|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78598 Changing array during undef index RW error segfaults
Submitted: 2019-09-26 10:44 UTC Modified: 2020-11-18 19:25 UTC
From: Assigned: requinix (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 7.2.22 OS:
Private report: No CVE-ID: None
 [2019-09-26 10:44 UTC]
After the undef index notice is thrown, we still assume that the variable is an array, even though the type might have changed in the meantime.

Not really sure what we can do about this, especially when we're dealing with a deeply nested array that has been destroyed.

Test script:
$my_var = null;
set_error_handler(function() use(&$my_var) {
    $my_var = 0;
$my_var[0] .= "xyz";

Actual result:
php: /home/nikic/php-7.2/Zend/zend_hash.c:712: _zend_hash_index_add_or_update_i: Assertion `((ht)->gc.refcount == 1) || ((ht)->u.flags & (1<<6))' failed.
nikic@MUNIT-271:~/php-7.2$ vim t036.php 


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2020-07-07 10:29 UTC]
Automatic comment on behalf of
Log: Fixed bug #78598
 [2020-07-07 10:29 UTC]
-Status: Open +Status: Closed
 [2020-11-18 19:25 UTC]
-Assigned To: +Assigned To: requinix -Block user comment: No +Block user comment: Yes
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Apr 19 01:01:28 2024 UTC