PHP :: Bug #31706 :: overload() causes SIGSEGV.

Bug #31706	overload() causes SIGSEGV.
Submitted:	2005-01-26 18:32 UTC	Modified:	2005-01-26 21:59 UTC
From:	darrell at brogdon dot net	Assigned:
Status:	Closed	Package:	Reproducible crash
PHP Version:	4.3.10	OS:	Red Hat Linux 7.3
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	darrell at brogdon dot net
New email:
PHP Version:		OS:

New Comment:

[2005-01-26 18:32 UTC] darrell at brogdon dot net

Description:
------------
Using a modified version of the example in the online manual (http://us4.php.net/overload) causes PHP to segfault.  The version of PHP used was compiled without any modules.

Reproduce code:
---------------
1 <?php
2 class OO {
3    var $elem = array('b' => 9, 'c' => 42);
4
5    function OO() {}
6
7    function __call($fn_name, $args, &$ret) {
8        return true;
9    }
10
11    function __set($prop_name, $prop_value) {
12        $this->elem[$prop_name] = $prop_value;
13        return true;
14    }
15 }
16 overload('OO');
17 $o = new OO;
18 $o->d('foo');
19 $o->x = 56;
20 ?>

Expected result:
----------------
Exit normally with no output.

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x00596f0a in ?? ()
(gdb) bt
#0  0x00596f0a in ?? ()
#1  0x08119c9d in set_overloaded_property (T=0xbfffc8dc, value=0x81a0448) at /storage/dbrogdon/mxl-php-src/Zend/zend_execute.c:978
#2  0x0811c700 in execute (op_array=0x819bf1c) at /storage/dbrogdon/mxl-php-src/Zend/zend_execute.c:339
#3  0x0810db1a in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /storage/dbrogdon/mxl-php-src/Zend/zend.c:900
#4  0x080eb232 in php_execute_script (primary_file=0xbffff500) at /storage/dbrogdon/mxl-php-src/main/main.c:1736
#5  0x081269c8 in main (argc=2, argv=0xbffff5a4) at /storage/dbrogdon/mxl-php-src/sapi/cli/php_cli.c:822
(gdb) up
#1  0x08119c9d in set_overloaded_property (T=0xbfffc8dc, value=0x81a0448) at /storage/dbrogdon/mxl-php-src/Zend/zend_execute.c:978
978                     ce->handle_property_set(&T->EA.data.overloaded_element, value);
(gdb) p *value
$1 = {value = {lval = 56, dval = 2.1219958186329485e-314, str = {val = 0x38 <Address 0x38 out of bounds>, len = 1}, ht = 0x38, obj = {ce = 0x38, properties = 0x1}},
  type = 1 '\001', is_ref = 1 '\001', refcount = 2}
(gdb) p *T
$2 = {tmp_var = {value = {lval = 0, dval = 0, str = {val = 0x0, len = 0}, ht = 0x0, obj = {ce = 0x0, properties = 0x0}}, type = 0 '\0', is_ref = 0 '\0', refcount = 0}, var = {
    ptr_ptr = 0x0, ptr = 0x0}, EA = {tmp_var = {value = {lval = 0, dval = 0, str = {val = 0x0, len = 0}, ht = 0x0, obj = {ce = 0x0, properties = 0x0}}, type = 0 '\0',
      is_ref = 0 '\0', refcount = 0}, data = {str_offset = {str = 0x1, offset = 135928188}, overloaded_element = {type = 1, object = 0x81a197c, elements_list = 0x819bf84}},
    type = 1 '\001'}}

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-01-26 19:06 UTC] derick@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

[2005-01-26 21:59 UTC] darrell at brogdon dot net

Appears to be fixed in php4-STABLE-200501261730.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2020 The PHP Group All rights reserved.	Last updated: Sat Jan 25 23:01:24 2020 UTC