From: nikic Operating system: PHP version: 5.5.4 Package: Scripting Engine problem Bug Type: Bug Bug description:By-ref foreach on property access of string offset segfaults
Description:
------------
This segfaults:
$str = "foo";
foreach ($str[0]->bar as &$baz) {}
Because http://lxr.php.net/xref/PHP_TRUNK/Zend/zend_vm_def.h#1391 uses
var.ptr_ptr without NULL check (FETCH_OBJ_W with ZEND_FETCH_ADD_LOCK).
--
Edit bug report at https://bugs.php.net/bug.php?id=65821&edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=65821&r=trysnapshot54
Try a snapshot (PHP 5.5):
https://bugs.php.net/fix.php?id=65821&r=trysnapshot55
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=65821&r=trysnapshottrunk
Fixed in SVN: https://bugs.php.net/fix.php?id=65821&r=fixed
Fixed in release: https://bugs.php.net/fix.php?id=65821&r=alreadyfixed
Need backtrace: https://bugs.php.net/fix.php?id=65821&r=needtrace
Need Reproduce Script: https://bugs.php.net/fix.php?id=65821&r=needscript
Try newer version: https://bugs.php.net/fix.php?id=65821&r=oldversion
Not developer issue: https://bugs.php.net/fix.php?id=65821&r=support
Expected behavior: https://bugs.php.net/fix.php?id=65821&r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=65821&r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=65821&r=submittedtwice
register_globals: https://bugs.php.net/fix.php?id=65821&r=globals
PHP 4 support discontinued: https://bugs.php.net/fix.php?id=65821&r=php4
Daylight Savings: https://bugs.php.net/fix.php?id=65821&r=dst
IIS Stability: https://bugs.php.net/fix.php?id=65821&r=isapi
Install GNU Sed: https://bugs.php.net/fix.php?id=65821&r=gnused
Floating point limitations: https://bugs.php.net/fix.php?id=65821&r=float
No Zend Extensions: https://bugs.php.net/fix.php?id=65821&r=nozend
MySQL Configuration Error: https://bugs.php.net/fix.php?id=65821&r=mysqlcfg
