ID: 35470
Updated by: [EMAIL PROTECTED]
Reported By: prgallier at yahoo dot com
Status: Assigned
Bug Type: Scripting Engine problem
Operating System: *
PHP Version: 5CVS-2005-11-29 (cvs)
Assigned To: dmitry
New Comment:
<?php
function dotest()
{
$array = array(array("test", "blah"),array("test", "blah"));
$i = 0;
while ($row = $array[$i++])
{
global ${$row[0]};
${$row[0]} = $row[1];
}
}
dotest();
?>
Valgrind shows several errors:
==3742== Invalid read of size 4
==3742== at 0x823AAEA: zend_fetch_dimension_address
(zend_execute.c:1092)
==3742== by 0x826DEE0: ZEND_FETCH_DIM_R_SPEC_CV_CONST_HANDLER
(zend_vm_execute.h:20390)
==3742== by 0x823B348: execute (zend_vm_execute.h:88)
==3742== by 0x823B7A9: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:222)
==3742== by 0x823E294: ZEND_DO_FCALL_SPEC_CONST_HANDLER
(zend_vm_execute.h:1578)
==3742== by 0x823B348: execute (zend_vm_execute.h:88)
==3742== by 0x8214E75: zend_execute_scripts (zend.c:1090)
==3742== by 0x81D43AD: php_execute_script (main.c:1704)
==3742== by 0x828025D: main (php_cli.c:1039)
etc.
Previous Comments:
------------------------------------------------------------------------
[2005-11-29 19:58:50] prgallier at yahoo dot com
The following generates a segfault on my system:
function dotest()
{
$link = mysql_connect("localhost","test","test");
mysql_select_db("test");
mysql_query("CREATE TABLE config (num smallint(5) unsigned NOT NULL
auto_increment, conf varchar(20) NOT NULL default '')");
mysql_query("INSERT INTO config (conf,type) VALUES('Test1','33')");
$result = mysql_query("SELECT conf,value FROM config");
while ($row = mysql_fetch_row($result))
{
global ${$row[0]};
${$row[0]} = $row[1];
}
mysql_free_result($result);
}
dotest();
echo "Test: $test<br>\n";
------------------------------------------------------------------------
[2005-11-29 13:09:49] [EMAIL PROTECTED]
Dmitry, can you check this out please.
------------------------------------------------------------------------
[2005-11-29 11:33:26] prgallier at yahoo dot com
Oops...the expected and actual result fields are switched.
------------------------------------------------------------------------
[2005-11-29 11:32:20] prgallier at yahoo dot com
Description:
------------
The below code does not store the value "55" in the variable "test" as
it should, and did in PHP 5.0.5. Leaving out the global declaration
allows the output to display properly. I have also had segmentation
faults caused by similar routines, but have been unable to reproduce
this outside of the full program.
Reproduce code:
---------------
$x = array("test", "55");
global ${$x[0]};
${$x[0]} = $x[1];
echo "Test: $test<br>\n";;
Expected result:
----------------
Displays:
Test:
Actual result:
--------------
Should display:
Test: 55
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=35470&edit=1
