ID: 43229
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Assigned
Bug Type: Scripting Engine problem
Operating System: CentOS
PHP Version: 5.2CVS-2008-03-25 (CVS)
Assigned To: dmitry
New Comment:
The crash is not related to variable name. It occurs because the script
unset()s the element of array which is still referenced from the
array_walk() function. So later array_walk() tries to access freed
memory and may crash.
The array_walk() manual says:
Users may not change the array itself from the callback function. e.g.
Add/delete elements, unset elements, etc. If the array that array_walk()
is applied to is changed, the behavior of this function is undefined,
and unpredictable.
I think this bug shouldn't be fixed.
Previous Comments:
------------------------------------------------------------------------
[2008-04-12 14:54:09] [EMAIL PROTECTED]
Dmitry, can you please check this out? It's pretty bad if just a
certain name of variable causes a crash.
------------------------------------------------------------------------
[2008-03-25 13:52:12] [EMAIL PROTECTED]
Still crashes using latest 5.2 snapshot.
------------------------------------------------------------------------
[2008-02-09 01:10:05] [EMAIL PROTECTED]
Still creashes for me in 5.3CVS. Please do not re-close without
ensuring a fix - UMRs or memory corruption can be elusive and not show
on some environments while existing on others.
------------------------------------------------------------------------
[2008-01-22 13:45:26] [EMAIL PROTECTED]
Works fine to me.
PHP 5.3.0-dev (cli) (built: Jan 18 2008 12:20:16)
------------------------------------------------------------------------
[2007-12-03 15:13:24] david at grant dot org dot uk
Reproduced on PHP 5.2.5 on RHEL 4.
#0 zend_call_function (fci=0xbff5f4e0, fci_cache=0xbff5f510) at
/home/wdierkes/buildroot/BUILD/php-5.2.5/Zend/zend_execute_API.c:911
#1 0x0309aa8b in php_array_walk (target_hash=0xb7aa1208,
userdata=0xbff5f578, recursive=0) at
/home/wdierkes/buildroot/BUILD/php-5.2.5/ext/standard/array.c:1114
#2 0x0309ae64 in zif_array_walk (ht=3, return_value=0xb7ab3a78,
return_value_ptr=0x0, this_ptr=0x0, return_value_used=0)
at
/home/wdierkes/buildroot/BUILD/php-5.2.5/ext/standard/array.c:1171
#3 0x0318a244 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbff5f7f0) at
/home/wdierkes/buildroot/BUILD/php-5.2.5/Zend/zend_vm_execute.h:200
#4 0x0318971a in execute (op_array=0xb7b8d50c) at
/home/wdierkes/buildroot/BUILD/php-5.2.5/Zend/zend_vm_execute.h:92
#5 0x03189a1f in zend_do_fcall_common_helper_SPEC
(execute_data=0xbff5ffc0) at
/home/wdierkes/buildroot/BUILD/php-5.2.5/Zend/zend_vm_execute.h:234
#6 0x0318971a in execute (op_array=0xb7b8cd50) at
/home/wdierkes/buildroot/BUILD/php-5.2.5/Zend/zend_vm_execute.h:92
#7 0x03189a1f in zend_do_fcall_common_helper_SPEC
(execute_data=0xbff602f0) at
/home/wdierkes/buildroot/BUILD/php-5.2.5/Zend/zend_vm_execute.h:234
#8 0x0318971a in execute (op_array=0xb7b891f8) at
/home/wdierkes/buildroot/BUILD/php-5.2.5/Zend/zend_vm_execute.h:92
#9 0x03189a1f in zend_do_fcall_common_helper_SPEC
(execute_data=0xbff60650) at
/home/wdierkes/buildroot/BUILD/php-5.2.5/Zend/zend_vm_execute.h:234
#10 0x0318971a in execute (op_array=0xb7b37e24) at
/home/wdierkes/buildroot/BUILD/php-5.2.5/Zend/zend_vm_execute.h:92
#11 0x03189a1f in zend_do_fcall_common_helper_SPEC
(execute_data=0xbff625f0) at
/home/wdierkes/buildroot/BUILD/php-5.2.5/Zend/zend_vm_execute.h:234
#12 0x0318971a in execute (op_array=0xb7cd7930) at
/home/wdierkes/buildroot/BUILD/php-5.2.5/Zend/zend_vm_execute.h:92
#13 0x03168d4b in zend_execute_scripts (type=8, retval=0x1a4,
file_count=3) at
/home/wdierkes/buildroot/BUILD/php-5.2.5/Zend/zend.c:1134
#14 0x031214fb in php_execute_script (primary_file=0xbff648e0) at
/home/wdierkes/buildroot/BUILD/php-5.2.5/main/main.c:2004
#15 0x0320caee in php_handler (r=0x96a8480) at
/home/wdierkes/buildroot/BUILD/php-5.2.5/sapi/apache2handler/sapi_apache2.c:631
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/43229
--
Edit this bug report at http://bugs.php.net/?id=43229&edit=1
