#25154 [NEW]: SEGV on recpt of form input with name like "123[]"

[jdane at hawaii dot edu]

From:             jdane at hawaii dot edu
Operating system: solaris 2.8
PHP version:      4.3.2
PHP Bug Type:     Reproducible crash
Bug description:  SEGV on recpt of form input with name like "123[]"

Description:
------------
when submitting a form containing an input element like 
this:

 <input type="checkbox" name="123[]">

PHP receives a SEGV.


Reproduce code:
---------------
<HTML>
<HEAD><TITLE>Testing PHP Bug</TITLE></HEAD>
<BODY>
<H1>PHP Test</H1>
<H2>Form #1: Error Form</H2>
<FORM ACTION="<?= $_SERVER['PHP_SELF'] ?>" METHOD="post">
<P>Sample question...?</STRONG><BR>
<INPUT TYPE="checkbox" NAME="123[]"> Choice 1<BR>
<INPUT TYPE="checkbox" NAME="123[]"> Choice 2<BR>
<INPUT TYPE="checkbox" NAME="123[]"> Choice 3
</P>
<P>Just some form element: <INPUT TYPE="text" NAME="whatever" SIZE=15
MAXLENGTH=
15></P>
<INPUT TYPE="submit" NAME="submit1" VALUE="Submit">
</FORM>
<?php
if ( isset( $_POST['submit1'] ) )
{
   ?><H2>Results:</H2> <?= print_r( $_POST ) ?> <?php
}
?>
</BODY>
</HTML>

Expected result:
----------------
I expect not to receive a segmentation fault

Actual result:
--------------
immediate crash.  the top of the stack looks like this:

#0  0xfed27c20 in zend_hash_find (ht=0xebf50, 
arKey=0x0, 
    nKeyLength=4275156304, pData=0xffbef1f0)
    at /usr/local/src/web02/php-4.3.2/Zend/
zend_hash.c:875
#1  0xfecbfc68 in php_autoglobal_merge (dest=0xebf50, 
src=0xe9b68)
    at /usr/local/src/web02/php-4.3.2/main/main.c:1329
#2  0xfecc07b4 in php_hash_environment ()
    at /usr/local/src/web02/php-4.3.2/main/main.c:1477
#3  0xfecbea70 in php_request_startup ()
    at /usr/local/src/web02/php-4.3.2/main/main.c:925
#4  0xfed3fb88 in apache_php_module_main (r=0x46070, 
display_source_mode=0)
    at /usr/local/src/web02/php-4.3.2/sapi/apache/
sapi_apache.c:33
#5  0xfed412a0 in send_php (r=0x46070, 
display_source_mode=0, 
    filename=0x47ca0 "/webinfo/1/phptest/test.php")
    at /usr/local/src/web02/php-4.3.2/sapi/apache/
mod_php4.c:617
#6  0xfed41328 in send_parsed_php (r=0x46070)
    at /usr/local/src/web02/php-4.3.2/sapi/apache/
mod_php4.c:632
#7  0xff2cfc64 in ap_invoke_handler (r=0x46070) at 
http_config.c:518
#8  0xff2f4440 in process_request_internal (r=0x46070) 
at http_request.c:1308
#9  0xff2f44dc in ap_process_request (r=0x46070) at 
http_request.c:1324
#10 0xff2e5128 in child_main (child_num_arg=4) at 
http_main.c:4689
#11 0xff2e5560 in make_child (s=0x22e50, slot=4, 
now=1060904345)
    at http_main.c:4868

-- 
Edit bug report at http://bugs.php.net/?id=25154&edit=1
-- 
Try a CVS snapshot (php4):  http://bugs.php.net/fix.php?id=25154&r=trysnapshot4
Try a CVS snapshot (php5):  http://bugs.php.net/fix.php?id=25154&r=trysnapshot5
Fixed in CVS:               http://bugs.php.net/fix.php?id=25154&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=25154&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=25154&r=needtrace
Try newer version:          http://bugs.php.net/fix.php?id=25154&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=25154&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=25154&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=25154&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=25154&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=25154&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=25154&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=25154&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=25154&r=isapi
Install GNU Sed:            http://bugs.php.net/fix.php?id=25154&r=gnused