#20853 [NEW]: getting objectarray with 90 or more objects back from java produces a crash

andreas Fri, 06 Dec 2002 01:21:18 -0800

From:             [EMAIL PROTECTED]
Operating system: Linux
PHP version:      4.2.3
PHP Bug Type:     Reproducible crash
Bug description:  getting objectarray with 90 or more objects back from java produces 
a crash


I have php compiled with 
'./configure' '--prefix=/usr/local/php'
'--with-apxs=/usr/local/apache/bin/apxs'
'--with-java=/usr/java/j2sdk1.4.1'

I have added two simple Java sources and a php script to reproduce the
error at the end of this description.
The error is a pointer error. Perhaps a variable gets a wrong pointer or
the memory is changed during the mapping process from java to php.

I've found out, that the error happens in th HashTable struct. Here is a
little extract from the logging I did in the zend_hash.c

ZEND_API int zend_hash_index_update_or_next_insert(HashTable *ht, ulong h,
void *pData, uint nDataSize, void **pDest, int flag)
{
...
  nIndex = h & ht->nTableMask;
  syslog(LOG_CONS,"zend nIndex    : %d",nIndex);
  syslog(LOG_CONS,"zend tablesize : %d",ht->nTableSize);
  syslog(LOG_CONS,"zend elementnr : %d",ht->nNumOfElements);
...

Dec  6 10:15:08 abi httpd: zend nIndex    : 0
Dec  6 10:15:08 abi httpd: zend tablesize : 8
Dec  6 10:15:08 abi httpd: zend elementnr : 0
---------------------------------------------------
Dec  6 10:15:08 abi httpd: zend nIndex    : 0
Dec  6 10:15:08 abi httpd: zend tablesize : 8
Dec  6 10:15:08 abi httpd: zend elementnr : 0
---------------------------------------------------
Dec  6 10:15:08 abi httpd: zend nIndex    : 0
Dec  6 10:15:08 abi httpd: zend tablesize : 8
Dec  6 10:15:08 abi httpd: zend elementnr : 0
---------------------------------------------------
Dec  6 10:15:08 abi httpd: zend nIndex    : 11
Dec  6 10:15:08 abi httpd: zend tablesize : 16
Dec  6 10:15:08 abi httpd: zend elementnr : 10
---------------------------------------------------
Dec  6 10:15:08 abi httpd: zend nIndex    : 0
Dec  6 10:15:08 abi httpd: zend tablesize : 8
Dec  6 10:15:08 abi httpd: zend elementnr : 0
---------------------------------------------------
Dec  6 10:15:09 abi httpd: zend nIndex    : 1
Dec  6 10:15:09 abi httpd: zend tablesize : 8
Dec  6 10:15:09 abi httpd: zend elementnr : 1
---------------------------------------------------
Dec  6 10:15:09 abi httpd: zend nIndex    : 12
Dec  6 10:15:09 abi httpd: zend tablesize : 16
Dec  6 10:15:09 abi httpd: zend elementnr : 11
---------------------------------------------------
Dec  6 10:15:09 abi httpd: zend nIndex    : 0
Dec  6 10:15:09 abi httpd: zend tablesize : 12
Dec  6 10:15:09 abi httpd: zend elementnr : 138994948

The last entry is produced by the call from java.c
  zend_hash_index_update(Z_OBJPROP_P(presult), 0, &handle, sizeof(pval *),
NULL);
in the method Java_net_php_reflect_setResultFromObject
and the nr in elementnr is the pointer to the next element!
I added some logging to the java class and saw that the number which is
given back from jni for storing the next element is exactly that number!!!
So it really seemst to be a pointer problem, but I can' t see if it is a
problem of java.c or a problem of the php-engine.

Hope this helps!
Andi



Php2Java.java
--------------
package de.slab.php2java;
public class Php2Java 
{
        public SecondClass[] getSecondClassArray( int nr )
        {
                SecondClass[] sc = new SecondClass[nr];
                for ( int i=0; i < nr; i++ )
                {
                        sc[i] = new SecondClass("SC "+i);
                }
                return sc;
        }
        
        public String[] getStrings( int nr )
        {
          String[] sc = new String[nr];
          for ( int i=0; i < nr; i++ )
          {
            sc[i] = "SC "+i;
          }
          return sc;
        }
}

-- 
Edit bug report at http://bugs.php.net/?id=20853&edit=1
-- 
Try a CVS snapshot:         http://bugs.php.net/fix.php?id=20853&r=trysnapshot
Fixed in CVS:               http://bugs.php.net/fix.php?id=20853&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=20853&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=20853&r=needtrace
Try newer version:          http://bugs.php.net/fix.php?id=20853&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=20853&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=20853&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=20853&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=20853&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=20853&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=20853&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=20853&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=20853&r=isapi

#20853 [NEW]: getting objectarray with 90 or more objects back from java produces a crash

Reply via email to