From: [EMAIL PROTECTED]
Operating system: Linux Mandrake Cooker
PHP version: 4.3.0
PHP Bug Type: Reproducible crash
Bug description: segfault in _erealloc
This quite heavily recursive script produces a segmentation fault :
<?php
$depls=Array(
'G'=>Array(-1, 0),
'D'=>Array(1, 0),
'B'=>Array(0, 1),
'H'=>Array(0, -1));
$pieces=Array(
Array(Array(0,0),
Array(0,1)),
Array(Array(0,0),
Array(0,1)),
Array(Array(0,0),
Array(0,1)),
Array(Array(0,0),
Array(0,1)),
Array(Array(0,0),
Array(0,1),
Array(1,0),
Array(1,1)),
Array(Array(0,0)),
Array(Array(0,0)),
Array(Array(0,0)),
Array(Array(0,0)),
Array(Array(0,0),
Array(1,0)));
$init=Array(
Array(0,0),
Array(3,0),
Array(1,3),
Array(2,3),
Array(1,0),
Array(0,3),
Array(0,4),
Array(3,3),
Array(3,4),
Array(1,2));
function is_final($situation){
return(($situation[4][0]==1)&&($situation[4][1]==3));
}
function occupable($situation, $x, $y){
global $pieces;
if($x>3) return false;
if($y>4) return false;
if($x<0) return false;
if($y<0) return false;
foreach($situation as $piece=>$pos){
if($pos=="") continue;
$p = $pieces[$piece];
foreach($p as $case){
if(($case[0]+$pos[0]==$x)&&
($case[1]+$pos[1]==$y)) return false;
}
}
return true;
}
function valide($situation, $piece, $mov){
global $pieces;
$p = $pieces[$piece];
$x = $situation[$piece][0];
$y = $situation[$piece][1];
$situation[$piece]="";
foreach($p as $case){
if(!occupable($situation, $x+$case[0]+$mov[0], $y+$case[1]+$mov[1]))
return false;
}
return true;
}
function resolv($situation){
global $tab, $depls, $pieces, $solution;
$d = $depls;
$p = $pieces;
if(is_final($situation)){
$solution = "";
return;
}
foreach($p as $num=>$piece){
foreach($d as $nom=>$mov){
if(valide($situation, $num, $mov)){
$situation2=serialize($situation);
$s3=$situation;
$situation[$num][0]+=$mov[0];
$situation[$num][1]+=$mov[1];
$s=serialize($situation);
if(isset($tab[$s])){
$situation = $s3;
continue;
}
$tab[$s]="";
//echo $num.' '.$nom."\n";
//print_r($situation);
$tab[$situation2][$s]=Array($num=>$nom);
resolv($situation);
if($tab[$s]=="") unset($tab[$s]);
if(isset($solution)){
$solution=$num.' '.$nom."\n".$solution;
return;
}
$situation = $s3;
}
}
}
}
resolv($init);
print_r($tab);
if(isset($solution)) echo $solution;
?>
(gdb) bt
#0 0x400ed1ee in _erealloc () from /usr/lib/libphp_common.so.430
(gdb)
I tryied it with an older PHP and also got a segfault but somewhere else.
--
Edit bug report at http://bugs.php.net/?id=21547&edit=1
--
Try a CVS snapshot: http://bugs.php.net/fix.php?id=21547&r=trysnapshot
Fixed in CVS: http://bugs.php.net/fix.php?id=21547&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=21547&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=21547&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=21547&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=21547&r=support
Expected behavior: http://bugs.php.net/fix.php?id=21547&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=21547&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=21547&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=21547&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=21547&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=21547&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=21547&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=21547&r=gnused
