Edit report at https://bugs.php.net/bug.php?id=55288&edit=1
ID: 55288 Updated by: larue...@php.net Reported by: jstephens at qualtrics dot com Summary: usort segfaults -Status: Open +Status: Feedback Type: Bug Package: Arrays related Operating System: Linux PHP Version: 5.3.6 Block user comment: N Private report: N New Comment: Please try using this snapshot: http://snaps.php.net/php5.3-latest.tar.gz For Windows: http://windows.php.net/snapshots/ Please try using this snapshot: http://snaps.php.net/php5.3-201107290830.tar.gz For Windows: http://windows.php.net/snapshots/ Previous Comments: ------------------------------------------------------------------------ [2011-07-27 14:35:09] jstephens at qualtrics dot com I just downloaded and compiled 5.3.6 from the website using "./configure --enable-debug=yes" on a different machine (Ubuntu 11.04 x64) and was still able to reproduce it. Here's a better backtrace: (gdb) run uSortCrash.php Starting program: /home/jstephens/bin/php-5.3.6/sapi/cli/php uSortCrash.php [Thread debugging using libthread_db enabled] Sort... Program received signal SIGSEGV, Segmentation fault. 0x00000000007f8f2f in zval_mark_grey (pz=0xfd1ab8) at /home/jstephens/bin/php-5.3.6/Zend/zend_gc.c:372 372 pz = *(zval**)p->pData; (gdb) bt #0 0x00000000007f8f2f in zval_mark_grey (pz=0xfd1ab8) at /home/jstephens/bin/php-5.3.6/Zend/zend_gc.c:372 #1 0x00000000007f91d9 in gc_mark_roots () at /home/jstephens/bin/php-5.3.6/Zend/zend_gc.c:435 #2 0x00000000007f9a8c in gc_collect_cycles () at /home/jstephens/bin/php-5.3.6/Zend/zend_gc.c:664 #3 0x00000000007e751d in zif_gc_collect_cycles (ht=0, return_value=0xfd93e0, return_value_ptr=0x0, this_ptr=0x0, return_value_used=0) at /home/jstephens/bin/php-5.3.6/Zend/zend_builtin_functions.c:337 #4 0x000000000080751c in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7ebe090) at /home/jstephens/bin/php-5.3.6/Zend/zend_vm_execute.h:316 #5 0x000000000080ba8b in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x7ffff7ebe090) at /home/jstephens/bin/php-5.3.6/Zend/zend_vm_execute.h:1606 #6 0x0000000000806a1a in execute (op_array=0xff1800) at /home/jstephens/bin/php-5.3.6/Zend/zend_vm_execute.h:107 #7 0x00000000007d4053 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/jstephens/bin/php-5.3.6/Zend/zend.c:1194 #8 0x000000000075e583 in php_execute_script (primary_file=0x7fffffffdf70) at /home/jstephens/bin/php-5.3.6/main/main.c:2268 #9 0x00000000008b47dd in main (argc=2, argv=0x7fffffffe1d8) at /home/jstephens/bin/php-5.3.6/sapi/cli/php_cli.c:1193 ------------------------------------------------------------------------ [2011-07-27 14:13:22] jstephens at qualtrics dot com I disabled all my extensions but, unfortunately, no dice. I might add, we haven't been able to reproduce it with PHP versions before 5.3.6. (gdb) run usortCrash.php Starting program: /usr/bin/php usortCrash.php [Thread debugging using libthread_db enabled] Sort... Program received signal SIGSEGV, Segmentation fault. 0x00000000005db586 in ?? () (gdb) bt #0 0x00000000005db586 in ?? () #1 0x00000000005db610 in ?? () #2 0x00000000005dbef5 in gc_collect_cycles () #3 0x00000000005cee1d in ?? () #4 0x00000000005e6869 in ?? () #5 0x00000000005e5dcb in execute () #6 0x00000000005bf395 in zend_execute_scripts () #7 0x000000000056f628 in php_execute_script () #8 0x0000000000648ce0 in ?? () #9 0x00000033ad41d994 in __libc_start_main () from /lib64/libc.so.6 #10 0x0000000000422009 in _start () ------------------------------------------------------------------------ [2011-07-27 06:27:00] larue...@php.net I can not reproduce the segfault with your test script in my envrion, and I noticed that you have xdebug install in, plz remove all other php extensions then check if this bug exists again, thanks ------------------------------------------------------------------------ [2011-07-26 19:19:42] jstephens at qualtrics dot com Description: ------------ usort and uksort (and possibly other related functions) will segfault with the given script. I believe it is related to Zend's internal array "copy-on-write". Test script: --------------- class X { function __construct($v) { $this->v = $v; } } function sortIt(&$list) { usort($list, function($a, $b) use ($list) { return $a->v - $b->v; }); } $list = array(); for($i = 0; $i < 10; ++$i) $list[mt_rand()] = new X(mt_rand()); echo "Sort..."; sortIt($list); gc_collect_cycles();//segfault echo "pass.\n"; Expected result: ---------------- "Sort...pass." Actual result: -------------- "Sort...Segmentation fault" [dev@box dev]$ php --version PHP 5.3.6 (cli) (built: Mar 17 2011 19:14:03) Copyright (c) 1997-2011 The PHP Group Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies with Xdebug v2.1.1, Copyright (c) 2002-2011, by Derick Rethans [dev@box dev]$ gdb php <snip> Reading symbols from /usr/bin/php...(no debugging symbols found)...done. (gdb) run usortCrash.php Starting program: /usr/bin/php usortCrash.php [Thread debugging using libthread_db enabled] Sort... Program received signal SIGSEGV, Segmentation fault. 0x00000000005db586 in ?? () (gdb) bt #0 0x00000000005db586 in ?? () #1 0x00000000005db610 in ?? () #2 0x00000000005dbef5 in gc_collect_cycles () #3 0x00000000005cee1d in ?? () #4 0x00002aaaae139d0a in xdebug_execute_internal () from /usr/lib64/php/modules/xdebug.so #5 0x00000000005e669d in ?? () #6 0x00000000005e5dcb in execute () #7 0x00002aaaae13998e in xdebug_execute () from /usr/lib64/php/modules/xdebug.so #8 0x00000000005bf395 in zend_execute_scripts () #9 0x000000000056f628 in php_execute_script () #10 0x0000000000648ce0 in ?? () #11 0x00000033ad41d994 in __libc_start_main () from /lib64/libc.so.6 #12 0x0000000000422009 in _start () ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=55288&edit=1