php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #28487 crash when function declared in switch is called
Submitted: 2004-05-22 12:54 UTC Modified: 2004-09-06 01:00 UTC
Votes:19
Avg. Score:4.6 ± 0.7
Reproduced:19 of 19 (100.0%)
Same Version:1 (5.3%)
Same OS:3 (15.8%)
From: tomas dot matousek at matfyz dot cz Assigned:
Status: No Feedback Package: Scripting Engine problem
PHP Version: 5.0.0RC2 OS: WinXP
Private report: No CVE-ID:
Have you experienced this issue?
Rate the importance of this bug to you:

 [2004-05-22 12:54 UTC] tomas dot matousek at matfyz dot cz
Description:
------------
PHP crashes when an arbitrary function declared in a switch statement is called.

Reproduce code:
---------------
<?
$x = 1;

switch($x)
{
  case 1:
    function f() { }
  
    break;  
}

f();
?>

Expected result:
----------------
no crash

Actual result:
--------------
crash

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-07-13 18:07 UTC] fixxxer at php5 dot ru
The bug exists in the last snapshot php5-200407131230.
Tested under FreeBSD 4.9 and Windows XP.

(gdb) bt
#0  zend_switch_free_handler (execute_data=0xbfbfe314, opline=0x84f8824, op_array=0x8504780)
    at /usr/ports/lang/php5/work/php-5.0.0RC3/Zend/zend_execute.c:65
#1  0x823fbcf in execute (op_array=0x8504780) at /usr/ports/lang/php5/work/php-5.0.0RC3/Zend/zend_execute.c:1391
#2  0x825d8c5 in zend_do_fcall_common_helper (execute_data=0xbfbfe404, opline=0x850e368, op_array=0x8505124)
    at /usr/ports/lang/php5/work/php-5.0.0RC3/Zend/zend_execute.c:2728
#3  0x825dd22 in zend_do_fcall_by_name_handler (execute_data=0xbfbfe404, opline=0x850e368, op_array=0x8505124)
    at /usr/ports/lang/php5/work/php-5.0.0RC3/Zend/zend_execute.c:2810
#4  0x823fbcf in execute (op_array=0x8505124) at /usr/ports/lang/php5/work/php-5.0.0RC3/Zend/zend_execute.c:1391
#5  0x821e32e in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /usr/ports/lang/php5/work/php-5.0.0RC3/Zend/zend.c:1061
#6  0x81e3ba5 in php_execute_script (primary_file=0xbfbffac0) at /usr/ports/lang/php5/work/php-5.0.0RC3/main/main.c:1627
#7  0x82688ce in main (argc=3, argv=0xbfbffb3c) at /usr/ports/lang/php5/work/php-5.0.0RC3/sapi/cli/php_cli.c:943
 [2004-07-20 16:35 UTC] jb-php at microbasic dot net
I have the same problem, example :
<?
$somecode=1;
switch($somecode){
	case 1:
		function test(){
			echo "success";
		}
		test();
		break;
}
?>
With php5 final, this code was working with php 4.3.7
 [2004-07-24 21:22 UTC] Jared dot Williams1 at ntworld dot com
Just discovered this one with

PHP Version 5.1.0-dev 
System  Windows NT WIN2KS 5.0 build 2195  
Build Date  Jul 23 2004 16:22:08  

and

PHP Version 5.1.0-dev 
System  Windows NT WIN2KS 5.0 build 2195  
Build Date  Jul 24 2004 20:15:28
 [2004-07-29 09:59 UTC] stefan at hotpaenz dot de
I experienced this crash on Linux 2.6.3 with PHP 4.3.3 and 
PHP 5.1.0-dev snapshot 200407271430. Perhaps somebody 
should set the category to "reproducible crash". 
 
This is the PHP 5.1.0-dev backtrace: 
 
#0  0x08271843 in zend_switch_free_handler  
(execute_data=0xbfffd5a0, opline=0x8726fe4,  
op_array=0x8721970, tsrm_ls=0x8430018)  
at /root/php/200407271430/php5-5.0.0/Zend/zend_execute.c:200  
  
200 if (!T(opline->op1.u.var).var.ptr_ptr) {  
  
(gdb) bt  
  
#0  0x08271843 in zend_switch_free_handler  
(execute_data=0xbfffd5a0, opline=0x8726fe4,  
op_array=0x8721970, tsrm_ls=0x8430018)  
at /root/php/200407271430/php5-5.0.0/Zend/zend_execute.c:200  
  
#1  0x0826c0b5 in execute (op_array=0x8721970,  
tsrm_ls=0x8430018)  
at /root/php/200407271430/php5-5.0.0/Zend/zend_execute.c:1391  
  
#2  0x0826fe63 in zend_do_fcall_common_helper  
(execute_data=0xbfffd670, opline=0x8725ecc,  
op_array=0x8721b94, tsrm_ls=0x8430018)  
at /root/php/200407271430/php5-5.0.0/Zend/zend_execute.c:2728  
  
#3  0x0826c0b5 in execute (op_array=0x8721b94,  
tsrm_ls=0x8430018)  
at /root/php/200407271430/php5-5.0.0/Zend/zend_execute.c:1391  
  
#4  0x0824ce31 in zend_execute_scripts (type=8,  
tsrm_ls=0x8430018, retval=0x0, file_count=3)  
at /root/php/200407271430/php5-5.0.0/Zend/zend.c:1068  
  
#5  0x08210044 in php_execute_script  
(primary_file=0xbffffa40, tsrm_ls=0x8430018)  
at /root/php/200407271430/php5-5.0.0/main/main.c:1631  
  
#6  0x08278bfc in main (argc=2, argv=0xbffffb04)  
at /root/php/200407271430/php5-5.0.0/sapi/cgi/cgi_main.c:1568
 [2004-08-29 12:59 UTC] tony2001@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip

Seems to be fixed. Please, test it again.
 [2004-09-06 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2005-03-15 13:43 UTC] fonya at fatav dot hu
I have the similar problem with this.
In cli interface everything work right, but the apache web server is segfaults. The code working with php 4.3.8

apache: 2.0.53
php: 5.0.3

The system is Linux/FC3, and FC test /prepre4 :)/

The code:
<?

$mi=1;

switch ($mi) {
case 1:
        function Lufi() {
                global $cucc;
                return(666);
        }
break;
}

echo microtime()."<br>";

echo Lufi();


?>

--
Fonya
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 17:01:54 2014 UTC