  
at /root/php/200407271430/php5-5.0.0/sapi/cgi/cgi_main.c:1568

[2004-08-29 12:59 UTC] tony2001@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip

Seems to be fixed. Please, test it again.

[2004-09-06 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

[2005-03-15 13:43 UTC] fonya at fatav dot hu

I have the similar problem with this.
In cli interface everything work right, but the apache web server is segfaults. The code working with php 4.3.8

apache: 2.0.53
php: 5.0.3

The system is Linux/FC3, and FC test /prepre4 :)/

The code:
<?

$mi=1;

switch ($mi) {
case 1:
        function Lufi() {
                global $cucc;
                return(666);
        }
break;
}

echo microtime()."<br>";

echo Lufi();


?>

--
Fonya

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 11:01:29 2024 UTC