|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2007-06-26 15:23 UTC] jontsa at amigaone dot cc
Description: ------------ If you convert a non-empty string to an array with object as value, you get a segmentation fault. Tested on Gentoo Linux and Solaris with Apache 2 and PHP 5.2.3. Theres no segmentation fault when converting for example a scalar variable but an error message as expected. Also tested from shell using: # echo '<?php $foo="50";$foo[0]->bar="xyz"; ?>' | /opt/php5/bin/php Segmentation fault Reproduce code: --------------- $foo="50"; $foo[0]->bar="xyz"; Expected result: ---------------- An error message of some sort. Actual result: -------------- From apache logs: [Tue Jun 26 18:03:23 2007] [notice] child pid 16155 exit signal Segmentation fault (11) PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Nov 21 12:01:29 2024 UTC |
Index: Zend/zend_execute.c =================================================================== RCS file: /repository/ZendEngine2/zend_execute.c,v retrieving revision 1.716.2.12.2.20 diff -u -r1.716.2.12.2.20 zend_execute.c --- Zend/zend_execute.c 6 Jun 2007 08:35:23 -0000 1.716.2.12.2.20 +++ Zend/zend_execute.c 27 Jun 2007 08:14:40 -0000 @@ -530,6 +530,10 @@ zval *value = get_zval_ptr(value_op, Ts, &free_value, BP_VAR_R); zval **retval = &T(result->u.var).var.ptr; + if (!object_ptr) { + zend_error_noreturn(E_ERROR, "Cannot use string offset as an array"); + } + if (*object_ptr == EG(error_zval_ptr)) { FREE_OP(free_op2); if (!RETURN_VALUE_UNUSED(result)) {