Edit report at https://bugs.php.net/bug.php?id=54401&edit=1
ID: 54401 Updated by: fel...@php.net Reported by: fel...@php.net Summary: DatePeriod crashes when constructor is not called Status: Assigned -Type: Security +Type: Bug Package: Reproducible crash PHP Version: Irrelevant Assigned To: derick Block user comment: N Private report: N Previous Comments: ------------------------------------------------------------------------ [2012-07-08 08:47:22] reeze dot xia at gmail dot com This bug look the same as https://bugs.php.net/bug.php?id=62500. It initialize private data in constructor, when extend the class without calling it's construtor may cause segfault. The DateInterval add a checking before performance any operation, if it's not initialized an warning will be raised. This may be fixed this way too. ------------------------------------------------------------------------ [2011-03-27 15:32:08] fel...@php.net Description: ------------ DatePeriod relies on constructor being called before trying to iterate over its data. Test script: --------------- <?php class foo extends DatePeriod { public function __construct() { } } foreach (new foo as $y); Expected result: ---------------- No crash Actual result: -------------- Crash #0 memcpy () at ../sysdeps/i386/i686/memcpy.S:75 #1 0xbffff2c8 in ?? () #2 0x0806ec1f in date_period_it_rewind (iter=0x8b1e584, tsrm_ls=0x89022a0) at /home/felipe/dev/php5/ext/date/php_date.c:1902 #3 0x0855330a in ZEND_FE_RESET_SPEC_VAR_HANDLER (execute_data=0x8ade614, tsrm_ls=0x89022a0) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:8816 #4 0x08531442 in execute (op_array=0x8ab2ba0, tsrm_ls=0x89022a0) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:107 #5 0x084fef3d in zend_execute_scripts (type=8, tsrm_ls=0x89022a0, retval=0x0, file_count=3) at /home/felipe/dev/php5/Zend/zend.c:1194 #6 0x0847ad48 in php_execute_script (primary_file=0xbffff488, tsrm_ls=0x89022a0) at /home/felipe/dev/php5/main/main.c:2270 #7 0x085dada7 in main (argc=2, argv=0xbffff604) at /home/felipe/dev/php5/sapi/cli/php_cli.c:1193 ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=54401&edit=1