ID: 17115
Comment by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: No Feedback
Bug Type: Reproducible crash
Operating System: Redhat 7.1
PHP Version: 4.2.0
New Comment:
I see the same bug in 4.2.3. I haven't tried "latest".
OS: Debian testing/unstable
Configure Command: '../configure' '--prefix=/usr'
'--prefix=/usr' '--with-regex=php'
'--enable-force-cgi-redirect'
'--with-config-file-path=/etc/php4/cgi' '--disable-rpath'
'--disable-pear' '--disable-debug' '--enable-memory-limit'
'--with-layout=GNU' '--enable-calendar' '--enable-sysvsem'
'--enable-sysvshm' '--enable-track-vars'
'--enable-trans-sid' '--enable-bcmath' '--with-bz2'
'--enable-ctype' '--with-db2' '--with-iconv'
'--enable-exif' '--enable-filepro' '--enable-ftp'
'--with-gettext' '--enable-mbstring'
'--with-pcre-regex=/usr' '--enable-shmop'
'--enable-sockets' '--enable-wddx' '--disable-xml'
'--with-expat-dir=/usr' '--enable-yp' '--with-zlib'
'--without-pgsql' '--with-openssl=/usr' '--disable-static'
'--without-mm' '--without-mysql' '--without-sybase-ct'
$ sudo apt-get install php4/unstable
Reading Package Lists... Done
Building Dependency Tree... Done
Selected version 4:4.2.3-3 (Debian:unstable) for php4
Sorry, php4 is already the newest version.
0 packages upgraded, 0 newly installed, 0 to remove and 0
not upgraded.
$ php4 -v
4.2.3
$ php4
<?php
$f = create_function('$s', 'static $foo = 0; echo "\$s is
$s
[".$foo++."]\n";');
print_r($f("one"));
print_r($f("two"));
print_r($f("three"));
?>
^DSegmentation fault
$ _
I get similar results when running php under Apache.
Error.log says: "child pid 12848 exit signal Segmentation
fault (11)"
Previous Comments:
------------------------------------------------------------------------
[2002-07-18 01:00:11] [EMAIL PROTECTED]
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
------------------------------------------------------------------------
[2002-06-17 21:09:48] [EMAIL PROTECTED]
Neither of those examples crash with this snapshot:
http://snaps.php.net/php4-latest.tar.gz
------------------------------------------------------------------------
[2002-05-09 07:41:59] [EMAIL PROTECTED]
Code is -
<?php
$f = create_function('$s', 'static $foo = 0; echo "\$s is $s
[".$foo++."]\n";');
print_r($f("one"));
print_r($f("two"));
print_r($f("three"));
?>
When run from the command-line this core-dumps under 4.2.0. Running
4.1.1 compiled with --apxs for apache produces incorrect results -
$s is one []
$s is two []
$s is three []
But if used in array_map() different results are produced (still using
4.1.1)
code -
<?php
$f = create_function('$s', 'static $foo = 0; return "\$s is $s
[".$foo++."]\n";');
echo $f("one"), "<br>", $f("two"), "<br>", $f("three"), "<br>";
echo "<p>";
echo join(" | ", array_map($f, array("abc","def","ghi"));
?>
result -
$s is one []
$s is two []
$s is three []
$s is abc [] | $s is def [1] | $s is ghi [2]
But take you the first three calls to $f and the page never returns.
And there are many more bizarre results like 4.1.1 (but there is always
a coredump in 4.2.0).
Details
configure line (4.2.0) -
'./configure' '--enable-cli' '--disable-short-tags'
'--enable-overload' '--enable-sockets' '--with-readline'
configure line (4.1.1) -
'./configure' '--with-apache=../apache_1.3.20' '--with-gd'
'--with-mysql=/usr/local/mysql' '--enable-debug=no'
'--enable-track-vars=yes' '--enable-magic-quotes=yes' '--with-gdbm'
'--with-ndbm' '--with-db' '--with-png-dir=/usr/local'
'--with-zlib-dir=/usr/local' '--with-jpeg-dir=/usr/local'
gdb bt (running 4.2.0 from the commandline) -
#0 0x080e7cd5 in zend_hash_find (ht=0x8183e1c, arKey=0x8183bb4 "foo",
nKeyLength=4, pData=0xbfffdf74) at zend_hash.c:861
#1 0x080fab7a in zend_fetch_var_address (opline=0x8182b1c,
Ts=0xbfffdfa0, type=1) at ./zend_execute.c:560
#2 0x080fc6b8 in execute (op_array=0x8183ee8) at
./zend_execute.c:1239
#3 0x080dcdc3 in call_user_function_ex (function_table=0x8153530,
object_pp=0x0, function_name=0x818199c, retval_ptr_ptr=0xbfffe304,
param_count=1,
params=0x8184154, no_separation=0, symbol_table=0x0) at
zend_execute_API.c:517
#4 0x080f8118 in zif_array_map (ht=2, return_value=0x8184044,
this_ptr=0x0, return_value_used=1) at array.c:3228
#5 0x080fe283 in execute (op_array=0x8181ac4) at
./zend_execute.c:1598
#6 0x080e3efe in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at zend.c:810
#7 0x08062b71 in php_execute_script (primary_file=0xbffff7f0) at
main.c:1381
#8 0x08060b7c in main (argc=3, argv=0xbffff89c) at cgi_main.c:785
#9 0x40136177 in __libc_start_main (main=0x8060374 <main>, argc=3,
ubp_av=0xbffff89c, init=0x805efc8 <_init>, fini=0x8102db0 <_fini>,
rtld_fini=0x4000e184 <_dl_fini>, stack_end=0xbffff88c) at
../sysdeps/generic/libc-start.c:129
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=17115&edit=1
