ID: 24581 Updated by: [EMAIL PROTECTED] Reported By: daniel dot goss at t-systems dot com -Status: Verified +Status: Wont fix Bug Type: Scripting Engine problem Operating System: RedHat 8.0, 7.3 PHP Version: 4.3.3RC2-dev, 5.0.0b2-dev New Comment:
It's the same as every recursive bug: Stack overflows. Previous Comments: ------------------------------------------------------------------------ [2003-07-10 13:02:15] [EMAIL PROTECTED] Verified with PHP 4.3.3RC2-dev and PHP 5.0.0b2-dev, Backtrace for 4.3.3RC2-dev: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1024 (runnable)] 0x82c1020 in call_user_function_ex (function_table=0x85ad230, object_pp=0x0, function_name=0x5a5a5a5a, retval_ptr_ptr=0xbfffd1c4, param_count=2, params=0xbfffd1c8, no_separation=0, symbol_table=0x0) at /usr/src/web/php/php4_3/Zend/zend_execute_API.c:444 444 if (function_name->type==IS_ARRAY) { /* assume array($obj, $name) couple */ (gdb) bt #0 0x82c1020 in call_user_function_ex (function_table=0x85ad230, object_pp=0x0, function_name=0x5a5a5a5a, retval_ptr_ptr=0xbfffd1c4, param_count=2, params=0xbfffd1c8, no_separation=0, symbol_table=0x0) at /usr/src/web/php/php4_3/Zend/zend_execute_API.c:444 #1 0x81f1bd5 in array_user_compare (a=0x874c388, b=0x874c1fc) at /usr/src/web/php/php4_3/ext/standard/array.c:532 #2 0x82db4da in zend_qsort (base=0x874c1fc, nmemb=100, siz=4, compare=0x81f1b70 <array_user_compare>) at /usr/src/web/php/php4_3/Zend/zend_qsort.c:86 #3 0x82d46f4 in zend_hash_sort (ht=0x874d21c, sort_func=0x82db384 <zend_qsort>, compar=0x81f1b70 <array_user_compare>, renumber=1) at /usr/src/web/php/php4_3/Zend/zend_hash.c:1133 #4 0x81f1dd1 in zif_usort (ht=2, return_value=0x874d2d4, this_ptr=0x0, return_value_used=0) at /usr/src/web/php/php4_3/ext/standard/array.c:564 #5 0x82e03a2 in execute (op_array=0x874898c) at /usr/src/web/php/php4_3/Zend/zend_execute.c:1616 #6 0x82cce34 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/web/php/php4_3/Zend/zend.c:886 #7 0x828fefe in php_execute_script (primary_file=0xbffff8bc) at /usr/src/web/php/php4_3/main/main.c:1685 #8 0x82f4367 in main (argc=2, argv=0xbffff924) at /usr/src/web/php/php4_3/sapi/cli/php_cli.c:818 #9 0x406689cb in __libc_start_main (main=0x82f37e4 <main>, argc=2, argv=0xbffff924, init=0x80ab2c0 <_init>, fini=0x84525b4 <_fini>, rtld_fini=0x4000aea0 <_dl_fini>, stack_end=0xbffff91c) at ../sysdeps/generic/libc-start.c:92 ------------------------------------------------------------------------ [2003-07-10 04:31:10] daniel dot goss at t-systems dot com There is a little flaw in the example script. The line usort($Test, MySort); should read usort($Test, "MySort"); but the behaviour is the same. ------------------------------------------------------------------------ [2003-07-10 04:26:04] daniel dot goss at t-systems dot com Description: ------------ The php-engine crashes with a segmentation fault if the function, that is called by usort calls another recursive function. The recoursion deepth is less than 10 so there could not be a global stack overflow. (Tested recursion deepth outside usort min. 8000.) Reproduce code: --------------- <? function MyTest($A, $B, $C, $D, $E, $F, $G) { echo "|".$A++."|<BR>"; flush(); if ($A>10) return 0; MyTest($A, $B, $C, "", "", "", ""); return 0; } function MySort($A, $B) { return MyTest(0,$A,$B,"","","",""); } for ($k=0; $k<100; $k++) { $Test[$k]=rand(1,100); } echo "BEGIN<BR>"; usort($Test, MySort); echo "END<BR>"; ?> Expected result: ---------------- The recursion deepth inside the usort function should be min. 100. Due to the recursive nature of modern sorting algorithms, I understand that the full recursion deepth, like outside of usort, is not available. But it should be much more than 10 (on my system)! Actual result: -------------- [notice] child pid 8651 exit signal Segmentation fault (11) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=24581&edit=1