php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #29253 array_diff with $GLOBALS argument fails apache.(zend optimizer running)
Submitted: 2004-07-19 09:58 UTC Modified: 2005-08-10 09:45 UTC
From: camka at email dot ee Assigned:
Status: Closed Package: Arrays related
PHP Version: 5CVS, 4CVS (2004-08-01) OS: *
Private report: No CVE-ID:
 [2004-07-19 09:58 UTC] camka at email dot ee
Description:
------------
when using array_diff with one of the parameters is $GLOBALS seems like the whole variable scope is messed up. 


Reproduce code:
---------------
<?php
$zz = $GLOBALS;
$gg = 'afad';
var_dump(array_diff_assoc($GLOBALS, $zz));
echo $gg; // strange behavour. $gg is like an array!!!
// var_dump($gg); // this call fails apache
?>

Expected result:
----------------
expect seeing 'afad' and empty array;

Actual result:
--------------
array(0) { } Arra

the length of "Arra" string depends on the length of $gg length;

if uncomment the last line - apache child fails
[Mon Jul 19 10:26:00 2004] [notice] child pid 10946 exit signal Segmentation fault (11

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-07-20 14:40 UTC] camka at email dot ee
last win snapshot
<?php
error_reporting(E_ALL);
$zz = $GLOBALS;
$ff = 'ff';
array_diff_assoc($GLOBALS, $zz);
var_dump($zz); // this line crashes apache when optimizer is running
?>

when optimizer is disabled gives the following notice message and doesn't crash

Notice: Undefined variable: zz in c:\wwwww\test\crashme.php on line 7
NULL 

seems like array_diff parameters are being unset inside the function
 [2004-08-07 13:42 UTC] andrey@php.net
To my knowledge array_diff* do not unset anything. I confirm the behaviour under 5.1.0-dev (of 7.Aug.2004) as well as with 4.2.3 (so this problem exists also in the old implementation of the function). The problem appears when only $GLOBALS is used, and the latter is a variable (array) with specific behaviour. Unfortunately I wasn't able to reproduce similar problem with one of the other array functions.
 [2005-08-10 09:44 UTC] dmitry@php.net
Fixed in CVS HEAD (6.0), PHP_5_1, PHP_5_0 and PHP_4_4.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 05:03:19 2014 UTC