PHP :: Bug #32955 :: Variable variables in globals.

Bug #32955

Variable variables in globals.

Submitted:

2005-05-05 14:39 UTC

Modified:

2005-05-14 14:55 UTC

Votes:	4
Avg. Score:	4.5 ± 0.9
Reproduced:	2 of 2 (100.0%)
Same Version:	2 (100.0%)
Same OS:	2 (100.0%)

From:

isset at yandex dot ru

Assigned:

Status:

Not a bug

Package:

Reproducible crash

PHP Version:

5.0.4

OS:

Windows, Linux

Private report:

CVE-ID:

None

View Add Comment Developer Edit

[2005-05-05 14:39 UTC] isset at yandex dot ru

Description:
------------
Variable variables in globals. Crash. See reproduce code.

Reproduce code:
---------------
<?php
$var[1] = "user";
$var[2] = "name";
function check($var)
{
global $$var[1][$var[2]]; // <- Segmentation fault
echo $$var[1][$var[2]];
}
check($var);
?>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-05-05 19:36 UTC] tony2001@php.net

Reproducible with 5.0 and 4.3, HEAD is working fine.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1076963104 (LWP 16032)]
0x081ea2aa in zend_pzval_unlock_func (z=0x1) at /usr/src/dev/clean/php-src_5_0/Zend/zend_execute.c:66
66              z->refcount--;
(gdb) bt
#0  0x081ea2aa in zend_pzval_unlock_func (z=0x1) at /usr/src/dev/clean/php-src_5_0/Zend/zend_execute.c:66
#1  0x081ea3a9 in _get_zval_ptr (node=0x82d47c4, Ts=0xbfffc9d0, should_free=0xbfffc98c) at /usr/src/dev/clean/php-src_5_0/Zend/zend_execute.c:101
#2  0x081e1238 in zend_fetch_var_address (opline=0x82d47ac, Ts=0xbfffc9d0, type=1) at /usr/src/dev/clean/php-src_5_0/Zend/zend_execute.c:747
#3  0x081e3b63 in zend_fetch_w_handler (execute_data=0xbfffcb30, opline=0x82d47ac, op_array=0x82d4b00) at /usr/src/dev/clean/php-src_5_0/Zend/zend_execute.c:2043
#4  0x081e2a14 in execute (op_array=0x82d4b00) at /usr/src/dev/clean/php-src_5_0/Zend/zend_execute.c:1417
#5  0x081e5c17 in zend_do_fcall_common_helper (execute_data=0xbfffccc0, opline=0x82d32c0, op_array=0x82cee2c) at /usr/src/dev/clean/php-src_5_0/Zend/zend_execute.c:2767
#6  0x081e612c in zend_do_fcall_handler (execute_data=0xbfffccc0, opline=0x82d32c0, op_array=0x82cee2c) at /usr/src/dev/clean/php-src_5_0/Zend/zend_execute.c:2872
#7  0x081e2a14 in execute (op_array=0x82cee2c) at /usr/src/dev/clean/php-src_5_0/Zend/zend_execute.c:1417
#8  0x081bf0b6 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/dev/clean/php-src_5_0/Zend/zend.c:1076
#9  0x0817e530 in php_execute_script (primary_file=0xbffff0e0) at /usr/src/dev/clean/php-src_5_0/main/main.c:1638
#10 0x081ee703 in main (argc=2, argv=0xbffff1b4) at /usr/src/dev/clean/php-src_5_0/sapi/cli/php_cli.c:946

[2005-05-14 14:55 UTC] tony2001@php.net

Duplicate of bug #29707.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Wed Apr 24 12:01:29 2024 UTC