From:             [EMAIL PROTECTED]
Operating system: SuSE7.0
PHP version:      4.0.6
PHP Bug Type:     Scripting Engine problem
Bug description:  SEPARATE_ZVAL_TO_MAKE_IS_REF doesn't like 0x0

function &erm($key) { 
  return @$arr[$key];

$foo = erm('foo');
$bar = erm('bar');

(gdb) run bug3.php
Starting program: /usr/local/bin/php bug3.php

Program received signal SIGSEGV, Segmentation fault.
0x80a29e9 in execute (op_array=0x81d3348) at ./zend_execute.c:1592
1592     SEPARATE_ZVAL_TO_MAKE_IS_REF(retval_ptr_ptr);
(gdb) p retval_ptr_ptr
$1 = (zval **) 0x0
(gdb) bt
#0  0x80a29e9 in execute (op_array=0x81d3348) at ./zend_execute.c:1592
#1  0x80a26a8 in execute (op_array=0x81cdf5c) at ./zend_execute.c:1544
#2  0x8097234 in zend_execute_scripts (type=8, file_count=3) at
#3  0x8065b4f in php_execute_script (primary_file=0xbffff694) at
#4  0x8061173 in main (argc=2, argv=0xbffff724) at cgi_main.c:718
(gdb) list
1587    (opline->op1.op_type != IS_CONST) && 
1588    (opline->op1.op_type != IS_TMP_VAR)) {
1590    retval_ptr_ptr = get_zval_ptr_ptr(&opline->op1, Ts, BP_VAR_W);
1592    SEPARATE_ZVAL_TO_MAKE_IS_REF(retval_ptr_ptr);
1594    (*retval_ptr_ptr)->refcount++;
1595    (*EG(return_value_ptr_ptr)) = (*retval_ptr_ptr);
1596     } else {

notice that the second call [ erm('bar')] actually trigger the segfault.

patch: I dunno, Zeev somebody? :)

Edit bug report at:

PHP Development Mailing List <>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to