Bug #55288 [Com]: usort segfaults

Tue, 26 Jul 2011 23:27:16 -0700 

Edit report at https://bugs.php.net/bug.php?id=55288&edit=1

 ID:                 55288
 Comment by:         larue...@php.net
 Reported by:        jstephens at qualtrics dot com
 Summary:            usort segfaults
 Status:             Open
 Type:               Bug
 Package:            Arrays related
 Operating System:   Linux
 PHP Version:        5.3.6
 Block user comment: N
 Private report:     N

 New Comment:

I can not reproduce the segfault with your test script in my envrion, and I 
noticed that you have xdebug install in, plz remove all other php extensions 
then check if this bug exists again, thanks


Previous Comments:
------------------------------------------------------------------------
[2011-07-26 19:19:42] jstephens at qualtrics dot com

Description:
------------
usort and uksort (and possibly other related functions) will segfault with the 
given script. I believe it is related to Zend's internal array "copy-on-write".

Test script:
---------------
class X {
        function __construct($v) { $this->v = $v; }
}

function sortIt(&$list) {
        usort($list, function($a, $b) use ($list) {
                return $a->v - $b->v;
        });
}

$list = array();
for($i = 0; $i < 10; ++$i) $list[mt_rand()] = new X(mt_rand());

echo "Sort...";
sortIt($list);
gc_collect_cycles();//segfault
echo "pass.\n";


Expected result:
----------------
"Sort...pass."

Actual result:
--------------
"Sort...Segmentation fault"

[dev@box dev]$ php --version
PHP 5.3.6 (cli) (built: Mar 17 2011 19:14:03) 
Copyright (c) 1997-2011 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies
    with Xdebug v2.1.1, Copyright (c) 2002-2011, by Derick Rethans
[dev@box dev]$ gdb php
<snip>
Reading symbols from /usr/bin/php...(no debugging symbols found)...done.
(gdb) run usortCrash.php
Starting program: /usr/bin/php usortCrash.php
[Thread debugging using libthread_db enabled]
Sort...
Program received signal SIGSEGV, Segmentation fault.
0x00000000005db586 in ?? ()
(gdb) bt
#0  0x00000000005db586 in ?? ()
#1  0x00000000005db610 in ?? ()
#2  0x00000000005dbef5 in gc_collect_cycles ()
#3  0x00000000005cee1d in ?? ()
#4  0x00002aaaae139d0a in xdebug_execute_internal () from 
/usr/lib64/php/modules/xdebug.so
#5  0x00000000005e669d in ?? ()
#6  0x00000000005e5dcb in execute ()
#7  0x00002aaaae13998e in xdebug_execute () from 
/usr/lib64/php/modules/xdebug.so
#8  0x00000000005bf395 in zend_execute_scripts ()
#9  0x000000000056f628 in php_execute_script ()
#10 0x0000000000648ce0 in ?? ()
#11 0x00000033ad41d994 in __libc_start_main () from /lib64/libc.so.6
#12 0x0000000000422009 in _start ()



------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=55288&edit=1

Reply via email to