Bug #17137: access to invalid pointer in mb_convert_variables()

tsukada Fri, 10 May 2002 01:51:43 -0700

From:             [EMAIL PROTECTED]
Operating system: RedHat7.2
PHP version:      4.0CVS-2002-05-10
PHP Bug Type:     Reproducible crash
Bug description:  access to invalid pointer in mb_convert_variables()



script:

<?php

$str = "a";
mb_convert_variables("utf-8", "utf-8,iso-8859-1", $str);
echo $str

?>



backtrace:

#0  0x4023bbdf in zif_mb_convert_variables (ht=3, return_value=0x80e7cac,
this_ptr=0x0, return_value_used=0)
    at php4/ext/mbstring/mbstring.c:2785
#1  0x40337b8d in execute (op_array=0x80e7a64) at
php4/Zend/zend_execute.c:1598
#2  0x403263c4 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at php4/Zend/zend.c:810
#3  0x402f2f0a in php_execute_script (primary_file=0xbfffeab0) at
php4/main/main.c:1410
#4  0x4033caea in apache_php_module_main (r=0x80e0704,
display_source_mode=0)
    at php4/sapi/apache/sapi_apache.c:55
#5  0x4033d958 in send_php (r=0x80e0704, display_source_mode=0,
filename=0x80e2214 "test.php")
    at php4/sapi/apache/mod_php4.c:545
#6  0x4033d9d2 in send_parsed_php (r=0x80e0704) at
php4/sapi/apache/mod_php4.c:560
#7  0x08054747 in ap_invoke_handler ()
#8  0x08069557 in process_request_internal ()
#9  0x080695b8 in ap_process_request ()
#10 0x08060701 in child_main ()



patch:

Index: mbstring.c
===================================================================
RCS file: /repository/php4/ext/mbstring/mbstring.c,v
retrieving revision 1.67
diff -u -r1.67 mbstring.c
--- mbstring.c  8 May 2002 12:30:47 -0000       1.67
+++ mbstring.c  10 May 2002 06:39:38 -0000
@@ -2782,8 +2782,8 @@
                                                        }
                                                }
                                        } else if (Z_TYPE_PP(var) == IS_STRING) {
-                                               string.val = Z_STRVAL_PP(args[n]);
-                                               string.len = Z_STRLEN_PP(args[n]);
+                                               string.val = Z_STRVAL_PP(var);
+                                               string.len = Z_STRLEN_PP(var);
                                                if 
(mbfl_encoding_detector_feed(identd, &string TSRMLS_CC)) {
                                                        goto detect_end;               
 /* complete detecting */
                                                }



-- 
Edit bug report at http://bugs.php.net/?id=17137&edit=1
-- 
Fixed in CVS:        http://bugs.php.net/fix.php?id=17137&r=fixedcvs
Fixed in release:    http://bugs.php.net/fix.php?id=17137&r=alreadyfixed
Need backtrace:      http://bugs.php.net/fix.php?id=17137&r=needtrace
Try newer version:   http://bugs.php.net/fix.php?id=17137&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=17137&r=support
Expected behavior:   http://bugs.php.net/fix.php?id=17137&r=notwrong
Not enough info:     http://bugs.php.net/fix.php?id=17137&r=notenoughinfo
Submitted twice:     http://bugs.php.net/fix.php?id=17137&r=submittedtwice
register_globals:    http://bugs.php.net/fix.php?id=17137&r=globals

Bug #17137: access to invalid pointer in mb_convert_variables()

Reply via email to