php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54401 DatePeriod crashes when constructor is not called
Submitted: 2011-03-27 15:32 UTC Modified: 2017-10-24 07:58 UTC
Votes:3
Avg. Score:2.3 ± 0.9
Reproduced:1 of 2 (50.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: felipe@php.net Assigned:
Status: Open Package: Reproducible crash
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2011-03-27 15:32 UTC] felipe@php.net
Description:
------------
DatePeriod relies on constructor being called before trying to iterate over its data.

Test script:
---------------
<?php

class foo extends DatePeriod {
	public function __construct() { }
}

foreach (new foo as $y);

Expected result:
----------------
No crash

Actual result:
--------------
Crash

#0  memcpy () at ../sysdeps/i386/i686/memcpy.S:75
#1  0xbffff2c8 in ?? ()
#2  0x0806ec1f in date_period_it_rewind (iter=0x8b1e584, tsrm_ls=0x89022a0) at /home/felipe/dev/php5/ext/date/php_date.c:1902
#3  0x0855330a in ZEND_FE_RESET_SPEC_VAR_HANDLER (execute_data=0x8ade614, tsrm_ls=0x89022a0)
    at /home/felipe/dev/php5/Zend/zend_vm_execute.h:8816
#4  0x08531442 in execute (op_array=0x8ab2ba0, tsrm_ls=0x89022a0) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:107
#5  0x084fef3d in zend_execute_scripts (type=8, tsrm_ls=0x89022a0, retval=0x0, file_count=3) at /home/felipe/dev/php5/Zend/zend.c:1194
#6  0x0847ad48 in php_execute_script (primary_file=0xbffff488, tsrm_ls=0x89022a0) at /home/felipe/dev/php5/main/main.c:2270
#7  0x085dada7 in main (argc=2, argv=0xbffff604) at /home/felipe/dev/php5/sapi/cli/php_cli.c:1193


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-04-05 00:38 UTC] felipe@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: derick
 [2012-06-03 18:30 UTC] felipe@php.net
-Package: Date/time related +Package: Reproducible crash
 [2012-07-04 11:33 UTC] felipe@php.net
-Private report: No +Private report: Yes
 [2012-07-08 08:47 UTC] reeze dot xia at gmail dot com
This bug look the same as https://bugs.php.net/bug.php?id=62500. 
It initialize private data in constructor, when extend the class without
calling it's construtor may cause segfault. The DateInterval add a checking
before performance any operation, if it's not initialized an warning will be 
raised.

This may be fixed this way too.
 [2012-07-14 16:46 UTC] felipe@php.net
-Type: Security +Type: Bug
 [2017-10-24 07:58 UTC] kalle@php.net
-Status: Assigned +Status: Open -Assigned To: derick +Assigned To:
 [2018-05-23 13:09 UTC] xKhorasan+php at gmail dot com
It seems that this is already fixed in https://bugs.php.net/bug.php?id=75002 .
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Wed Nov 14 11:01:25 2018 UTC