|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54401 DatePeriod crashes when constructor is not called
Submitted: 2011-03-27 15:32 UTC Modified: 2020-02-26 23:27 UTC
Avg. Score:2.3 ± 0.9
Reproduced:1 of 2 (50.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: Assigned: cmb (profile)
Status: Duplicate Package: Reproducible crash
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
New email:
PHP Version: OS:


 [2011-03-27 15:32 UTC]
DatePeriod relies on constructor being called before trying to iterate over its data.

Test script:

class foo extends DatePeriod {
	public function __construct() { }

foreach (new foo as $y);

Expected result:
No crash

Actual result:

#0  memcpy () at ../sysdeps/i386/i686/memcpy.S:75
#1  0xbffff2c8 in ?? ()
#2  0x0806ec1f in date_period_it_rewind (iter=0x8b1e584, tsrm_ls=0x89022a0) at /home/felipe/dev/php5/ext/date/php_date.c:1902
#3  0x0855330a in ZEND_FE_RESET_SPEC_VAR_HANDLER (execute_data=0x8ade614, tsrm_ls=0x89022a0)
    at /home/felipe/dev/php5/Zend/zend_vm_execute.h:8816
#4  0x08531442 in execute (op_array=0x8ab2ba0, tsrm_ls=0x89022a0) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:107
#5  0x084fef3d in zend_execute_scripts (type=8, tsrm_ls=0x89022a0, retval=0x0, file_count=3) at /home/felipe/dev/php5/Zend/zend.c:1194
#6  0x0847ad48 in php_execute_script (primary_file=0xbffff488, tsrm_ls=0x89022a0) at /home/felipe/dev/php5/main/main.c:2270
#7  0x085dada7 in main (argc=2, argv=0xbffff604) at /home/felipe/dev/php5/sapi/cli/php_cli.c:1193


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2011-04-05 00:38 UTC]
-Status: Open +Status: Assigned -Assigned To: +Assigned To: derick
 [2012-06-03 18:30 UTC]
-Package: Date/time related +Package: Reproducible crash
 [2012-07-04 11:33 UTC]
-Private report: No +Private report: Yes
 [2012-07-08 08:47 UTC] reeze dot xia at gmail dot com
This bug look the same as 
It initialize private data in constructor, when extend the class without
calling it's construtor may cause segfault. The DateInterval add a checking
before performance any operation, if it's not initialized an warning will be 

This may be fixed this way too.
 [2012-07-14 16:46 UTC]
-Type: Security +Type: Bug
 [2017-10-24 07:58 UTC]
-Status: Assigned +Status: Open -Assigned To: derick +Assigned To:
 [2018-05-23 13:09 UTC] xKhorasan+php at gmail dot com
It seems that this is already fixed in .
 [2020-02-26 23:27 UTC]
-Status: Open +Status: Duplicate -Assigned To: +Assigned To: cmb
 [2020-02-26 23:27 UTC]
Like xKhorasan said (thanks!).  So I'm marking this as duplicate
of bug #75002.
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Mon Aug 03 08:01:26 2020 UTC