ID: 11970 Updated by: zeev Reported By: [EMAIL PROTECTED] Old Status: Closed Status: Open Bug Type: Scripting Engine problem Operating System: SuSE7.0 PHP Version: 4.0.6 New Comment: The fixes so far were bad; They were reverted, and this bug is no reopened. Previous Comments: ------------------------------------------------------------------------ [2001-07-19 12:05:04] [EMAIL PROTECTED] My initial fix was bogus, as I misdiagnosed what was going on. The current fix is to allow returning of plain variables only (i.e., you can return $arr[$key], but you can't return @$arr[$key]). This means that your script will not work (it'll error out), but won't crash either... ------------------------------------------------------------------------ [2001-07-15 12:48:52] [EMAIL PROTECTED] Fixed in CVS - thanks for the tiny reproducing script! ------------------------------------------------------------------------ [2001-07-09 06:27:49] [EMAIL PROTECTED] function &erm($key) { return @$arr[$key]; } $foo = erm('foo'); $bar = erm('bar'); (gdb) run bug3.php Starting program: /usr/local/bin/php bug3.php Program received signal SIGSEGV, Segmentation fault. 0x80a29e9 in execute (op_array=0x81d3348) at ./zend_execute.c:1592 1592 SEPARATE_ZVAL_TO_MAKE_IS_REF(retval_ptr_ptr); (gdb) p retval_ptr_ptr $1 = (zval **) 0x0 (gdb) bt #0 0x80a29e9 in execute (op_array=0x81d3348) at ./zend_execute.c:1592 #1 0x80a26a8 in execute (op_array=0x81cdf5c) at ./zend_execute.c:1544 #2 0x8097234 in zend_execute_scripts (type=8, file_count=3) at zend.c:752 #3 0x8065b4f in php_execute_script (primary_file=0xbffff694) at main.c:1206 #4 0x8061173 in main (argc=2, argv=0xbffff724) at cgi_main.c:718 (gdb) list 1587 (opline->op1.op_type != IS_CONST) && 1588 (opline->op1.op_type != IS_TMP_VAR)) { 1589 1590 retval_ptr_ptr = get_zval_ptr_ptr(&opline->op1, Ts, BP_VAR_W); 1591 1592 SEPARATE_ZVAL_TO_MAKE_IS_REF(retval_ptr_ptr); 1593 1594 (*retval_ptr_ptr)->refcount++; 1595 (*EG(return_value_ptr_ptr)) = (*retval_ptr_ptr); 1596 } else { notice that the second call [ erm('bar')] actually trigger the segfault. patch: I dunno, Zeev somebody? :) ------------------------------------------------------------------------ Edit this bug report at http://bugs.php.net/?id=11970&edit=1 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]