From: php at trancer dot nl Operating system: Linux Win32 PHP version: 4.3.4 PHP Bug Type: Reproducible crash Bug description: Echoing string while assigning math value
Description: ------------ The following script causes various PHP versions to segfault: <?php $string = 'abc'; echo $string{1} = 3+3 ?> The following doesnt crash: <?php $string = 'abc'; echo $string{1} = 3 ?> Anything with math will make it crash (* / + - ^ etc.) just using = 3 wont make it crash. May be noted that using the php -r way it wont core.. seems to work only being put in a file. Results of the code on debian SID (yes, 4.3.3 but read on)are below. --- hybrid:~# php < bla.php 6Segmentation fault hybrid:~# php -r "$string = 'abc'; echo $string{1} = 3+3" Parse error: parse error in Command line code on line 1 --- (Tried) reproduced on: WinXP + Apache 1.3.29 + PHP 4.3.4 crashed. WinXP + PHP 4.2.3 does NOT crash Fedora Red Hat Linux 3.3.2-1 + Apache2 + PHP 4.3.4: NOT crashed FreeBSD 4.2: doesnt crash (4.1.2) FreeBSD 4.5: didnt print anything (not even 6) FreeBSD 4.6: doesnt crash FreeBSD 4.7: didnt print anything (not even 6) FreeBSD 4.8: didnt print anything (not even 6) (4.3.1) FreeBSD 4.9-RELEASE: crash (4.3.3) Slackware current + PHP 4.3.4: crash Redhat 7.3 + PHP 4.3.4: prints nothing PLD Linux: NOT crashing Thats about all stats I could collect. Had no machines with 4.3.5RC1 around to test it. Regards, Reproduce code: --------------- <?php $string = 'abc'; echo $string{1} = 3+3 ?> Expected result: ---------------- Ehm 6, well something else in fact. Was just toying around with string incrementing etc. Wasnt going to work obviously (needed chr/ord) original code was 'c' - 32 instead of 3+3. Actual result: -------------- 6Segmentation fault -- Edit bug report at http://bugs.php.net/?id=27028&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=27028&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=27028&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=27028&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=27028&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=27028&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=27028&r=needscript Try newer version: http://bugs.php.net/fix.php?id=27028&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=27028&r=support Expected behavior: http://bugs.php.net/fix.php?id=27028&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=27028&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=27028&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=27028&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=27028&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=27028&r=dst IIS Stability: http://bugs.php.net/fix.php?id=27028&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=27028&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=27028&r=float