From: stefan at hotpaenz dot de
Operating system: Linux 2.6.3
PHP version: 5CVS-2004-08-07 (dev)
PHP Bug Type: Reproducible crash
Bug description: foreach/string handling strangeness (crash)
Description:
------------
Consider the following code. Of course it isn't useful,
but nevertheless it shouldn't crash PHP.
Perhaps this is related to bug 28487 (another crash,
affecting real-world scripts) because the same function
zend_switch_free_handler is involved.
Perhaps this is the same bug as 28574, which was closed as
the problem went away. The crash I am reporting now occurs
with a current snapshot (200408071830).
Reproduce code:
---------------
<?
$var="This is a string";
$dummy="";
unset($dummy);
foreach($var['nosuchkey'] as $v) {
}
Expected result:
----------------
Warning: Invalid argument supplied for foreach() in
crash.php on line 7
[no crash of course]
Actual result:
--------------
Warning: Invalid argument supplied for foreach() in
crash.php on line 7
Segmentation fault (core dumped)
[backtrace follows]
#0 _efree (ptr=0x75736f6e)
at /root/php/200408071830/php5-5.0.0/Zend/zend_alloc.c:285
285 CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p->size);
(gdb) bt
#0 _efree (ptr=0x75736f6e)
at /root/php/200408071830/php5-5.0.0/Zend/zend_alloc.c:285
#1 0x082424f8 in _zval_ptr_dtor (zval_ptr=0xbfffd698)
at /root/php/200408071830/php5-5.0.0/Zend/zend_execute_API.c:396
#2 0x0827288b in zend_switch_free_handler
(execute_data=0xbfffd710, opline=0x872749c,
op_array=0x8722f24, tsrm_ls=0x8431018)
at /root/php/200408071830/php5-5.0.0/Zend/zend_execute.c:210
#3 0x0826ce85 in execute (op_array=0x8722f24,
tsrm_ls=0x8431018)
at /root/php/200408071830/php5-5.0.0/Zend/zend_execute.c:1400
#4 0x0824d971 in zend_execute_scripts (type=8,
tsrm_ls=0x8431018, retval=0x0, file_count=3)
at /root/php/200408071830/php5-5.0.0/Zend/zend.c:1068
#5 0x08210ab4 in php_execute_script
(primary_file=0xbffffae0, tsrm_ls=0x8431018)
at /root/php/200408071830/php5-5.0.0/main/main.c:1631
#6 0x08279bec in main (argc=2, argv=0xbffffba4)
at /root/php/200408071830/php5-5.0.0/sapi/cgi/cgi_main.c:1568
--
Edit bug report at http://bugs.php.net/?id=29566&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=29566&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=29566&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=29566&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=29566&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=29566&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=29566&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=29566&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=29566&r=support
Expected behavior: http://bugs.php.net/fix.php?id=29566&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=29566&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=29566&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=29566&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=29566&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=29566&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=29566&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=29566&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=29566&r=float
