From: darrell at brogdon dot net Operating system: Red Hat Linux 7.3 PHP version: 4.3.10 PHP Bug Type: Reproducible crash Bug description: overload() causes SIGSEGV.
Description: ------------ Using a modified version of the example in the online manual (http://us4.php.net/overload) causes PHP to segfault. The version of PHP used was compiled without any modules. Reproduce code: --------------- 1 <?php 2 class OO { 3 var $elem = array('b' => 9, 'c' => 42); 4 5 function OO() {} 6 7 function __call($fn_name, $args, &$ret) { 8 return true; 9 } 10 11 function __set($prop_name, $prop_value) { 12 $this->elem[$prop_name] = $prop_value; 13 return true; 14 } 15 } 16 overload('OO'); 17 $o = new OO; 18 $o->d('foo'); 19 $o->x = 56; 20 ?> Expected result: ---------------- Exit normally with no output. Actual result: -------------- Program received signal SIGSEGV, Segmentation fault. 0x00596f0a in ?? () (gdb) bt #0 0x00596f0a in ?? () #1 0x08119c9d in set_overloaded_property (T=0xbfffc8dc, value=0x81a0448) at /storage/dbrogdon/mxl-php-src/Zend/zend_execute.c:978 #2 0x0811c700 in execute (op_array=0x819bf1c) at /storage/dbrogdon/mxl-php-src/Zend/zend_execute.c:339 #3 0x0810db1a in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /storage/dbrogdon/mxl-php-src/Zend/zend.c:900 #4 0x080eb232 in php_execute_script (primary_file=0xbffff500) at /storage/dbrogdon/mxl-php-src/main/main.c:1736 #5 0x081269c8 in main (argc=2, argv=0xbffff5a4) at /storage/dbrogdon/mxl-php-src/sapi/cli/php_cli.c:822 (gdb) up #1 0x08119c9d in set_overloaded_property (T=0xbfffc8dc, value=0x81a0448) at /storage/dbrogdon/mxl-php-src/Zend/zend_execute.c:978 978 ce->handle_property_set(&T->EA.data.overloaded_element, value); (gdb) p *value $1 = {value = {lval = 56, dval = 2.1219958186329485e-314, str = {val = 0x38 <Address 0x38 out of bounds>, len = 1}, ht = 0x38, obj = {ce = 0x38, properties = 0x1}}, type = 1 '\001', is_ref = 1 '\001', refcount = 2} (gdb) p *T $2 = {tmp_var = {value = {lval = 0, dval = 0, str = {val = 0x0, len = 0}, ht = 0x0, obj = {ce = 0x0, properties = 0x0}}, type = 0 '\0', is_ref = 0 '\0', refcount = 0}, var = { ptr_ptr = 0x0, ptr = 0x0}, EA = {tmp_var = {value = {lval = 0, dval = 0, str = {val = 0x0, len = 0}, ht = 0x0, obj = {ce = 0x0, properties = 0x0}}, type = 0 '\0', is_ref = 0 '\0', refcount = 0}, data = {str_offset = {str = 0x1, offset = 135928188}, overloaded_element = {type = 1, object = 0x81a197c, elements_list = 0x819bf84}}, type = 1 '\001'}} -- Edit bug report at http://bugs.php.net/?id=31706&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=31706&r=trysnapshot4 Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=31706&r=trysnapshot50 Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=31706&r=trysnapshot51 Fixed in CVS: http://bugs.php.net/fix.php?id=31706&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=31706&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=31706&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=31706&r=needscript Try newer version: http://bugs.php.net/fix.php?id=31706&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=31706&r=support Expected behavior: http://bugs.php.net/fix.php?id=31706&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=31706&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=31706&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=31706&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=31706&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=31706&r=dst IIS Stability: http://bugs.php.net/fix.php?id=31706&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=31706&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=31706&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=31706&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=31706&r=mysqlcfg
