|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54401 DatePeriod crashes when constructor is not called
Submitted: 2011-03-27 15:32 UTC Modified: 2020-02-26 23:27 UTC
Avg. Score:2.3 ± 0.9
Reproduced:1 of 2 (50.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: Assigned: cmb (profile)
Status: Duplicate Package: Reproducible crash
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
 [2011-03-27 15:32 UTC]
DatePeriod relies on constructor being called before trying to iterate over its data.

Test script:

class foo extends DatePeriod {
	public function __construct() { }

foreach (new foo as $y);

Expected result:
No crash

Actual result:

#0  memcpy () at ../sysdeps/i386/i686/memcpy.S:75
#1  0xbffff2c8 in ?? ()
#2  0x0806ec1f in date_period_it_rewind (iter=0x8b1e584, tsrm_ls=0x89022a0) at /home/felipe/dev/php5/ext/date/php_date.c:1902
#3  0x0855330a in ZEND_FE_RESET_SPEC_VAR_HANDLER (execute_data=0x8ade614, tsrm_ls=0x89022a0)
    at /home/felipe/dev/php5/Zend/zend_vm_execute.h:8816
#4  0x08531442 in execute (op_array=0x8ab2ba0, tsrm_ls=0x89022a0) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:107
#5  0x084fef3d in zend_execute_scripts (type=8, tsrm_ls=0x89022a0, retval=0x0, file_count=3) at /home/felipe/dev/php5/Zend/zend.c:1194
#6  0x0847ad48 in php_execute_script (primary_file=0xbffff488, tsrm_ls=0x89022a0) at /home/felipe/dev/php5/main/main.c:2270
#7  0x085dada7 in main (argc=2, argv=0xbffff604) at /home/felipe/dev/php5/sapi/cli/php_cli.c:1193


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2011-04-05 00:38 UTC]
-Status: Open +Status: Assigned -Assigned To: +Assigned To: derick
 [2012-06-03 18:30 UTC]
-Package: Date/time related +Package: Reproducible crash
 [2012-07-04 11:33 UTC]
-Private report: No +Private report: Yes
 [2012-07-08 08:47 UTC] reeze dot xia at gmail dot com
This bug look the same as 
It initialize private data in constructor, when extend the class without
calling it's construtor may cause segfault. The DateInterval add a checking
before performance any operation, if it's not initialized an warning will be 

This may be fixed this way too.
 [2012-07-14 16:46 UTC]
-Type: Security +Type: Bug
 [2017-10-24 07:58 UTC]
-Status: Assigned +Status: Open -Assigned To: derick +Assigned To:
 [2018-05-23 13:09 UTC] xKhorasan+php at gmail dot com
It seems that this is already fixed in .
 [2020-02-26 23:27 UTC]
-Status: Open +Status: Duplicate -Assigned To: +Assigned To: cmb
 [2020-02-26 23:27 UTC]
Like xKhorasan said (thanks!).  So I'm marking this as duplicate
of bug #75002.
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Tue Nov 30 14:03:37 2021 UTC