Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:7617
Return-Path: <paj@pearfr.org>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 78063 invoked by uid 1010); 5 Feb 2004 15:24:58 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 78022 invoked from network); 5 Feb 2004 15:24:58 -0000
Received: from unknown (HELO smtp2.netcologne.de) (194.8.194.218)
  by pb1.pair.com with SMTP; 5 Feb 2004 15:24:58 -0000
Received: from localhost.localdomain (xdsl-213-196-213-33.netcologne.de [213.196.213.33])
	by smtp2.netcologne.de (Postfix) with SMTP id 200483AE58
	for <internals@lists.php.net>; Thu,  5 Feb 2004 16:24:57 +0100 (MET)
Date: Thu, 5 Feb 2004 16:24:56 +0100
To: internals@lists.php.net
Message-ID: <20040205162456.72f2ddba@localhost.localdomain>
Organization: Freelancer
X-Mailer: Sylpheed version 0.9.8claws (GTK+ 1.2.10; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: multipart/mixed;
 boundary="Multipart=_Thu__5_Feb_2004_16_24_56_+0100_GGOAzZv6Wn_CHncA"
Subject: tests/lang/bug24773.phpt, segfault with 4.3.5RC2
From: paj@pearfr.org (Pierre-Alain Joye)

--Multipart=_Thu__5_Feb_2004_16_24_56_+0100_GGOAzZv6Wn_CHncA
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Hello,

I got segfaults with the test tests/lang/bug24773.phpt. It seems the
test added in HEAD has been either lost or never applied.

Please find an attempt to fix as attachment, feel free to drop it and
apply your own and cleaner one ;-)

hth

pierre


--Multipart=_Thu__5_Feb_2004_16_24_56_+0100_GGOAzZv6Wn_CHncA
Content-Type: text/plain;
 name="patchbug24773.txt"
Content-Disposition: attachment;
 filename="patchbug24773.txt"
Content-Transfer-Encoding: 7bit

--- /home/paj/cvs/php43/Zend/zend_execute.c	2004-02-05 16:19:26.000000000 +0100
+++ Zend/zend_execute.c	2004-02-05 16:18:40.000000000 +0100
@@ -1310,11 +1310,16 @@ binary_assign_op_addr: {
 				}
 				*/
 				zend_fetch_dimension_address(&EX(opline)->result, &EX(opline)->op1, &EX(opline)->op2, EX(Ts), BP_VAR_R TSRMLS_CC);
-				PZVAL_UNLOCK(*EX(Ts)[EX(opline)->result.u.var].var.ptr_ptr);
-				if (EX(Ts)[EX(opline)->result.u.var].var.ptr_ptr != &EG(uninitialized_zval_ptr)) {
-					SEPARATE_ZVAL_IF_NOT_REF(EX(Ts)[EX(opline)->result.u.var].var.ptr_ptr);
-				}
-				PZVAL_LOCK(*EX(Ts)[EX(opline)->result.u.var].var.ptr_ptr);
+
+			        if (!EX(Ts)[EX(opline)->result.u.var].var.ptr_ptr) {
+			                zend_error(E_ERROR, "Cannot unset string offsets");
+			        } else {
+                               		PZVAL_UNLOCK(*EX(Ts)[EX(opline)->result.u.var].var.ptr_ptr);
+	                                if (EX(Ts)[EX(opline)->result.u.var].var.ptr_ptr != &EG(uninitialized_zval_ptr)) {
+                	                        SEPARATE_ZVAL_IF_NOT_REF(EX(Ts)[EX(opline)->result.u.var].var.ptr_ptr);
+        	                        }
+                        	        PZVAL_LOCK(*EX(Ts)[EX(opline)->result.u.var].var.ptr_ptr);
+			        }
 				NEXT_OPCODE();
 			case ZEND_FETCH_OBJ_R:
 				zend_fetch_property_address(&EX(opline)->result, &EX(opline)->op1, &EX(opline)->op2, EX(Ts), BP_VAR_R TSRMLS_CC);

--Multipart=_Thu__5_Feb_2004_16_24_56_+0100_GGOAzZv6Wn_CHncA--