#26675 [Opn->Ver]: Segfault on ArrayAccess use

[derick]

 ID:               26675
 Updated by:       [EMAIL PROTECTED]
 Reported By:      xi at ngs dot ru
-Status:           Open
+Status:           Verified
 Bug Type:         Reproducible crash
 Operating System: Debian 3.0
 PHP Version:      5CVS-2003-12-19 (dev)
 New Comment:

I could verify this.


Previous Comments:
------------------------------------------------------------------------

[2003-12-20 03:32:46] xi at ngs dot ru

Backtrace:

#0  zend_call_function (fci=0xbfffd4c0, fci_cache=0xbfffd4a0)
    at /home/simeon/php/php5-200312191230/Zend/zend_execute_API.c:668
#1  0x08141822 in zend_call_method (object_pp=0xbfffd550,
obj_ce=0x4032b6dc, 
    fn_proxy=0x0, function_name=0x81941be "offsetset",
function_name_len=9, 
    retval_ptr_ptr=0x0, param_count=136060708, arg1=0x0,
arg2=0x4032a568)
    at /home/simeon/php/php5-200312191230/Zend/zend_interfaces.c:79
#2  0x081430ae in zend_std_write_dimension (object=0x4032c1cc,
offset=0x0, 
    value=0x4032a568)
    at
/home/simeon/php/php5-200312191230/Zend/zend_object_handlers.c:405
#3  0x08157410 in zend_assign_to_object (result=0x4032a4f0, 
    object_ptr=0x4032c250, op2=0x4032a520, value_op=0x4032a560,
Ts=0xbfffd610, 
    opcode=147) at
/home/simeon/php/php5-200312191230/Zend/zend_execute.c:416
#4  0x081517e0 in zend_assign_dim_handler (execute_data=0xbfffd6f0, 
    op_array=0x40324e5c)
    at /home/simeon/php/php5-200312191230/Zend/zend_execute.c:2058
#5  0x0814f5fd in execute (op_array=0x40324e5c)
    at /home/simeon/php/php5-200312191230/Zend/zend_execute.c:1260
#6  0x0813515a in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
    at /home/simeon/php/php5-200312191230/Zend/zend.c:1030
#7  0x081017ef in php_execute_script (primary_file=0xbffffac0)
    at /home/simeon/php/php5-200312191230/main/main.c:1638
#8  0x0815a312 in main (argc=2, argv=0xbffffb44)
    at /home/simeon/php/php5-200312191230/sapi/cli/php_cli.c:910

------------------------------------------------------------------------

[2003-12-20 02:52:49] [EMAIL PROTECTED]

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

------------------------------------------------------------------------

[2003-12-19 20:20:02] xi at ngs dot ru

Description:
------------
The following code produces segfault using snapshot php5-200312191230.

Reproduce code:
---------------
<?php
class A implements ArrayAccess
{
    private $array = array();

    public function offsetExists( $offset )
    { return isset( $this->array[ $offset ] ); }
    
    public function offsetGet( $offset )
    { return $this->array[ $offset ]; }

    public function offsetSet( $offset, $data )
    { $this->array[ $offset ] = $data; }

    public function offsetUnset( $offset )
    { unset( $this->array[ $offset ] ); }
}
$a = new A();
$a[] = 'Segfault here!';
?>

Expected result:
----------------
String added to $a

Actual result:
--------------
Segmentation fault


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=26675&edit=1