PHP :: Bug #34310 :: foreach($arr as $c->d => $x) crashes (works with PHP 5.0.3)

Bug #34310	foreach($arr as $c->d => $x) crashes (works with PHP 5.0.3)
Submitted:	2005-08-30 16:14 UTC	Modified:	2005-09-01 12:55 UTC
From:	devriese at cs dot tcd dot ie	Assigned:	dmitry (profile)
Status:	Closed	Package:	Reproducible crash
PHP Version:	5CVS-2005-08-31	OS:	*
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !

Your email address: MUST BE VALID
Solve the problem: 48 - 3 = ?
Subscribe to this entry?

[2005-08-30 16:14 UTC] devriese at cs dot tcd dot ie

Description:
------------
When using an object attribute to store the key in a foreach loop, PHP crashes with a segmentation error (note that using an object attribute to store a value does work; see example code). 

Also: this code runs fine in PHP 5.0.3, but crashes with PHP 5.1.0RC1.

Reproduce code:
---------------
<?php
   class C
   {
      var $d;
   }

   $c = new C();

   $arr = array(1 => 'a', 2 => 'b', 3 => 'c');

   // Works fine:
   foreach($arr as $x => $c->d) echo "$c->d\n";

   // Crashes:
   foreach($arr as $c->d => $x) echo "$c->d\n";
?>

Expected result:
----------------
a
b
c
1
2
3


Actual result:
--------------
(in GDB):

a
b
c

Program received signal SIGSEGV, Segmentation fault.
0x003357c0 in zend_pzval_unlock_func (z=0x0, should_free=0xffbfdd7c)
    at /misc/csw/src/php-5.1.0RC1/Zend/zend_execute.c:66
66              if (!--z->refcount) {
(gdb) bt
#0  0x003357c0 in zend_pzval_unlock_func (z=0x0, should_free=0xffbfdd7c)
    at /misc/csw/src/php-5.1.0RC1/Zend/zend_execute.c:66
#1  0x00335774 in _get_zval_ptr_ptr_var (node=0x50b270, Ts=0xffbfde90, 
    should_free=0xffbfdd7c)
    at /misc/csw/src/php-5.1.0RC1/Zend/zend_execute.c:259
#2  0x00335700 in _get_zval_ptr_ptr (node=0x50b270, Ts=0xffbfde90, 
    should_free=0xffbfdd7c, type=1)
    at /misc/csw/src/php-5.1.0RC1/Zend/zend_execute.c:300
#3  0x00337088 in zend_assign_to_variable (result=0x50b258, op1=0x50b270, 
    op2=0x50b288, value=0xffbfe028, type=2, Ts=0xffbfde90)
    at /misc/csw/src/php-5.1.0RC1/Zend/zend_execute.c:632
#4  0x0035f62c in ZEND_ASSIGN_SPEC_VAR_TMP_HANDLER (execute_data=0xffbfe088)
    at zend_vm_execute.h:10210
#5  0x00333b1c in execute (op_array=0x506618) at zend_vm_execute.h:87
#6  0x002f6e1c in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /misc/csw/src/php-5.1.0RC1/Zend/zend.c:1078
#7  0x00286e44 in php_execute_script (primary_file=0xffbfe848)
    at /misc/csw/src/php-5.1.0RC1/main/main.c:1672
#8  0x003a47a0 in main (argc=2, argv=0xffbfe8fc)
    at /misc/csw/src/php-5.1.0RC1/sapi/cgi/cgi_main.c:1574

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-08-31 10:43 UTC] sniper@php.net

Dmitry, check this out please.

[2005-08-31 11:18 UTC] sniper@php.net

I added a test for this in Zend/tests/

[2005-09-01 12:55 UTC] dmitry@php.net

Fixed in CVS HEAD and PHP_5_1.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Apr 23 07:01:29 2024 UTC