Edit report at https://bugs.php.net/bug.php?id=62616&edit=1
ID: 62616 Updated by: larue...@php.net Reported by: zoeslam at gmail dot com Summary: ArrayIterator::count() from IteratorIterator instance gives Segmentation fault Status: Verified Type: Bug Package: SPL related Operating System: Ubuntu 12.04 PHP Version: 5.4.5 Block user comment: N Private report: N New Comment: I've find the reason, but seems not easy to fix. $ii->count, will finally call to arrayObject->count (due to implemention of spl_dual_it_get_method). but arrayObject->count will take the object as a spl_array_object, which is totally different struct with spl_dual_it_object, then in the spl_array_object_count_elements_helper , it will make the object struct mess(via update pos) Previous Comments: ------------------------------------------------------------------------ [2012-07-20 13:57:50] jpa...@php.net I can reproduce on 5.3.14 I can only reproduce calling the method directly. Calling count($ii) instead of $ii->count() wont segfault ------------------------------------------------------------------------ [2012-07-20 12:54:55] f...@php.net BT #0 0x00007fdfaf4221d8 in ?? () #1 0x0000000000594a41 in spl_dual_it_free (intern=0x7fdfaf53fa20) at /opt/src/php-5.4.5/ext/spl/spl_iterators.c:1585 #2 spl_dual_it_dtor (_object=0x7fdfaf53fa20, handle=<optimized out>) at /opt/src/php-5.4.5/ext/spl/spl_iterators.c:2237 #3 0x00000000006a7b20 in zend_objects_store_del_ref_by_handle_ex (handle=2, handlers=<optimized out>) at /opt/src/php-5.4.5/Zend/zend_objects_API.c:206 #4 0x00000000006a7b63 in zend_objects_store_del_ref (zobject=0x7fdfaf53f990) at /opt/src/php-5.4.5/Zend/zend_objects_API.c:172 #5 0x0000000000674082 in _zval_dtor (zvalue=<optimized out>) at /opt/src/php- 5.4.5/Zend/zend_variables.h:35 #6 _zval_ptr_dtor (zval_ptr=0x7fdfaf53fb30) at /opt/src/php- 5.4.5/Zend/zend_execute_API.c:438 #7 _zval_ptr_dtor (zval_ptr=0x7fdfaf53fb30) at /opt/src/php- 5.4.5/Zend/zend_execute_API.c:427 #8 0x000000000068e28b in zend_hash_apply_deleter (ht=ht@entry=0xd34508, p=p@entry=0x7fdfaf53fb18) at /opt/src/php-5.4.5/Zend/zend_hash.c:650 #9 0x000000000068fdd1 in zend_hash_reverse_apply (ht=0xd34508, apply_func=apply_func@entry=0x673f10 <zval_call_destructor>) at /opt/src/php- 5.4.5/Zend/zend_hash.c:804 #10 0x000000000067438b in shutdown_destructors () at /opt/src/php- 5.4.5/Zend/zend_execute_API.c:217 #11 0x00000000006826c0 in zend_call_destructors () at /opt/src/php- 5.4.5/Zend/zend.c:925 #12 0x0000000000624805 in php_request_shutdown (dummy=dummy@entry=0x0) at /opt/src/php-5.4.5/main/main.c:1723 #13 0x0000000000726004 in do_cli (argc=2, argv=0x7fff5ea442f8) at /opt/src/php- 5.4.5/sapi/cli/php_cli.c:1174 #14 0x0000000000428455 in main (argc=2, argv=0x7fff5ea442f8) at /opt/src/php- 5.4.5/sapi/cli/php_cli.c:1364 ------------------------------------------------------------------------ [2012-07-20 11:54:38] f...@php.net Reproducible on Debian wheezy with 5.4.0 and 5.4.5. ------------------------------------------------------------------------ [2012-07-20 08:13:34] vanidlesky dot jr at gmail dot com VanZCool ------------------------------------------------------------------------ [2012-07-20 08:07:05] zoeslam at gmail dot com Description: ------------ The code explains all, no idea why it happens. Verified on Ubuntu and Slackware, both on PHP 5.4.3, PHP 5.4.4, PHP 5.4.5. Test script: --------------- $ai = new ArrayIterator(array(0,1)); var_dump($ai->count()); $ii = new IteratorIterator($ai); var_dump($ii->count()); Expected result: ---------------- int(2) int(2) Actual result: -------------- int(2) int(2) Segmentation fault ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=62616&edit=1