Edit report at http://bugs.php.net/bug.php?id=48816&edit=1
ID: 48816 Updated by: fel...@php.net Reported by: kim at burgestrand dot se Summary: IteratorIterator seek() causes bus error Status: Assigned Type: Bug Package: SPL related Operating System: Mac OS 10.5.7 PHP Version: 5.3.0 Assigned To: colder Block user comment: N New Comment: I can reproduce it on 5.3-SVN. ==3389== Invalid read of size 4 ==3389== at 0x8291199: spl_dual_it_free (spl_iterators.c:1460) ==3389== by 0x8291653: spl_dual_it_next (spl_iterators.c:1526) ==3389== by 0x8291619: zim_spl_dual_it_next (spl_iterators.c:1616) ==3389== by 0x84E841C: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:316) ==3389== by 0x84E95E3: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:421) ==3389== by 0x84E7101: execute (zend_vm_execute.h:107) ==3389== by 0x84B54ED: zend_execute_scripts (zend.c:1194) ==3389== by 0x8427201: php_execute_script (main.c:2265) ==3389== by 0x8598D70: main (php_cli.c:1193) ==3389== Address 0x6 is not stack'd, malloc'd or (recently) free'd ==3389== ==3389== Process terminating with default action of signal 11 (SIGSEGV) ==3389== Access not within mapped region at address 0x6 ==3389== at 0x8291199: spl_dual_it_free (spl_iterators.c:1460) ==3389== by 0x8291653: spl_dual_it_next (spl_iterators.c:1526) ==3389== by 0x8291619: zim_spl_dual_it_next (spl_iterators.c:1616) ==3389== by 0x84E841C: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:316) ==3389== by 0x84E95E3: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:421) ==3389== by 0x84E7101: execute (zend_vm_execute.h:107) ==3389== by 0x84B54ED: zend_execute_scripts (zend.c:1194) ==3389== by 0x8427201: php_execute_script (main.c:2265) ==3389== by 0x8598D70: main (php_cli.c:1193) Previous Comments: ------------------------------------------------------------------------ [2010-06-04 16:43:17] jan-phpbug at kantert dot net I can reproduce the problem in stock Ubuntu 10.04 lucid on 86_64/amd64. PHP 5.3.2-1ubuntu4.2. Results in a segmentation fault! We experienced similar problems with iterators at other points in our code. ------------------------------------------------------------------------ [2009-07-06 15:56:27] kim at burgestrand dot se I compiled PHP 5.2.10 (configure command: './configure' '--with-mysql=/usr/local/mysql' '--with-mysqli=/usr/local/mysql/bin/mysql_config' '--enable-mbstring' '--with-curl=/usr' '--enable-sockets' '--with-libxml-dir=/opt/local/include/libxml2/libxml' '--with-pdo-mysql=shared,/usr/local/mysql' '--with-iconv=shared,/opt/local' '--with-apxs2' '--with-config-file-path=/etc/php' '--with-config-file-scan-dir=/etc/php/conf.d') and tested the code. No out of bounds exceptions, and the output was consistent: int(0) int(1) ------------------------------------------------------------------------ [2009-07-06 15:51:24] kim at burgestrand dot se I had the same issue on Debian using PHP 5.2.6-3 with Suhosin-Patch 0.9.6.2 sometimes. I mean, have a peek at this output: http://pastebin.com/f1dd1bc27 (linked to pastebin because the bug system thinks I'm spamming) Same code as submitted, with a shebang added to the top #!/usr/bin/env php. ------------------------------------------------------------------------ [2009-07-06 13:46:34] paj...@php.net I can't reproduce here, I got a out of bounds exception on the seek call. ------------------------------------------------------------------------ [2009-07-06 13:32:52] kim at burgestrand dot se Description: ------------ After using seek() on an IteratorIterator containing an ArrayIterator the next() call results in a bus error. Also, the seek() method doesnt seem to advance the key to the specified position on the inner iterator (unless issuing getInnerIterator()->seek(x) directly and calling getInnerIterator()->current()). Reproduce code: --------------- <?php $iiter = new IteratorIterator(new ArrayIterator(range(0, 5))); $iiter->rewind(); $iiter->seek(2); var_dump($iiter->current()); $iiter->next(); // bus error var_dump($iiter->current()); /* End of file */ Expected result: ---------------- int(2) int(3) Actual result: -------------- int(0) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=48816&edit=1