Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segmentation Fault: Manipulating an undefined variable as an array #1775

Closed
CameronHall opened this issue Dec 8, 2018 · 2 comments
Closed

Segmentation Fault: Manipulating an undefined variable as an array #1775

CameronHall opened this issue Dec 8, 2018 · 2 comments
Labels
bug

Comments

@CameronHall
Copy link

When running PHP as CLI $_SESSION is undefined. So attempting to call this function will attempt to append an array element to an undefined variable which results in a segmentation fault.

function set(string index, var value)
{
    var uniqueId;

    let uniqueId = this->_uniqueId;
    if !empty uniqueId {
        let _SESSION[uniqueId . "#" . index] = value;
        return;
    }

    let _SESSION[index] = value;
}

set("test"); // segfault

Thanks :)
@sergeyklay sergeyklay assigned sergeyklay and unassigned sergeyklay Dec 9, 2018
@danhunsaker danhunsaker added this to Needs triage in Zephir Bugs Dec 12, 2018
@sergeyklay sergeyklay moved this from Needs triage to High priority in Zephir Bugs Jan 31, 2019
@sergeyklay sergeyklay added the bug label Feb 19, 2019
@sergeyklay
Copy link
Member

@dreamsxin In fact, this is an annoying problem with superglobals. It seems I have already solved this issue once. But as we can see - not. Maybe you will be able to see what I didn't see.

@dreamsxin
Copy link
Contributor

@sergeyklay How did you solve it?

Option one, change zephir_array_update_* check it is null, and throw a warning.
Option two, use copy:

zval _SESSION;

zephir_get_global(&_SESSION, SL("_SESSION"));

int zephir_get_global(zval **arr, const char *global, unsigned int global_length)
{
	zval *gv;
	zend_bool jit_initialization = PG(auto_globals_jit);
	zend_string *str = zend_string_init(global, global_length, 0);

	if (jit_initialization) {
		zend_is_auto_global(str);
	}

	if (&EG(symbol_table)) {
		if ((gv = zend_hash_find_ind(&EG(symbol_table), str)) != NULL) {
			ZVAL_DEREF(gv);
			if (Z_TYPE_P(gv) == IS_ARRAY) {
				ZVAL_COPY(*arr, gv);
				zend_string_release(str);
				return SUCCESS;
			}
		}
	}

	array_init(*arr);

	zend_string_release(str);
	return FAILURE;
}

Zephir Bugs automation moved this from High priority to Closed Feb 21, 2019
sergeyklay added a commit that referenced this issue Feb 21, 2019
@sergeyklay
Added test for #1775
945e63b 
/cc @CameronHall, @niden
sergeyklay added a commit that referenced this issue Feb 21, 2019
@sergeyklay
Correct test for #1775
4b39b83
sergeyklay added a commit that referenced this issue Feb 21, 2019
@sergeyklay
Added test for #1775
31b9a29 
/cc @CameronHall, @niden
sergeyklay added a commit that referenced this issue Feb 21, 2019
@sergeyklay
Correct test for #1775
5317929
sergeyklay pushed a commit that referenced this issue Feb 23, 2019
@dreamsxin @sergeyklay
Fix #1775
50f0afa
sergeyklay added a commit that referenced this issue Feb 23, 2019
@sergeyklay
Added test for #1775
d738217 
/cc @CameronHall, @niden
sergeyklay added a commit that referenced this issue Feb 23, 2019
@sergeyklay
Correct test for #1775
338aa5c
@dreamsxin dreamsxin mentioned this issue Feb 24, 2019
Closed
@niden niden removed this from Closed in Zephir Bugs Feb 16, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dreamsxin @sergeyklay @CameronHall