#26696 [Ctl]: Using string index in a switch() crashes with multiple matches

Sun, 18 Jan 2004 21:14:02 -0800 

 ID:               26696
 Updated by:       [EMAIL PROTECTED]
-Summary:          Using string index in a switch() crashes
 Reported By:      saruman at northernhacking dot org
 Status:           Critical
 Bug Type:         Zend Engine 2 problem
 Operating System: *
 PHP Version:      5CVS-2004-01-02
 New Comment:

Confirmed in recent cvs. It only happens with a default: block before
which there is an applicable case ending in a break; statement.

<?php
$line = '*';
switch ($line{0}) { // crashes also with $line[0]
 case '*';
  echo '* RAN!';
  ob_flush();
  break;
 default:
  echo 'Default RAN!';
  ob_flush();
}
?>

This results in '* RAN!Segmentation Fault'. :(

BTW, I discovered this bug because it breaks Wakka.


Previous Comments:
------------------------------------------------------------------------

[2004-01-07 21:36:22] [EMAIL PROTECTED]

See also bug #26801

------------------------------------------------------------------------

[2004-01-02 10:43:39] [EMAIL PROTECTED]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 20298)]
0x08357f99 in zend_pzval_unlock_func (z=0x1) at
/usr/src/web/php/php5/Zend/zend_execute.c:64
64              z->refcount--;
(gdb) bt
#0  0x08357f99 in zend_pzval_unlock_func (z=0x1) at
/usr/src/web/php/php5/Zend/zend_execute.c:64
#1  0x08358499 in zend_switch_free (opline=0x40e491f8, Ts=0xbfffd640)
at /usr/src/web/php/php5/Zend/zend_execute.c:198
#2  0x083545d6 in zend_switch_free_handler (execute_data=0xbfffd7a0,
op_array=0x40e48704)
    at /usr/src/web/php/php5/Zend/zend_execute.c:3072
#3  0x0834efd8 in execute (op_array=0x40e48704) at
/usr/src/web/php/php5/Zend/zend_execute.c:1260
#4  0x0832d924 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /usr/src/web/php/php5/Zend/zend.c:1050
#5  0x082eac2c in php_execute_script (primary_file=0xbffffba0) at
/usr/src/web/php/php5/main/main.c:1642
#6  0x08367237 in main (argc=2, argv=0xbffffc34) at
/usr/src/web/php/php5/sapi/cli/php_cli.c:924


------------------------------------------------------------------------

[2003-12-22 17:22:03] saruman at northernhacking dot org

This bug is very similar to #26281, in fact, it's probably the same.

------------------------------------------------------------------------

[2003-12-22 17:00:20] [EMAIL PROTECTED]

Maybe related to bug #17997

------------------------------------------------------------------------

[2003-12-22 14:51:55] saruman at northernhacking dot org

case '?': is the culprit.

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://bugs.php.net/26696

-- 
Edit this bug report at http://bugs.php.net/?id=26696&edit=1

Reply via email to