|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #58281 PHP crash after casting scalar argument to an array in HttpQueryString
Submitted: 2008-07-21 13:59 UTC Modified: 2009-08-20 07:21 UTC
From: michal dot kocarek at brainbox dot cz Assigned: mike (profile)
Status: Closed Package: pecl_http (PECL)
PHP Version: 5.3.0 OS: Windows XP Pro SP3
Private report: No CVE-ID: None
 [2008-07-21 13:59 UTC] michal dot kocarek at brainbox dot cz
PHP crashes when assigning params to HttpQueryString in certain way.

When query param (with scalar value) is in HttpQueryString, and then array with same name is assigned to that object, PHP goes away. (See "reproduce code").

Reproduce code:
// init
$query = new HttpQueryString(false);

// cast scalar variable to array (let php crash)
// same result after this:
// $query->set('foo[0]=crash');
// $query->set('foo[nah]=crash');
// $query->set(array('foo'=>array(1)));

// Note that it does not crash when doing this:
// $query->set('foo=scalar_value&foo[]=something');

Expected result:
PHP should not crash and $query should contain "foo[]=crash" urlencoded string.

Actual result:
PHP crashes after calling last set() method.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2008-07-22 02:22 UTC]
Could you try latest version from
Should be fixed.
 [2008-07-25 12:32 UTC] michal dot kocarek at brainbox dot cz
Problem present also in
PHP 5.2.7-dev (cli) (built: Jul 25 2008 12:05:00) (Windows version)

These lines still cause PHP to crash.
 [2008-07-27 08:53 UTC]
Please wait for the next snapshot. Apparently, pecl_http has not been built successfully for Win32 snaps for a long time.

 [2008-11-22 09:17 UTC]
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.

 [2009-08-19 08:16 UTC] michal dot kocarek at brainbox dot cz
Bug still exists in the extension (version 1.6.5).

I have compiled it against PHP 5.3.0 source on Windows XP, VC9, x86, non-thread-safe.
 [2009-08-20 07:21 UTC]
This bug has been fixed in CVS.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on

In case this was a website problem, the change will show
up on the website in short time.
Thank you for the report, and for helping us make PECL better.

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Jul 19 22:01:28 2024 UTC