ID: 26696 Updated by: [EMAIL PROTECTED] -Summary: Using string index in a switch() crashes Reported By: saruman at northernhacking dot org Status: Critical Bug Type: Zend Engine 2 problem Operating System: * PHP Version: 5CVS-2004-01-02 New Comment:
Confirmed in recent cvs. It only happens with a default: block before which there is an applicable case ending in a break; statement. <?php $line = '*'; switch ($line{0}) { // crashes also with $line[0] case '*'; echo '* RAN!'; ob_flush(); break; default: echo 'Default RAN!'; ob_flush(); } ?> This results in '* RAN!Segmentation Fault'. :( BTW, I discovered this bug because it breaks Wakka. Previous Comments: ------------------------------------------------------------------------ [2004-01-07 21:36:22] [EMAIL PROTECTED] See also bug #26801 ------------------------------------------------------------------------ [2004-01-02 10:43:39] [EMAIL PROTECTED] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 16384 (LWP 20298)] 0x08357f99 in zend_pzval_unlock_func (z=0x1) at /usr/src/web/php/php5/Zend/zend_execute.c:64 64 z->refcount--; (gdb) bt #0 0x08357f99 in zend_pzval_unlock_func (z=0x1) at /usr/src/web/php/php5/Zend/zend_execute.c:64 #1 0x08358499 in zend_switch_free (opline=0x40e491f8, Ts=0xbfffd640) at /usr/src/web/php/php5/Zend/zend_execute.c:198 #2 0x083545d6 in zend_switch_free_handler (execute_data=0xbfffd7a0, op_array=0x40e48704) at /usr/src/web/php/php5/Zend/zend_execute.c:3072 #3 0x0834efd8 in execute (op_array=0x40e48704) at /usr/src/web/php/php5/Zend/zend_execute.c:1260 #4 0x0832d924 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/web/php/php5/Zend/zend.c:1050 #5 0x082eac2c in php_execute_script (primary_file=0xbffffba0) at /usr/src/web/php/php5/main/main.c:1642 #6 0x08367237 in main (argc=2, argv=0xbffffc34) at /usr/src/web/php/php5/sapi/cli/php_cli.c:924 ------------------------------------------------------------------------ [2003-12-22 17:22:03] saruman at northernhacking dot org This bug is very similar to #26281, in fact, it's probably the same. ------------------------------------------------------------------------ [2003-12-22 17:00:20] [EMAIL PROTECTED] Maybe related to bug #17997 ------------------------------------------------------------------------ [2003-12-22 14:51:55] saruman at northernhacking dot org case '?': is the culprit. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/26696 -- Edit this bug report at http://bugs.php.net/?id=26696&edit=1