php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #50613 Invalid array access on non-arrays should cause warning/notice
Submitted: 2009-12-30 20:55 UTC Modified: 2010-03-10 22:21 UTC
From: felix at amerimerchant dot com Assigned:
Status: Not a bug Package: Scripting Engine problem
PHP Version: 5.3.1 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: felix at amerimerchant dot com
New email:
PHP Version: OS:

 

 [2009-12-30 20:55 UTC] felix at amerimerchant dot com 
Description:
------------
When accessing a variable containing a boolean, integer, floating point, or null value using square bracket syntax, no warning or notice is generated (even if the array index could not exist if the type was silently juggled into a string or array). This occurs even with E_STRICT turned on.

Reproduce code:
---------------
<?php

error_reporting( -1 );

$x = "string";
print( $x[9] );

$x = array(1, 2, 3);
print( $x[9] );

$x = false;
print( $x[9] );

$x = 3;
print( $x[9] );

$x = 3.01;
print( $x[9] );

$x = null;
print( $x[9] );

$x = new StdClass();
print( $x[9] );

?>


Expected result:
----------------
PHP Notice:  Uninitialized string offset: 9 in /tmp/test.php on line 6
PHP Notice:  Undefined offset: 9 in /tmp/test.php on line 9
[A notice or warning for line 12]
[A notice or warning for line 15]
[A notice or warning for line 18]
[A notice or warning for line 21]
PHP Fatal error:  Cannot use object of type stdClass as array in /tmp/test.php on line 24


Actual result:
--------------
PHP Notice:  Uninitialized string offset: 9 in /tmp/test.php on line 6
PHP Notice:  Undefined offset: 9 in /tmp/test.php on line 9
PHP Fatal error:  Cannot use object of type stdClass as array in /tmp/test.php on line 24

Patches

scalar-array-read.50613.HEAD.patch (last revision 2010-03-06 16:23 UTC by arpad@php.net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-01-02 02:08 UTC] felix at amerimerchant dot com 
Same behavior using the most recent build I just tried:
 
C:\php5.3.3-dev>php.exe -v
PHP 5.3.3-dev (cli) (built: Jan  2 2010 01:06:43)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2009 Zend Technologies

C:\php5.3.3-dev>php.exe "C:\Documents and Settings\Administrator\Desktop\test.php"

Notice: Uninitialized string offset: 9 in C:\Documents and Settings\Administrator\Desktop
test.php on line 6

Notice: Undefined offset: 9 in C:\Documents and Settings\Administrator\Desktop\test.php o
 line 9

Fatal error: Cannot use object of type stdClass as array in C:\Documents and Settings\Adm
nistrator\Desktop\test.php on line 24

C:\php5.3.3-dev>
 [2010-03-04 16:31 UTC] aharvey@php.net
-Status: No Feedback +Status: Open
 [2010-03-06 17:23 UTC] arpad@php.net 
I think there is a bug here as an error is raised when writing to ints and floats as arrays but not when reading from them. 
The fix is trivial however it's a BC break. This exists in at least 5.2, 5.3 and HEAD.
 [2010-03-06 17:23 UTC] arpad@php.net 
The following patch has been added/updated:

Patch Name: scalar-array-read.50613.HEAD.patch
Revision:   1267892636
URL:        http://bugs.php.net/patch-display.php?bug=50613&patch=scalar-array-read.50613.HEAD.patch&revision=1267892636&display=1
 [2010-03-08 15:21 UTC] rbetta at amerimerchant dot net 
I suppose the resource type might be affected as well; it did not occur to me to test it at the time.

I am not certain that a new notice would constitute a BC break; production servers should never have display_errors on, and any code that would actually generate the new notices or warnings would already be broken by the very fact that it is attempting to read scalar values as arrays (therefore, subtle but as-yet undiscovered logical bugs in userland code may be made known by these new notices or warnings).

I suppose custom error handler routines could react strongly to notices, though. Webpages suddenly disappearing with "Sorry, there has been an internal error" messages generated by their core frameworks might be a somewhat unpleasant experience.

If this does qualify as a BC break under the Zend engine maintainers' policies, would 3.4 or 6.0 be the first candidate for a fix?
 [2010-03-08 15:27 UTC] rbetta at amerimerchant dot com 
My apologies; I meant "5.4.0 or 6.0.0" obviously, and my email address is at the .com TLD (not .net).

Insufficient morning caffeination, clearly.
 [2010-03-10 22:17 UTC] jani@php.net
-Summary: Expected warnings/notices not outputed by PHP on simple array access. +Summary: Expected warnings/notices not outpuon simple array access. -Type: Bug +Type: Feature/Change Request
 [2010-03-10 22:17 UTC] jani@php.net
-Summary: Expected warnings/notices not outpuon simple array access. +Summary: Invalid array access on non-arrays should cause warning/notice
 [2010-03-10 22:21 UTC] jani@php.net 
See bug #41195 and stop beating the dead horse please.
 [2010-03-10 22:21 UTC] jani@php.net
-Status: Open +Status: Bogus
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri May 03 19:01:32 2024 UTC