From: php at trancer dot nl
Operating system: Linux Win32
PHP version: 4.3.4
PHP Bug Type: Reproducible crash
Bug description: Echoing string while assigning math value
Description:
------------
The following script causes various PHP versions to segfault: <?php
$string = 'abc'; echo $string{1} = 3+3 ?>
The following doesnt crash: <?php $string = 'abc'; echo $string{1} = 3 ?>
Anything with math will make it crash (* / + - ^ etc.) just using = 3 wont
make it crash. May be noted that using the php -r way it wont core.. seems
to work only being put in a file.
Results of the code on debian SID (yes, 4.3.3 but read on)are below.
---
hybrid:~# php < bla.php
6Segmentation fault
hybrid:~# php -r "$string = 'abc'; echo $string{1} = 3+3"
Parse error: parse error in Command line code on line 1
---
(Tried) reproduced on:
WinXP + Apache 1.3.29 + PHP 4.3.4 crashed.
WinXP + PHP 4.2.3 does NOT crash
Fedora Red Hat Linux 3.3.2-1 + Apache2 + PHP 4.3.4: NOT crashed
FreeBSD 4.2: doesnt crash (4.1.2)
FreeBSD 4.5: didnt print anything (not even 6)
FreeBSD 4.6: doesnt crash
FreeBSD 4.7: didnt print anything (not even 6)
FreeBSD 4.8: didnt print anything (not even 6) (4.3.1)
FreeBSD 4.9-RELEASE: crash (4.3.3)
Slackware current + PHP 4.3.4: crash
Redhat 7.3 + PHP 4.3.4: prints nothing
PLD Linux: NOT crashing
Thats about all stats I could collect. Had no machines with 4.3.5RC1
around to test it.
Regards,
Reproduce code:
---------------
<?php $string = 'abc'; echo $string{1} = 3+3 ?>
Expected result:
----------------
Ehm 6, well something else in fact. Was just toying around with string
incrementing etc. Wasnt going to work obviously (needed chr/ord) original
code was 'c' - 32 instead of 3+3.
Actual result:
--------------
6Segmentation fault
--
Edit bug report at http://bugs.php.net/?id=27028&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=27028&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=27028&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=27028&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=27028&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=27028&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=27028&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=27028&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=27028&r=support
Expected behavior: http://bugs.php.net/fix.php?id=27028&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=27028&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=27028&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=27028&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=27028&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=27028&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=27028&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=27028&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=27028&r=float
