From: jr at terragate dot net Operating system: Gentoo Linux 1.4 PHP version: 5.0.1 PHP Bug Type: Reproducible crash Bug description: array_walk_recursive unusable in mod_php
Description: ------------ An Apache child (1.3.x and 2.0.x prefork) crashes if a call to array_walk_recursive has been made in a previous request. For this reason this bug isn't reproduceable with php-cgi nor php-cli. To reliably reproduce this bug run apache (with mod_php) in single process mode (-X) to be sure that the same process will serve the two requests and request the given page twice (or any other php page as second request). PHP configure: './configure' '--prefix=/usr' '--host=i686-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--with-apxs=/usr/sbin/apxs' '--with-config-file-path=/etc/php/apache1-php5' '--without-pear' '--disable-bcmath' '--without-bz2' '--disable-calendar' '--without-jpeg-dir' '--without-cpdflib' '--disable-ctype' '--without-curl' '--without-curlwrappers' '--disable-dbase' '--disable-dio' '--disable-exif' '--without-fam' '--without-fbsql' '--without-fdftk' '--disable-filepro' '--disable-ftp' '--with-gettext' '--without-gmp' '--without-hwapi' '--without-iconv' '--without-informix' '--without-ingres' '--without-interbase' '--enable-mbstring' '--with-mcrypt' '--without-openssl-dir' '--without-mcve' '--disable-memory-limit' '--without-mhash' '--without-mime-magic' '--without-ming' '--without-mnogosearch' '--without-msql' '--without-mssql' '--with-ncurses' '--without-oci8' '--without-oracle' '--with-openssl' '--without-ovrimos' '--enable-pcntl' '--without-pfpro' '--without-pgsql' '--with-pspell' '--without-recode' '--disable-simplexml' '--disable-shmop' '--without-snmp' '--disable-soap' '--disable-sockets' '--disable-spl' '--without-sybase' '--without-sybase-ct' '--disable-sysvmsg' '--disable-sysvsem' '--disable-sysvshm' '--without-tidy' '--disable-tokenizer' '--disable-wddx' '--without-xsl' '--without-xmlrpc' '--disable-yp' '--with-zlib' '--without-cdb' '--with-db4' '--without-dbm' '--without-flatfile' '--with-gdbm' '--without-inifile' '--without-qdbm' '--with-freetype-dir=/usr' '--with-t1lib=/usr' '--enable-gd-jis-conf' '--enable-gd-native-ttf' '--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--with-tiff-dir=/usr' '--without-xpm-dir' '--with-gd' '--with-ldap' '--without-ldap-sasl' '--with-mysql' '--with-mysql-sock=/var/run/mysqld/mysqld.sock' '--without-mm' '--without-msession' '--without-sqlite' '--enable-dba' '--with-readline' '--without-libedit' Reproduce code: --------------- <?php function process_value($key, $value) { // nothing done here } $nested_array = array('foo' => array('bar' => 'baz')); array_walk_recursive($nested_array, 'process_value'); ?> Expected result: ---------------- No Segmentation fault Actual result: -------------- Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 16384 (LWP 15154)] 0x00000006 in ?? () (gdb) bt #0 0x00000006 in ?? () #1 0x4062404f in zend_call_function (fci=0xbfffcd60, fci_cache=0x4083458c) at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/Zend/zend_execute_API.c:853 #2 0x4056dfa0 in php_array_walk (target_hash=0x81724ac, userdata=0x0, recursive=1) at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/ext/standard/array.c:1045 #3 0x4056de86 in php_array_walk (target_hash=0x81725fc, userdata=0x0, recursive=1) at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/ext/standard/array.c:1019 #4 0x4056e3f7 in zif_array_walk_recursive (ht=2, return_value=0x81725b4, this_ptr=0x0, return_value_used=0) at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/ext/standard/array.c:1135 #5 0x40651739 in execute_internal (execute_data_ptr=0xbfffd030, return_value_used=0) at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/Zend/zend_execute.c:1347 #6 0x4083f0ba in apd_execute_internal (execute_data_ptr=0x6, return_value_used=6) at /tmp/tmphGEKR6/apd-1.0/php_apd.c:538 #7 0x406552f1 in zend_do_fcall_common_helper (execute_data=0xbfffd030, opline=0x8176acc, op_array=0x81723b4) at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/Zend/zend_execute.c:2710 #8 0x406559ad in zend_do_fcall_handler (execute_data=0xbfffd030, opline=0x8176acc, op_array=0x81723b4) at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/Zend/zend_execute.c:2840 #9 0x406518da in execute (op_array=0x81723b4) at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/Zend/zend_execute.c:1400 #10 0x4083f01a in apd_execute (op_array=0x81723b4) at /tmp/tmphGEKR6/apd-1.0/php_apd.c:518 #11 0x4062f5ac in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/Zend/zend.c:1061 #12 0x405eaf14 in php_execute_script (primary_file=0xbffff3e0) at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/main/main.c:1627 #13 0x4065d18e in apache_php_module_main (r=0x8161d28, display_source_mode=0) at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/sapi/apache/sapi_apache.c:54 #14 0x4065e123 in send_php (r=0x8161d28, display_source_mode=0, filename=0x8163e30 "/var/www/localhost/htdocs/crash.php") at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/sapi/apache/mod_php5.c:622 #15 0x4065e1a8 in send_parsed_php (r=0x8161d28) at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/sapi/apache/mod_php5.c:637 #16 0x0805595a in ap_invoke_handler (r=0x8161d28) at http_config.c:475 #17 0x0806c403 in process_request_internal (r=0x8161d28) at http_request.c:1289 #18 0x0806c460 in ap_process_request (r=0x8161d28) at http_request.c:1305 #19 0x08062ccb in child_main (child_num_arg=0) at http_main.c:4873 #20 0x08062e9a in make_child (s=0x80990b0, slot=0, now=1094026044) at http_main.c:4997 #21 0x08063023 in startup_children (number_to_start=4) at http_main.c:5079 #22 0x08063738 in standalone_main (argc=2, argv=0xbffff894) at http_main.c:5401 #23 0x08063ffe in main (argc=2, argv=0xbffff894) at http_main.c:5758 -- Edit bug report at http://bugs.php.net/?id=29929&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=29929&r=trysnapshot4 Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=29929&r=trysnapshot50 Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=29929&r=trysnapshot51 Fixed in CVS: http://bugs.php.net/fix.php?id=29929&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=29929&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=29929&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=29929&r=needscript Try newer version: http://bugs.php.net/fix.php?id=29929&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=29929&r=support Expected behavior: http://bugs.php.net/fix.php?id=29929&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=29929&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=29929&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=29929&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=29929&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=29929&r=dst IIS Stability: http://bugs.php.net/fix.php?id=29929&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=29929&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=29929&r=float