ID: 20169
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
-Status: Open
+Status: Verified
Bug Type: Reproducible crash
Operating System: Debian GNU/Linux (mult ver/arch)
PHP Version: 4CVS-2002-10-30
-Assigned To:
+Assigned To: moriyoshi
New Comment:
Verified with HEAD
Previous Comments:
------------------------------------------------------------------------
[2002-10-30 05:02:39] [EMAIL PROTECTED]
In general, implode() seems to clobber its first argument in such a way
that subsequent accesses can cause a segfault.
I've attached the most trivial example that reproduces the problem (for
me). However, the behaviour can differ under different conditions, and
I can supply other example if required.
Invariably, implode() will work fine and return a sensible string, but
accessing the delimiter variable used will case problems.
In some cases, it's actually possible to print_r() the clobbered
delimiter (and see random garbage, but no crash), but it will crash
when you concatenate the clobbered string with another string.
Sometimes, php will die somewhat gracefully saying that it can't
allocate enough memory, but in my case it was saying that it couldn't
allocate 1.5Gb of memory to concatenate strings which were well under
100k combined.
Once, it even set the delimiter string to the string "*RECURSION*".
As a workaround, one can create a string duplicate function that
creates a copy that can safely be used, leaving the real delimiter
string safe. It works by copying the string one character at a time, as
a simple "$copy = $string" will not actually create a new string.
<?
/* return a "duplicate" delimiter string */
function dup ($string)
{
/* generate a copy of the delimiter string using by
* concatenating the individual characters one at a
* time.
*/
for ($pos = 0; $pos < strlen($string); $pos++)
$dup .= substr($string, $pos, 1);
return $dup;
}
?>
<?
$delimiter = "|";
echo "delimiter: $delimiter\n";
implode($delimiter, array("foo", "bar"));
echo "delimiter: $delimiter\n";
?>
Output was:
Status: 200
Content-type: text/html
X-Powered-By: PHP/4.3.0-dev
delimiter: |
delimiter: Segmentation fault
Backtrace:
#0 0x0811a635 in shutdown_memory_manager (silent=0, clean_cache=0)
at /home/kims/php4/Zend/zend_alloc.c:461
461 REMOVE_POINTER_FROM_LIST(ptr);
(gdb) bt
#0 0x0811a635 in shutdown_memory_manager (silent=0, clean_cache=0)
at /home/kims/php4/Zend/zend_alloc.c:461
#1 0x081046d8 in php_request_shutdown (dummy=0x0)
at /home/kims/php4/main/main.c:920
#2 0x0813cf64 in main (argc=2, argv=0xbffffa84)
at /home/kims/php4/sapi/cgi/cgi_main.c:1184
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=20169&edit=1
