php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #46088 RegexIterator::accept - segfault
Submitted: 2008-09-15 22:52 UTC Modified: 2008-09-22 13:27 UTC
From: felipe@php.net Assigned: colder
Status: Closed Package: SPL related
PHP Version: 5.3CVS-2008-09-15 (CVS) OS:
Private report: No CVE-ID:
 [2008-09-15 22:52 UTC] felipe@php.net
Description:
------------
A simple detail:


Index: ext/spl/spl_iterators.c
===================================================================
RCS file: /repository/php-src/ext/spl/spl_iterators.c,v
retrieving revision 1.73.2.30.2.28.2.14
diff -u -p -r1.73.2.30.2.28.2.14 spl_iterators.c
--- ext/spl/spl_iterators.c     9 Sep 2008 19:44:15 -0000       1.73.2.30.2.28.2.14
+++ ext/spl/spl_iterators.c     15 Sep 2008 22:46:02 -0000
@@ -1690,6 +1690,10 @@ SPL_METHOD(RegexIterator, accept)
        int        subject_len, use_copy, count, result_len;
        zval       subject_copy, zcount, *replacement;
 
+       if (intern->current.data == NULL) {
+               RETURN_FALSE;
+       }
+
        if (intern->u.regex.flags & REGIT_USE_KEY) {
                if (intern->current.key_type == HASH_KEY_IS_LONG) {
                        subject_len = slprintf(tmp, sizeof(tmp), "%ld", intern->current.int_key);


Reproduce code:
---------------
<?php

$x = new RegexIterator(new ArrayIterator(range(1, 10)), '/\d/');
var_dump($x->accept());

?>

Using the flag RegexIterator::USE_KEY too.

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1211655776 (LWP 768)]
zend_make_printable_zval (expr=0x0, expr_copy=0xbf8b9360, use_copy=0xbf8b9374) at /home/felipe/dev/php5/Zend/zend.c:208
208             if (Z_TYPE_P(expr)==IS_STRING) {
(gdb) bt
#0  zend_make_printable_zval (expr=0x0, expr_copy=0xbf8b9360, use_copy=0xbf8b9374) at /home/felipe/dev/php5/Zend/zend.c:208
#1  0x081941d0 in zim_spl_RegexIterator_accept (ht=0, return_value=0x8786d34, return_value_ptr=0x0, this_ptr=0x8785de8, return_value_used=1, 
    tsrm_ls=0x8642050) at /home/felipe/dev/php5/ext/spl/spl_iterators.c:1704
#2  0x0834e7f0 in zend_do_fcall_common_helper_SPEC (execute_data=0x87b82d8, tsrm_ls=0x8642050) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:315
#3  0x0833c913 in execute (op_array=0x8786238, tsrm_ls=0x8642050) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:104
#4  0x08316d8f in zend_execute_scripts (type=8, tsrm_ls=0x8642050, retval=0x0, file_count=3) at /home/felipe/dev/php5/Zend/zend.c:1197
#5  0x082bdd0d in php_execute_script (primary_file=0xbf8bb848, tsrm_ls=0x8642050) at /home/felipe/dev/php5/main/main.c:2075
#6  0x083aea45 in main (argc=2, argv=0xbf8bb9a4) at /home/felipe/dev/php5/sapi/cli/php_cli.c:1130


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-09-15 22:52 UTC] felipe@php.net
Marcus, can I commit it or have you a better fix? :)
 [2008-09-22 13:27 UTC] felipe@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Fixed in 5.2, 5.3 and HEAD.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 17 03:01:55 2014 UTC