#26696 [Ver]: When using string as implicit array, segfault in PHP5.0.0b3

Mon, 22 Dec 2003 13:54:05 -0800 

 ID:               26696
 User updated by:  saruman at northernhacking dot org
 Reported By:      saruman at northernhacking dot org
 Status:           Verified
 Bug Type:         Reproducible crash
 Operating System: Linux RH9
-PHP Version:      5.0.0b2 (beta2)
+PHP Version:      5.0.0b3 (beta3)
 New Comment:

Just reiterating that this is with beta3


Previous Comments:
------------------------------------------------------------------------

[2003-12-22 14:51:55] saruman at northernhacking dot org

case '?': is the culprit.

------------------------------------------------------------------------

[2003-12-22 14:38:45] saruman at northernhacking dot org

Replacing the switch() block by echo like:

for (...) {
        echo $str[$i];
}

produces the expected behavior. The problem appears to be in the
switch() or case statements.

------------------------------------------------------------------------

[2003-12-22 14:36:00] saruman at northernhacking dot org

In the code snippet, commenting out the content of the switch loop
prevents the crash.

------------------------------------------------------------------------

[2003-12-22 14:33:53] saruman at northernhacking dot org

Description:
------------
The ONLY change I'd done is install php-5.0.0b3 with the same config as
the php-5.0.0b2 it replaced.

Config vars:

Configure Command  './configure' '--with-pear' '--with-pgsql'
'--with-apxs=/usr/local/apache/bin/apxs' '--enable-mbstring'
'--prefix=/usr/local/php5' '--with-libxml-dir=/usr'

Using this with php-5.0.0b2 works as expected. This behavior of a
string is required by DB.php in PEAR, amongst others.

Reproduce code:
---------------
<?php

//$str = Array('a', 's', 'd', 'd', '/', '?');
$str = 'asdd/?';
$len = strlen($str);
for ($i = 0; $i < $len; $i++) {
        switch ($str[$i]) {
                case '?':
                        echo '?';
                        break;
        }
}

?>
Did not crash.

Expected result:
----------------
?Did not crash.

Actual result:
--------------
>From error_log:
[Mon Dec 22 14:15:38 2003] [notice] child pid 30170 exit signal
Segmentation fault (11)
[Mon Dec 22 14:15:38 2003] [notice] child pid 30187 exit signal
Segmentation fault (11)

The two response are because MSIE seems to do a second query when the
first one unexpectedly close.


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=26696&edit=1

Reply via email to