ID: 30346
Updated by: [EMAIL PROTECTED]
Reported By: profic at kursknet dot ru
Status: Open
Bug Type: Zend Engine 2 problem
-Operating System: WinXP
+Operating System: *
PHP Version: 5.0.2
New Comment:
Thanks for the script.
The issue is fixed in 5.1 - i'll give 5.0 a try.
Previous Comments:
------------------------------------------------------------------------
[2004-10-26 12:16:41] benneh at gmail dot com
I've just run into this, however I've managed to reduce to a test case
with out extended classes. It should be the same thing as the crash
like yours appears to be caused by concatenating in the array index.
Minimal Testcase :
------------------
class Post_Header implements ArrayAccess {
public function __construct() { }
public function offsetExists( $offset ) { return false; }
public function offsetGet( $offset ) { return $offset; }
public function offsetSet( $offset, $data ) { }
public function offsetUnset( $offset ) { }
}
$post = new Post_Header;
$id = 'page';
echo $post[$id.'_show'];
Expected Results :
------------------
Test
Actual Results :
----------------
Crashes on the last line
Hope this more minimal testcase helps.
------------------------------------------------------------------------
[2004-10-24 14:08:23] [EMAIL PROTECTED]
Segfaults only with 5.0.x.
5.1 works fine (i.e. gives expected result and doesn't segfault).
bt:
Program received signal SIGSEGV, Segmentation fault.
0x08175639 in _efree (ptr=0xbfffcc28) at
/home/dev/php-src_5_0/Zend/zend_alloc.c:281
281 REMOVE_POINTER_FROM_LIST(p);
(gdb) bt
#0 0x08175639 in _efree (ptr=0xbfffcc28) at
/home/dev/php-src_5_0/Zend/zend_alloc.c:281
#1 0x081802b1 in _zval_ptr_dtor (zval_ptr=0xbfffcc28) at
zend_execute.h:61
#2 0x08180ccc in zend_call_function (fci=0xbfffc8c0,
fci_cache=0xbfffc8a0, tsrm_ls=0x82370b0) at zend_execute.h:124
#3 0x0819879f in zend_call_method (object_pp=0xbfffc980,
obj_ce=0x82ea01c, fn_proxy=0x0, function_name=0x81e9cb4 "offsetget",
function_name_len=9,
retval_ptr_ptr=0xbfffc94c, param_count=-1073753328,
arg1=0xbfffcc28, arg2=0x0, tsrm_ls=0x82370b0) at
/home/dev/php-src_5_0/Zend/zend_interfaces.c:79
#4 0x0819b77b in zend_std_read_dimension (object=0x82ed3b4,
offset=0xbfffcc28, type=0, tsrm_ls=0x82370b0)
at /home/dev/php-src_5_0/Zend/zend_object_handlers.c:390
#5 0x081a7ce0 in zend_fetch_dimension_address (result=0x82ec17c,
op1=0x82ed3b4, op2=0x82ec1a4, Ts=0xbfffca30, type=0,
tsrm_ls=0x82370b0)
at /home/dev/php-src_5_0/Zend/zend_execute.c:1000
#6 0x081aaac1 in zend_fetch_dim_r_handler (execute_data=0xbfffd040,
opline=0x82ec178, op_array=0x82ea2ec, tsrm_ls=0x82370b0)
at /home/dev/php-src_5_0/Zend/zend_execute.c:2067
#7 0x081a90e9 in execute (op_array=0x82ea2ec, tsrm_ls=0x82370b0) at
/home/dev/php-src_5_0/Zend/zend_execute.c:1400
#8 0x081ac9c0 in zend_do_fcall_common_helper (execute_data=0xbfffd480,
opline=0x82eef7c, op_array=0x82e3e54, tsrm_ls=0x82370b0)
at /home/dev/php-src_5_0/Zend/zend_execute.c:2740
#9 0x081acd0d in zend_do_fcall_by_name_handler
(execute_data=0xbfffd310, opline=0x82eef7c, op_array=0x82e3e54,
tsrm_ls=0x82370b0)
