php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #56904 Non-overloaded binary assignment operators segfault
Submitted: 2006-03-21 06:52 UTC Modified: 2013-07-18 01:42 UTC
From: bspencer at plus dot net Assigned: pollita (profile)
Status: Closed Package: operator (PECL)
PHP Version: 5.1.1 OS: Debian unstable, kernel 2.6.16
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: bspencer at plus dot net
New email:
PHP Version: OS:

 

 [2006-03-21 06:52 UTC] bspencer at plus dot net
Description:
------------
PHP Version 5.1.2 (debian unstable build)
Operator version 0.3

The code linked to below causes a segfault when the operator extension is enabled.  Note that it does not actually overload any operators, but it appears to be the .= that it dies on.

Reducing the complexity of the code stops the segfault from occuring.


Reproduce code:
---------------
http://www.ztestbspencer40.plus.com/operator_test.php


Actual result:
--------------
GDB backtrace:

#0  0xb7f0157d in _php_operator_binary_assign_op (execute_data=0xbf91c6cc, methodname=0xb7f03d56 "__assign_concat", methodname_len=15)
    at /tmp/tmp2aB13Z/operator-0.3/operator.c:278
#1  0x0829ad68 in execute ()
#2  0x0829b209 in execute ()
#3  0x0829ad68 in execute ()
#4  0x0829b209 in execute ()
#5  0x0829ad68 in execute ()
#6  0x0827eb3e in zend_execute_scripts ()
#7  0x0823e08e in php_execute_script ()
#8  0x0831d117 in main ()

(gdb) print object
$1 = (zval *) 0x1c



Line 278 of operator.c:

if (!object || Z_TYPE_P(object) != IS_OBJECT) {


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-02-04 16:28 UTC] kniolet at ildiinc dot com
I am also getting a segfault with code similar to the 
following:

class a {

public $v;

public function __assign_sl($val) {
$this->v = $val;
}
}

$bob = new a;
$a->__assign_sl('lkj'); // works
$a <<= 'lkj'; //segfault


now, if I take out the $a->__assign_sl('lkj'); it works 
fine. It seems I just cannot mix using the overloaded 
operators and calling the functions directly. Also, it 
seems to be on a per file basis, so if I use 
$a->__assign_sl('lkj'); in one file and $a <<= 'lkj'; in 
another I don't seem to have problems even when they are 
in the same app.

On a side note, I _LOVE_ the operator extension! Hands 
down it's one of the most useful for me.
 [2007-02-04 16:30 UTC] kniolet at ildiinc dot com
Oh, I should mention I am using PHP 5.2.0
 [2008-07-09 14:12 UTC] nick at boxdesign dot co dot uk
I have a patch against operator-0.3 (works against CVS too) 
which resolves the segfault:

--BEGIN PATCH--
--- operator-0.3/operator.c	2006-02-08 
00:34:17.000000000 +0000
+++ operator.c	2008-07-09 18:55:24.000000000 +0100
@@ -275,7 +275,7 @@
 			zval *object = 
php_operator_zval_ptr(&(opline->op1), &free_obj, 
execute_data TSRMLS_CC);
 			zval *prop = 
php_operator_zval_ptr(&(opline->op2), &free_prop, 
execute_data TSRMLS_CC);
 
-			if (!object || Z_TYPE_P(object) != 
IS_OBJECT) {
+			if (!object || Z_TYPE_P(object) != 
IS_OBJECT || !prop) {
 				/* Let orignal handler throw 
error */
 				return 
php_operator_original_opcode_handlers[PHP_OPERATOR_DECODE(op
line)](ZEND_OPCODE_HANDLER_ARGS_PASSTHRU);
 			}
--END PATCH--
 [2009-12-30 22:23 UTC] ryan dot brothers at gmail dot com
I'm running into the same above issue with segfaults, but I'm still getting them after applying the above patch.  I am using PHP 5.2.12.  Is that still the right patch or is there an updated one?  Thanks.
 [2013-07-18 01:42 UTC] pollita@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: pollita
 [2013-07-18 01:42 UTC] pollita@php.net
Looks like this got fixed at some point, I've added a test case to watch out for 
it in the future though.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Jul 25 17:01:27 2024 UTC