From: andreas dot ettner at freenet dot de Operating system: GNU/Linux PHP version: 4CVS-2005-09-07 (snap) PHP Bug Type: Arrays related Bug description: array_filter() still crashes with references and objects
Description: ------------ PHP crashes with a segmentation fault when executing the provided code. The provided backtrace of a crash was generated with the CGI program of the PHP 4.4.1-dev snapshot built on Sep 06, 2005 18:44 GMT. It has been configured with './configure' '--prefix=/home/eta/data/php4-STABLE-200509061844' '--enable-debug', and compiled and run on a Debian GNU/Linux system with GCC version 3.3.5 and GNU C Library version 2.3.2. In this setup PHP crashed on every invocation. This problem is closely related to bug #34277. The provided code is a slight variation of the code sample given in the former bug report. Reproduce code: --------------- The code is unfortunately a bit long. It can be found at http://people.freenet.de/aettner/crash-2.txt Expected result: ---------------- No output (CGI version invoked with -q flag) Actual result: -------------- Segmentation fault (core dumped) Backtrace generated with gdb: Using host libthread_db library "/lib/libthread_db.so.1". Core was generated by `php -q crash-2.txt'. Program terminated with signal 11, Segmentation fault. #0 0x08168a28 in call_user_function_ex (function_table=0x81efd90, object_pp=0x0, function_name=0x80000020, retval_ptr_ptr=0xbfffca40, param_count=1, params=0xbfffca44, no_separation=0, symbol_table=0x0) at /home/eta/data/src-php4-STABLE-200509061844/Zend/zend_execute_API.c:443 443 if (function_name->type==IS_ARRAY) { /* assume array($obj, $name) couple */ #0 0x08168a28 in call_user_function_ex (function_table=0x81efd90, object_pp=0x0, function_name=0x80000020, retval_ptr_ptr=0xbfffca40, param_count=1, params=0xbfffca44, no_separation=0, symbol_table=0x0) at /home/eta/data/src-php4-STABLE-200509061844/Zend/zend_execute_API.c:443 #1 0x080b321e in zif_array_filter (ht=2, return_value=0x822268c, this_ptr=0x0, return_value_used=1) at /home/eta/data/src-php4-STABLE-200509061844/ext/standard/array.c:3360 #2 0x08186d5b in execute (op_array=0x8225f10) at /home/eta/data/src-php4-STABLE-200509061844/Zend/zend_execute.c:1675 #3 0x08186f87 in execute (op_array=0x8227640) at /home/eta/data/src-php4-STABLE-200509061844/Zend/zend_execute.c:1719 #4 0x08186f87 in execute (op_array=0x8227790) at /home/eta/data/src-php4-STABLE-200509061844/Zend/zend_execute.c:1719 #5 0x08186f87 in execute (op_array=0x82278e0) at /home/eta/data/src-php4-STABLE-200509061844/Zend/zend_execute.c:1719 #6 0x08186f87 in execute (op_array=0x8227a30) at /home/eta/data/src-php4-STABLE-200509061844/Zend/zend_execute.c:1719 #7 0x08186f87 in execute (op_array=0x821dff4) at /home/eta/data/src-php4-STABLE-200509061844/Zend/zend_execute.c:1719 #8 0x08172c78 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/eta/data/src-php4-STABLE-200509061844/Zend/zend.c:938 #9 0x0813c99b in php_execute_script (primary_file=0xbffff9e0) at /home/eta/data/src-php4-STABLE-200509061844/main/main.c:1743 #10 0x0818dc24 in main (argc=3, argv=0xbffffa94) at /home/eta/data/src-php4-STABLE-200509061844/sapi/cgi/cgi_main.c:1606 -- Edit bug report at http://bugs.php.net/?id=34400&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=34400&r=trysnapshot4 Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=34400&r=trysnapshot50 Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=34400&r=trysnapshot51 Fixed in CVS: http://bugs.php.net/fix.php?id=34400&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=34400&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=34400&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=34400&r=needscript Try newer version: http://bugs.php.net/fix.php?id=34400&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=34400&r=support Expected behavior: http://bugs.php.net/fix.php?id=34400&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=34400&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=34400&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=34400&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=34400&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=34400&r=dst IIS Stability: http://bugs.php.net/fix.php?id=34400&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=34400&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=34400&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=34400&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=34400&r=mysqlcfg