at /home/dev/php-src_5_0/Zend/zend_execute.c:2825
#10 0x081a90e9 in execute (op_array=0x82e3e54, tsrm_ls=0x82370b0) at
/home/dev/php-src_5_0/Zend/zend_execute.c:1400
#11 0x0818b387 in zend_execute_scripts (type=8, tsrm_ls=0x82370b0,
retval=0x0, file_count=3) at /home/dev/php-src_5_0/Zend/zend.c:1060
#12 0x081544ac in php_execute_script (primary_file=0xbffff870,
tsrm_ls=0x82370b0) at /home/dev/php-src_5_0/main/main.c:1628
#13 0x081b4eb4 in main (argc=3, argv=0xbffff8f4) at
/home/dev/php-src_5_0/sapi/cli/php_cli.c:943
------------------------------------------------------------------------
[2004-10-07 11:44:18] profic at kursknet dot ru
Sorry, I forgot to mention that some times CLI version (which it was
tested on) it crashes. Not allways (e.g. with every code), but with the
same code it is reproducable. And with this code it crashes. But script
finishes, so it seems a crash at shutdown
------------------------------------------------------------------------
[2004-10-06 23:54:14] profic at kursknet dot ru
Description:
------------
Class inherited of class implemented ArrayAccess have problems with
using
$this['some' . $var] = $var . 'str';
if $var passed as method parameter.
Seems this is a memory problem.
Look at the 3 last entries in rtfHelperArray::haStore.
Reproduce code:
---------------
<?php
abstract class rtfHelperArray implements arrayAccess {
private $haStore = array ();
final public function offsetExists ($offset) {
return true;
}
final public function offsetGet ($offset) {
if (array_key_exists ($offset, $this->haStore)) {
return $this->haStore[$offset];
} else {
$temp = NULL;
return $temp;
}
}
final public function offsetSet ($offset, $value) {
$this->haStore[$offset] = $value;
return true;
}
final public function offsetUnset ($offset) {
unset ($this->haStore[$offset]);
return true;
}
}
error_reporting (E_ALL);
class test extends rtfHelperArray {
public function doTest ($idx) {
$this[$idx] = $idx;
echo $idx, ' : ', $this[$idx], "\n";
$this[$idx . '-2'] = $idx . '-2';
echo $idx . '-2', ' : ', $this[$idx . '-2'], "\n";
$this['3-' . $idx] = $idx . '-333';
echo '3-' . $idx, ' : ', $this['3-' . $idx], "\n";
$this['4-' . $idx] = $idx . '-4444';
echo '4-' . $idx, ' : ', $this['4-' . $idx], "\n";
$this['5-' . $idx] = $idx . '-5';
echo '5-' . $idx, ' : ', $this['5-' . $idx], "\n";
var_dump ($this);
}
}
$o = new test ();
$o->doTest ('idx');
?>
Expected result:
----------------
idx : idx
idx-2 : idx-2
3-idx : idx-333
4-idx : idx-4444
5-idx : idx-5
object(test)#1 (1) {
["haStore:private"]=>
array(5) {
["idx"]=>
string(3) "idx"
["idx-2"]=>
string(5) "idx-2"
["3-idx"]=>
string(7) "idx-333"
["4-idx"]=>
string(8) "idx-4444"
["5-idx"]=>
string(5) "idx-5"
}
}
Actual result:
--------------
idx : idx
idx-2 : idx-2
3-idx :
4-idx : idx-4444
5-idx :
object(test)#1 (1) {
["haStore:private"]=>
array(5) {
["idx"]=>
string(3) "idx"
["idx-2"]=>
string(5) "idx-2"
["idx-3"]=>
string(7) "test 3"
["4-idx"]=>
string(8) "idx-4444"
["idx-5"]=>
string(5) "test "
}
}
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=30346&edit=1
