php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78598 Changing array during undef index RW error segfaults
Submitted: 2019-09-26 10:44 UTC Modified: -
From: nikic@php.net Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 7.2.22 OS:
Private report: No CVE-ID: None
 [2019-09-26 10:44 UTC] nikic@php.net
Description:
------------
After the undef index notice is thrown, we still assume that the variable is an array, even though the type might have changed in the meantime.

Not really sure what we can do about this, especially when we're dealing with a deeply nested array that has been destroyed.

Test script:
---------------
<?php
$my_var = null;
set_error_handler(function() use(&$my_var) {
    $my_var = 0;
});
$my_var[0] .= "xyz";


Actual result:
--------------
php: /home/nikic/php-7.2/Zend/zend_hash.c:712: _zend_hash_index_add_or_update_i: Assertion `((ht)->gc.refcount == 1) || ((ht)->u.flags & (1<<6))' failed.
Aborted
nikic@MUNIT-271:~/php-7.2$ vim t036.php 


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-07-07 10:29 UTC] nikic@php.net
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=220880ad2d54d10173a250637478da213b1ae8e2
Log: Fixed bug #78598
 [2020-07-07 10:29 UTC] nikic@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Tue Sep 29 13:01:25 2020 UTC