ID: 28086
Updated by: [EMAIL PROTECTED]
Reported By: tony2001 at phpclub dot net
Status: Assigned
-Bug Type: Reproducible crash
+Bug Type: Scripting Engine problem
Operating System: *
PHP Version: 4CVS-2005-01-08
-Assigned To: andrei
+Assigned To: andi
New Comment:
Patch:
Index: zend_execute.c
===================================================================
RCS file: /repository/Zend/Attic/zend_execute.c,v
retrieving revision 1.316.2.43
diff -u -r1.316.2.43 zend_execute.c
--- zend_execute.c 21 Dec 2004 10:37:49 -0000 1.316.2.43
+++ zend_execute.c 8 Jan 2005 19:49:13 -0000
@@ -715,6 +715,7 @@
static void fetch_overloaded_element(znode *result, znode *op1, znode
*op2, temp_variable *Ts, int type, zval ***retval, int
overloaded_element_type TSRMLS_DC)
{
zend_overloaded_element overloaded_element;
+ zval *tmp;
if (Ts[op1->u.var].EA.type == IS_STRING_OFFSET) {
get_zval_ptr(op2, Ts, &EG(free_op2), BP_VAR_R);
@@ -733,7 +734,11 @@
return;
}
- overloaded_element.element = *get_zval_ptr(op2, Ts,
&EG(free_op2), type);
+ tmp = get_zval_ptr(op2, Ts, &EG(free_op2), type);
+ if (!tmp) {
+ MAKE_STD_ZVAL(tmp);
+ }
+ overloaded_element.element = *tmp;
overloaded_element.type = overloaded_element_type;
if (!EG(free_op2)) {
zval_copy_ctor(&overloaded_element.element);
Previous Comments:
------------------------------------------------------------------------
[2005-01-08 14:39:38] [EMAIL PROTECTED]
Still segfaults..
------------------------------------------------------------------------
[2004-04-21 09:34:06] tony2001 at phpclub dot net
Description:
------------
Segfault in overload extension.
Backtrace:
----
0x4037bb1d in fetch_overloaded_element (result=0x8146c4c,
op1=0x8146c5c, op2=0x8146c6c, Ts=0xbfffbe9c, type=1,
retval=0xbfffbf60, overloaded_element_type=1) at
/home/tony/CVS/php_src_PHP_4_3_debug/Zend/zend_execute.c:735
735 overloaded_element.element = *get_zval_ptr(op2, Ts,
&EG(free_op2), type);
(gdb) bt
#0 0x4037bb1d in fetch_overloaded_element (result=0x8146c4c,
op1=0x8146c5c, op2=0x8146c6c, Ts=0xbfffbe9c, type=1,
retval=0xbfffbf60, overloaded_element_type=1) at
/home/tony/CVS/php_src_PHP_4_3_debug/Zend/zend_execute.c:735
#1 0x4037bc98 in zend_fetch_dimension_address (result=0x8146c4c,
op1=0x8146c5c, op2=0x8146c6c, Ts=0xbfffbe9c, type=1)
at /home/tony/CVS/php_src_PHP_4_3_debug/Zend/zend_execute.c:758
#2 0x4037e052 in execute (op_array=0x813ab5c) at
/home/tony/CVS/php_src_PHP_4_3_debug/Zend/zend_execute.c:1301
#3 0x4036c520 in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
at /home/tony/CVS/php_src_PHP_4_3_debug/Zend/zend.c:886
#4 0x4033162e in php_execute_script (primary_file=0xbffff310) at
/home/tony/CVS/php_src_PHP_4_3_debug/main/main.c:1731
#5 0x4038527a in apache_php_module_main (r=0x81309f4,
display_source_mode=0)
at
/home/tony/CVS/php_src_PHP_4_3_debug/sapi/apache/sapi_apache.c:54
#6 0x40386309 in send_php (r=0x81309f4, display_source_mode=0,
filename=0x8130f5c "/www/index.php")
at /home/tony/CVS/php_src_PHP_4_3_debug/sapi/apache/mod_php4.c:620
#7 0x4038639a in send_parsed_php (r=0x81309f4) at
/home/tony/CVS/php_src_PHP_4_3_debug/sapi/apache/mod_php4.c:635
#8 0x08074542 in ap_invoke_handler ()
#9 0x0808a56a in process_request_internal ()
#10 0x0808a9d4 in ap_internal_redirect ()
#11 0x0806024a in handle_dir ()
#12 0x08074542 in ap_invoke_handler ()
#13 0x0808a56a in process_request_internal ()
#14 0x0808a5c7 in ap_process_request ()
#15 0x08080f80 in child_main ()
#16 0x08081132 in make_child ()
#17 0x080812b1 in startup_children ()
#18 0x0808199b in standalone_main ()
#19 0x08082235 in main ()
#20 0x4010eaf7 in __libc_start_main () from /lib/i686/libc.so.6
Reproduce code:
---------------
<?
class Foo {
var $arr;
var $bar;
function __set($prop_name, $prop_value)
{
$this->bar[$prop_name] = $prop_value;
}
}
overload('Foo');
$foo = new Foo;
$foo->blabla[] = '123';
?>
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=28086&edit=1
