PHP :: Bug #31706 :: overload() causes SIGSEGV.

Bug #31706	overload() causes SIGSEGV.
Submitted:	2005-01-26 18:32 UTC	Modified:	2005-01-26 21:59 UTC
From:	darrell at brogdon dot net	Assigned:
Status:	Closed	Package:	Reproducible crash
PHP Version:	4.3.10	OS:	Red Hat Linux 7.3
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !

Your email address: MUST BE VALID
Solve the problem: 18 - 17 = ?
Subscribe to this entry?

[2005-01-26 18:32 UTC] darrell at brogdon dot net

Description:
------------
Using a modified version of the example in the online manual (http://us4.php.net/overload) causes PHP to segfault.  The version of PHP used was compiled without any modules.

Reproduce code:
---------------
1 <?php
2 class OO {
3    var $elem = array('b' => 9, 'c' => 42);
4
5    function OO() {}
6
7    function __call($fn_name, $args, &$ret) {
8        return true;
9    }
10
11    function __set($prop_name, $prop_value) {
12        $this->elem[$prop_name] = $prop_value;
13        return true;
14    }
15 }
16 overload('OO');
17 $o = new OO;
18 $o->d('foo');
19 $o->x = 56;
20 ?>

Expected result:
----------------
Exit normally with no output.

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x00596f0a in ?? ()
(gdb) bt
#0  0x00596f0a in ?? ()
#1  0x08119c9d in set_overloaded_property (T=0xbfffc8dc, value=0x81a0448) at /storage/dbrogdon/mxl-php-src/Zend/zend_execute.c:978
#2  0x0811c700 in execute (op_array=0x819bf1c) at /storage/dbrogdon/mxl-php-src/Zend/zend_execute.c:339
#3  0x0810db1a in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /storage/dbrogdon/mxl-php-src/Zend/zend.c:900
#4  0x080eb232 in php_execute_script (primary_file=0xbffff500) at /storage/dbrogdon/mxl-php-src/main/main.c:1736
#5  0x081269c8 in main (argc=2, argv=0xbffff5a4) at /storage/dbrogdon/mxl-php-src/sapi/cli/php_cli.c:822
(gdb) up
#1  0x08119c9d in set_overloaded_property (T=0xbfffc8dc, value=0x81a0448) at /storage/dbrogdon/mxl-php-src/Zend/zend_execute.c:978
978                     ce->handle_property_set(&T->EA.data.overloaded_element, value);
(gdb) p *value
$1 = {value = {lval = 56, dval = 2.1219958186329485e-314, str = {val = 0x38 <Address 0x38 out of bounds>, len = 1}, ht = 0x38, obj = {ce = 0x38, properties = 0x1}},
  type = 1 '\001', is_ref = 1 '\001', refcount = 2}
(gdb) p *T
$2 = {tmp_var = {value = {lval = 0, dval = 0, str = {val = 0x0, len = 0}, ht = 0x0, obj = {ce = 0x0, properties = 0x0}}, type = 0 '\0', is_ref = 0 '\0', refcount = 0}, var = {
    ptr_ptr = 0x0, ptr = 0x0}, EA = {tmp_var = {value = {lval = 0, dval = 0, str = {val = 0x0, len = 0}, ht = 0x0, obj = {ce = 0x0, properties = 0x0}}, type = 0 '\0',
      is_ref = 0 '\0', refcount = 0}, data = {str_offset = {str = 0x1, offset = 135928188}, overloaded_element = {type = 1, object = 0x81a197c, elements_list = 0x819bf84}},
    type = 1 '\001'}}

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-01-26 19:06 UTC] derick@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

[2005-01-26 21:59 UTC] darrell at brogdon dot net

Appears to be fixed in php4-STABLE-200501261730.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2020 The PHP Group All rights reserved.	Last updated: Thu Jan 23 14:01:24 2020 UTC