Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segmentation Fault: Manipulating an undefined variable as an array #1775

Closed
CameronHall opened this issue Dec 8, 2018 · 2 comments
Closed

Segmentation Fault: Manipulating an undefined variable as an array #1775

CameronHall opened this issue Dec 8, 2018 · 2 comments
Labels
bug

Comments

@CameronHall
Copy link

When running PHP as CLI $_SESSION is undefined. So attempting to call this function will attempt to append an array element to an undefined variable which results in a segmentation fault.

function set(string index, var value)
{
    var uniqueId;

    let uniqueId = this->_uniqueId;
    if !empty uniqueId {
        let _SESSION[uniqueId . "#" . index] = value;
        return;
    }

    let _SESSION[index] = value;
}

set("test"); // segfault

Thanks :)
@sergeyklay sergeyklay assigned sergeyklay and unassigned sergeyklay Dec 9, 2018
@sergeyklay sergeyklay added the bug label Feb 19, 2019
@sergeyklay
Copy link
Contributor

@dreamsxin In fact, this is an annoying problem with superglobals. It seems I have already solved this issue once. But as we can see - not. Maybe you will be able to see what I didn't see.

@dreamsxin
Copy link
Contributor

@sergeyklay How did you solve it?

Option one, change zephir_array_update_* check it is null, and throw a warning.
Option two, use copy:

zval _SESSION;

zephir_get_global(&_SESSION, SL("_SESSION"));

int zephir_get_global(zval **arr, const char *global, unsigned int global_length)
{
	zval *gv;
	zend_bool jit_initialization = PG(auto_globals_jit);
	zend_string *str = zend_string_init(global, global_length, 0);

	if (jit_initialization) {
		zend_is_auto_global(str);
	}

	if (&EG(symbol_table)) {
		if ((gv = zend_hash_find_ind(&EG(symbol_table), str)) != NULL) {
			ZVAL_DEREF(gv);
			if (Z_TYPE_P(gv) == IS_ARRAY) {
				ZVAL_COPY(*arr, gv);
				zend_string_release(str);
				return SUCCESS;
			}
		}
	}

	array_init(*arr);

	zend_string_release(str);
	return FAILURE;
}

sergeyklay added a commit that referenced this issue Feb 21, 2019
@sergeyklay
Added test for #1775
945e63b 
/cc @CameronHall, @niden
sergeyklay added a commit that referenced this issue Feb 21, 2019
@sergeyklay
Correct test for #1775
4b39b83
sergeyklay added a commit that referenced this issue Feb 21, 2019
@sergeyklay
Added test for #1775
31b9a29 
/cc @CameronHall, @niden
sergeyklay added a commit that referenced this issue Feb 21, 2019
@sergeyklay
Correct test for #1775
5317929
sergeyklay pushed a commit that referenced this issue Feb 23, 2019
@dreamsxin @sergeyklay
Fix #1775
50f0afa
sergeyklay added a commit that referenced this issue Feb 23, 2019
@sergeyklay
Added test for #1775
d738217 
/cc @CameronHall, @niden
sergeyklay added a commit that referenced this issue Feb 23, 2019
@sergeyklay
Correct test for #1775
338aa5c
@dreamsxin dreamsxin mentioned this issue Feb 24, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dreamsxin @sergeyklay @CameronHall