php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #31706 overload() causes SIGSEGV.
Submitted: 2005-01-26 18:32 UTC Modified: 2005-01-26 21:59 UTC
From: darrell at brogdon dot net Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 4.3.10 OS: Red Hat Linux 7.3
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: darrell at brogdon dot net
New email:
PHP Version: OS:

 

 [2005-01-26 18:32 UTC] darrell at brogdon dot net
Description:
------------
Using a modified version of the example in the online manual (http://us4.php.net/overload) causes PHP to segfault.  The version of PHP used was compiled without any modules.

Reproduce code:
---------------
1 <?php
2 class OO {
3    var $elem = array('b' => 9, 'c' => 42);
4
5    function OO() {}
6
7    function __call($fn_name, $args, &$ret) {
8        return true;
9    }
10
11    function __set($prop_name, $prop_value) {
12        $this->elem[$prop_name] = $prop_value;
13        return true;
14    }
15 }
16 overload('OO');
17 $o = new OO;
18 $o->d('foo');
19 $o->x = 56;
20 ?>

Expected result:
----------------
Exit normally with no output.

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x00596f0a in ?? ()
(gdb) bt
#0  0x00596f0a in ?? ()
#1  0x08119c9d in set_overloaded_property (T=0xbfffc8dc, value=0x81a0448) at /storage/dbrogdon/mxl-php-src/Zend/zend_execute.c:978
#2  0x0811c700 in execute (op_array=0x819bf1c) at /storage/dbrogdon/mxl-php-src/Zend/zend_execute.c:339
#3  0x0810db1a in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /storage/dbrogdon/mxl-php-src/Zend/zend.c:900
#4  0x080eb232 in php_execute_script (primary_file=0xbffff500) at /storage/dbrogdon/mxl-php-src/main/main.c:1736
#5  0x081269c8 in main (argc=2, argv=0xbffff5a4) at /storage/dbrogdon/mxl-php-src/sapi/cli/php_cli.c:822
(gdb) up
#1  0x08119c9d in set_overloaded_property (T=0xbfffc8dc, value=0x81a0448) at /storage/dbrogdon/mxl-php-src/Zend/zend_execute.c:978
978                     ce->handle_property_set(&T->EA.data.overloaded_element, value);
(gdb) p *value
$1 = {value = {lval = 56, dval = 2.1219958186329485e-314, str = {val = 0x38 <Address 0x38 out of bounds>, len = 1}, ht = 0x38, obj = {ce = 0x38, properties = 0x1}},
  type = 1 '\001', is_ref = 1 '\001', refcount = 2}
(gdb) p *T
$2 = {tmp_var = {value = {lval = 0, dval = 0, str = {val = 0x0, len = 0}, ht = 0x0, obj = {ce = 0x0, properties = 0x0}}, type = 0 '\0', is_ref = 0 '\0', refcount = 0}, var = {
    ptr_ptr = 0x0, ptr = 0x0}, EA = {tmp_var = {value = {lval = 0, dval = 0, str = {val = 0x0, len = 0}, ht = 0x0, obj = {ce = 0x0, properties = 0x0}}, type = 0 '\0',
      is_ref = 0 '\0', refcount = 0}, data = {str_offset = {str = 0x1, offset = 135928188}, overloaded_element = {type = 1, object = 0x81a197c, elements_list = 0x819bf84}},
    type = 1 '\001'}}


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-01-26 21:59 UTC] darrell at brogdon dot net
Appears to be fixed in php4-STABLE-200501261730.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved.
Last updated: Sun Jul 06 00:01:34 2025 UTC