ID: 30346
Updated by: [EMAIL PROTECTED]
Reported By: profic at kursknet dot ru
Status: Open
Bug Type: Zend Engine 2 problem
Operating System: WinXP
PHP Version: 5.0.2
New Comment:
Segfaults only with 5.0.x.
5.1 works fine (i.e. gives expected result and doesn't segfault).
bt:
Program received signal SIGSEGV, Segmentation fault.
0x08175639 in _efree (ptr=0xbfffcc28) at
/home/dev/php-src_5_0/Zend/zend_alloc.c:281
281 REMOVE_POINTER_FROM_LIST(p);
(gdb) bt
#0 0x08175639 in _efree (ptr=0xbfffcc28) at
/home/dev/php-src_5_0/Zend/zend_alloc.c:281
#1 0x081802b1 in _zval_ptr_dtor (zval_ptr=0xbfffcc28) at
zend_execute.h:61
#2 0x08180ccc in zend_call_function (fci=0xbfffc8c0,
fci_cache=0xbfffc8a0, tsrm_ls=0x82370b0) at zend_execute.h:124
#3 0x0819879f in zend_call_method (object_pp=0xbfffc980,
obj_ce=0x82ea01c, fn_proxy=0x0, function_name=0x81e9cb4 "offsetget",
function_name_len=9,
retval_ptr_ptr=0xbfffc94c, param_count=-1073753328,
arg1=0xbfffcc28, arg2=0x0, tsrm_ls=0x82370b0) at
/home/dev/php-src_5_0/Zend/zend_interfaces.c:79
#4 0x0819b77b in zend_std_read_dimension (object=0x82ed3b4,
offset=0xbfffcc28, type=0, tsrm_ls=0x82370b0)
at /home/dev/php-src_5_0/Zend/zend_object_handlers.c:390
#5 0x081a7ce0 in zend_fetch_dimension_address (result=0x82ec17c,
op1=0x82ed3b4, op2=0x82ec1a4, Ts=0xbfffca30, type=0,
tsrm_ls=0x82370b0)
at /home/dev/php-src_5_0/Zend/zend_execute.c:1000
#6 0x081aaac1 in zend_fetch_dim_r_handler (execute_data=0xbfffd040,
opline=0x82ec178, op_array=0x82ea2ec, tsrm_ls=0x82370b0)
at /home/dev/php-src_5_0/Zend/zend_execute.c:2067
#7 0x081a90e9 in execute (op_array=0x82ea2ec, tsrm_ls=0x82370b0) at
/home/dev/php-src_5_0/Zend/zend_execute.c:1400
#8 0x081ac9c0 in zend_do_fcall_common_helper (execute_data=0xbfffd480,
opline=0x82eef7c, op_array=0x82e3e54, tsrm_ls=0x82370b0)
at /home/dev/php-src_5_0/Zend/zend_execute.c:2740
#9 0x081acd0d in zend_do_fcall_by_name_handler
(execute_data=0xbfffd310, opline=0x82eef7c, op_array=0x82e3e54,
tsrm_ls=0x82370b0)
at /home/dev/php-src_5_0/Zend/zend_execute.c:2825
#10 0x081a90e9 in execute (op_array=0x82e3e54, tsrm_ls=0x82370b0) at
/home/dev/php-src_5_0/Zend/zend_execute.c:1400
#11 0x0818b387 in zend_execute_scripts (type=8, tsrm_ls=0x82370b0,
retval=0x0, file_count=3) at /home/dev/php-src_5_0/Zend/zend.c:1060
#12 0x081544ac in php_execute_script (primary_file=0xbffff870,
tsrm_ls=0x82370b0) at /home/dev/php-src_5_0/main/main.c:1628
#13 0x081b4eb4 in main (argc=3, argv=0xbffff8f4) at
/home/dev/php-src_5_0/sapi/cli/php_cli.c:943
Previous Comments:
------------------------------------------------------------------------
[2004-10-07 11:44:18] profic at kursknet dot ru
Sorry, I forgot to mention that some times CLI version (which it was
tested on) it crashes. Not allways (e.g. with every code), but with the
same code it is reproducable. And with this code it crashes. But script
finishes, so it seems a crash at shutdown
------------------------------------------------------------------------
[2004-10-06 23:54:14] profic at kursknet dot ru
Description:
------------
Class inherited of class implemented ArrayAccess have problems with
using
$this['some' . $var] = $var . 'str';
if $var passed as method parameter.
Seems this is a memory problem.
Look at the 3 last entries in rtfHelperArray::haStore.
Reproduce code:
---------------
<?php
abstract class rtfHelperArray implements arrayAccess {
private $haStore = array ();
final public function offsetExists ($offset) {
return true;
}
final public function offsetGet ($offset) {
if (array_key_exists ($offset, $this->haStore)) {
return $this->haStore[$offset];
} else {
$temp = NULL;
return $temp;
}
}
final public function offsetSet ($offset, $value) {
$this->haStore[$offset] = $value;
return true;
}
final public function offsetUnset ($offset) {
unset ($this->haStore[$offset]);
return true;
}
}
error_reporting (E_ALL);
class test extends rtfHelperArray {
public function doTest ($idx) {
$this[$idx] = $idx;
echo $idx, ' : ', $this[$idx], "\n";
$this[$idx . '-2'] = $idx . '-2';
echo $idx . '-2', ' : ', $this[$idx . '-2'], "\n";
$this['3-' . $idx] = $idx . '-333';
echo '3-' . $idx, ' : ', $this['3-' . $idx], "\n";
$this['4-' . $idx] = $idx . '-4444';
echo '4-' . $idx, ' : ', $this['4-' . $idx], "\n";
$this['5-' . $idx] = $idx . '-5';
echo '5-' . $idx, ' : ', $this['5-' . $idx], "\n";
var_dump ($this);
}
}
$o = new test ();
$o->doTest ('idx');
?>
Expected result:
----------------
idx : idx
idx-2 : idx-2
3-idx : idx-333
4-idx : idx-4444
5-idx : idx-5
object(test)#1 (1) {
["haStore:private"]=>
array(5) {
["idx"]=>
string(3) "idx"
["idx-2"]=>
string(5) "idx-2"
["3-idx"]=>
string(7) "idx-333"
["4-idx"]=>
string(8) "idx-4444"
["5-idx"]=>
string(5) "idx-5"
}
}
Actual result:
--------------
idx : idx
idx-2 : idx-2
3-idx :
4-idx : idx-4444
5-idx :
object(test)#1 (1) {
["haStore:private"]=>
array(5) {
["idx"]=>
string(3) "idx"
["idx-2"]=>
string(5) "idx-2"
["idx-3"]=>
string(7) "test 3"
["4-idx"]=>
string(8) "idx-4444"
["idx-5"]=>
string(5) "test "
}
}
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=30346&edit=1
