From: Markus dot Lidel at shadowconnect dot com Operating system: Linux PHP version: Irrelevant PHP Bug Type: Reproducible crash Bug description: zend_fetch_list_dtor_id() doesn't check NULL strings
Description: ------------ If you use the zend_fetch_list_dtor_id function, and you have for example loaded the "crack" extension (which registers a destructor using the function register_list_destructors()), php crashes. The source of the problem is this line: if (strcmp(type_name, lde->type_name) == 0) { The register_list_destructors() set lde->type_name to NULL. If you replace the code with if (lde->type_name && (strcmp(type_name, lde->type_name) == 0)) { the function works fine. Reproduce code: --------------- int id = zend_fetch_list_dtor_id function("foo"); -- Edit bug report at http://bugs.php.net/?id=26753&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=26753&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=26753&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=26753&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=26753&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=26753&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=26753&r=needscript Try newer version: http://bugs.php.net/fix.php?id=26753&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=26753&r=support Expected behavior: http://bugs.php.net/fix.php?id=26753&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=26753&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=26753&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=26753&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=26753&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=26753&r=dst IIS Stability: http://bugs.php.net/fix.php?id=26753&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=26753&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=26753&r=float