ID: 31706 User updated by: darrell at brogdon dot net Reported By: darrell at brogdon dot net -Status: Feedback +Status: Closed Bug Type: Reproducible crash Operating System: Red Hat Linux 7.3 PHP Version: 4.3.10 New Comment:
Appears to be fixed in php4-STABLE-200501261730. Previous Comments: ------------------------------------------------------------------------ [2005-01-26 19:06:18] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-STABLE-latest.zip ------------------------------------------------------------------------ [2005-01-26 18:32:39] darrell at brogdon dot net Description: ------------ Using a modified version of the example in the online manual (http://us4.php.net/overload) causes PHP to segfault. The version of PHP used was compiled without any modules. Reproduce code: --------------- 1 <?php 2 class OO { 3 var $elem = array('b' => 9, 'c' => 42); 4 5 function OO() {} 6 7 function __call($fn_name, $args, &$ret) { 8 return true; 9 } 10 11 function __set($prop_name, $prop_value) { 12 $this->elem[$prop_name] = $prop_value; 13 return true; 14 } 15 } 16 overload('OO'); 17 $o = new OO; 18 $o->d('foo'); 19 $o->x = 56; 20 ?> Expected result: ---------------- Exit normally with no output. Actual result: -------------- Program received signal SIGSEGV, Segmentation fault. 0x00596f0a in ?? () (gdb) bt #0 0x00596f0a in ?? () #1 0x08119c9d in set_overloaded_property (T=0xbfffc8dc, value=0x81a0448) at /storage/dbrogdon/mxl-php-src/Zend/zend_execute.c:978 #2 0x0811c700 in execute (op_array=0x819bf1c) at /storage/dbrogdon/mxl-php-src/Zend/zend_execute.c:339 #3 0x0810db1a in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /storage/dbrogdon/mxl-php-src/Zend/zend.c:900 #4 0x080eb232 in php_execute_script (primary_file=0xbffff500) at /storage/dbrogdon/mxl-php-src/main/main.c:1736 #5 0x081269c8 in main (argc=2, argv=0xbffff5a4) at /storage/dbrogdon/mxl-php-src/sapi/cli/php_cli.c:822 (gdb) up #1 0x08119c9d in set_overloaded_property (T=0xbfffc8dc, value=0x81a0448) at /storage/dbrogdon/mxl-php-src/Zend/zend_execute.c:978 978 ce->handle_property_set(&T->EA.data.overloaded_element, value); (gdb) p *value $1 = {value = {lval = 56, dval = 2.1219958186329485e-314, str = {val = 0x38 <Address 0x38 out of bounds>, len = 1}, ht = 0x38, obj = {ce = 0x38, properties = 0x1}}, type = 1 '\001', is_ref = 1 '\001', refcount = 2} (gdb) p *T $2 = {tmp_var = {value = {lval = 0, dval = 0, str = {val = 0x0, len = 0}, ht = 0x0, obj = {ce = 0x0, properties = 0x0}}, type = 0 '\0', is_ref = 0 '\0', refcount = 0}, var = { ptr_ptr = 0x0, ptr = 0x0}, EA = {tmp_var = {value = {lval = 0, dval = 0, str = {val = 0x0, len = 0}, ht = 0x0, obj = {ce = 0x0, properties = 0x0}}, type = 0 '\0', is_ref = 0 '\0', refcount = 0}, data = {str_offset = {str = 0x1, offset = 135928188}, overloaded_element = {type = 1, object = 0x81a197c, elements_list = 0x819bf84}}, type = 1 '\001'}} ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=31706&edit=1
