ID: 43310 Comment by: crrodriguez+php at suse dot de Reported By: commander at graphicore dot de Status: Feedback Bug Type: Reproducible crash Operating System: Linux, WinXp PHP Version: 5.2.5 New Comment:
this is the deal 5_3 is fine 5_2 non-debug = Crashes 5_2 debug Starting program: /home/cristian/5.2/sapi/cli/php ../crash.php 4 objects are loaded Warning: array_keys(): The first argument should be an array in /home/cristian/crash.php on line 18 3 objects are loaded [Fri Nov 16 07:27:03 2007] Script: '../crash.php' /home/cristian/5.2/Zend/zend_vm_execute.h(405) : Freeing 0x0096A6A8 (24 bytes), script=../crash.php Last leak repeated 2 times [Fri Nov 16 07:27:03 2007] Script: '../crash.php' /home/cristian/5.2/Zend/zend_execute.c(1009) : Freeing 0x0096C890 (71 bytes), script=../crash.php /home/cristian/5.2/Zend/zend_hash.c(388) : Actual location (location was relayed) Last leak repeated 2 times [Fri Nov 16 07:27:03 2007] Script: '../crash.php' /home/cristian/5.2/Zend/zend_execute.c(1061) : Freeing 0x0096F748 (24 bytes), script=../crash.php Last leak repeated 1 time [Fri Nov 16 07:27:03 2007] Script: '../crash.php' /home/cristian/5.2/Zend/zend_execute.c(1065) : Freeing 0x0096F7B8 (72 bytes), script=../crash.php /home/cristian/5.2/Zend/zend_API.c(821) : Actual location (location was relayed) Last leak repeated 3 times [Fri Nov 16 07:27:03 2007] Script: '../crash.php' /home/cristian/5.2/Zend/zend_hash.c(247) : Freeing 0x0096FB38 (79 bytes), script=../crash.php === Total 13 memory leaks detected === Previous Comments: ------------------------------------------------------------------------ [2007-11-16 00:51:03] [EMAIL PROTECTED] Thank you for this bug report. To properly diagnose the problem, we need a backtrace to see what is happening behind the scenes. To find out how to generate a backtrace, please read http://bugs.php.net/bugs-generating-backtrace.php for *NIX and http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32 Once you have generated a backtrace, please submit it to this bug report and change the status back to "Open". Thank you for helping us make PHP better. ------------------------------------------------------------------------ [2007-11-16 00:32:00] felipensp at gmail dot com Works fine in PHP 5.3.0-dev (cli) (built: Nov 15 2007 18:47:59) ------------------------------------------------------------------------ [2007-11-15 23:18:37] commander at graphicore dot de Description: ------------ The code crashes the Apache process immediately. The crash occurs with other functions(array_values, print_r, gettype, ...) instead of array_keys() as well. To avoid the crash delete the reference in Line 7 to copy the array that contains the references. That was intended anyway. However, it took hours to find the problem. A Runtime-Error or something like that would be nice. Systems: Linux(Ubuntu): Apache/2.2.4 PHP/5.2.3-1ubuntu6 Apache error.log: [Thu Nov 15 23:18:48 2007] [notice] child pid 2874 exit signal Segmentation fault (11) WinXp: Apache/2.2.3 (Win32) PHP Version 4.4.4 Apache error.log: [Thu Nov 15 23:43:43 2007] [notice] Parent: child process exited with status 3221225477 -- Restarting. best regards Reproduce code: --------------- <?php class aClass{ var $arr; function makeObjects($load){ for($i = 1; $load >= $i; $i++){ $this->arr['objects'][$i] = new aClass(); $this->arr['objects'][$i]->arr =& $this->arr;//copying $this->arr avoids the crash } echo count($this->arr['objects']).' objects are loaded'."\n"; } } $root = new aClass(); $objects[0] =& $root; $root->arr['objects'] =& $objects; $load = 3; $root->makeObjects($load); unset($objects[$load]);//unset the last object array_keys($root->arr['objects']);//crash echo count($objects).' objects are loaded'; ?> Expected result: ---------------- 4 objects are loaded 3 objects are loaded Actual result: -------------- the process crashes, no warning, no error ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=43310&edit=1
