Edit report at https://bugs.php.net/bug.php?id=62616&edit=1
ID: 62616 Updated by: larue...@php.net Reported by: zoeslam at gmail dot com Summary: ArrayIterator::count() from IteratorIterator instance gives Segmentation fault -Status: Verified +Status: Closed Type: Bug Package: SPL related Operating System: Ubuntu 12.04 PHP Version: 5.4.5 -Assigned To: colder +Assigned To: laruence Block user comment: N Private report: N New Comment: This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. For Windows: http://windows.php.net/snapshots/ Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2012-07-21 14:43:52] larue...@php.net Automatic comment on behalf of laruence Revision: http://git.php.net/?p=php-src.git;a=commit;h=0c996613c0173708381f4bfcd28d2441360bc701 Log: Fixed bug #62616 (ArrayIterator::count() from IteratorIterator instance gives Segmentation fault) ------------------------------------------------------------------------ [2012-07-21 08:31:22] zoeslam at gmail dot com I've discovered a similar misbehaviour: https://bugs.php.net/bug.php?id=62629 ------------------------------------------------------------------------ [2012-07-20 17:27:43] larue...@php.net I've find the reason, but seems not easy to fix. $ii->count, will finally call to arrayObject->count (due to implemention of spl_dual_it_get_method). but arrayObject->count will take the object as a spl_array_object, which is totally different struct with spl_dual_it_object, then in the spl_array_object_count_elements_helper , it will make the object struct mess(via update pos) ------------------------------------------------------------------------ [2012-07-20 13:57:50] jpa...@php.net I can reproduce on 5.3.14 I can only reproduce calling the method directly. Calling count($ii) instead of $ii->count() wont segfault ------------------------------------------------------------------------ [2012-07-20 12:54:55] f...@php.net BT #0 0x00007fdfaf4221d8 in ?? () #1 0x0000000000594a41 in spl_dual_it_free (intern=0x7fdfaf53fa20) at /opt/src/php-5.4.5/ext/spl/spl_iterators.c:1585 #2 spl_dual_it_dtor (_object=0x7fdfaf53fa20, handle=<optimized out>) at /opt/src/php-5.4.5/ext/spl/spl_iterators.c:2237 #3 0x00000000006a7b20 in zend_objects_store_del_ref_by_handle_ex (handle=2, handlers=<optimized out>) at /opt/src/php-5.4.5/Zend/zend_objects_API.c:206 #4 0x00000000006a7b63 in zend_objects_store_del_ref (zobject=0x7fdfaf53f990) at /opt/src/php-5.4.5/Zend/zend_objects_API.c:172 #5 0x0000000000674082 in _zval_dtor (zvalue=<optimized out>) at /opt/src/php- 5.4.5/Zend/zend_variables.h:35 #6 _zval_ptr_dtor (zval_ptr=0x7fdfaf53fb30) at /opt/src/php- 5.4.5/Zend/zend_execute_API.c:438 #7 _zval_ptr_dtor (zval_ptr=0x7fdfaf53fb30) at /opt/src/php- 5.4.5/Zend/zend_execute_API.c:427 #8 0x000000000068e28b in zend_hash_apply_deleter (ht=ht@entry=0xd34508, p=p@entry=0x7fdfaf53fb18) at /opt/src/php-5.4.5/Zend/zend_hash.c:650 #9 0x000000000068fdd1 in zend_hash_reverse_apply (ht=0xd34508, apply_func=apply_func@entry=0x673f10 <zval_call_destructor>) at /opt/src/php- 5.4.5/Zend/zend_hash.c:804 #10 0x000000000067438b in shutdown_destructors () at /opt/src/php- 5.4.5/Zend/zend_execute_API.c:217 #11 0x00000000006826c0 in zend_call_destructors () at /opt/src/php- 5.4.5/Zend/zend.c:925 #12 0x0000000000624805 in php_request_shutdown (dummy=dummy@entry=0x0) at /opt/src/php-5.4.5/main/main.c:1723 #13 0x0000000000726004 in do_cli (argc=2, argv=0x7fff5ea442f8) at /opt/src/php- 5.4.5/sapi/cli/php_cli.c:1174 #14 0x0000000000428455 in main (argc=2, argv=0x7fff5ea442f8) at /opt/src/php- 5.4.5/sapi/cli/php_cli.c:1364 ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=62616 -- Edit this bug report at https://bugs.php.net/bug.php?id=62616&edit=1