ID: 34873 Updated by: [EMAIL PROTECTED] Reported By: antleclercq at online dot fr -Status: Assigned +Status: Closed Bug Type: Scripting Engine problem Operating System: Ubuntu (breezy) PHP Version: 5CVS-2005-10-14 (CVS) Assigned To: dmitry New Comment:
Fixed in CVS HEAD and PHP_5_1. Previous Comments: ------------------------------------------------------------------------ [2005-10-14 23:42:19] [EMAIL PROTECTED] gdb bt: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1081772576 (LWP 18178)] 0x083961f1 in zend_hash_find (ht=0x88b1060, arKey=0x88b2458 "value", nKeyLength=6, pData=0xbfffc6c4) at /usr/src/dev/orig/php-src_5_1/Zend/zend_hash.c:852 852 p = ht->arBuckets[nIndex]; (gdb) bt #0 0x083961f1 in zend_hash_find (ht=0x88b1060, arKey=0x88b2458 "value", nKeyLength=6, pData=0xbfffc6c4) at /usr/src/dev/orig/php-src_5_1/Zend/zend_hash.c:852 #1 0x083f4f20 in zend_symtable_find (ht=0x88b1060, arKey=0x88b2458 "value", nKeyLength=6, pData=0xbfffc6c4) at zend_hash.h:346 #2 0x083f6f6e in zend_fetch_dimension_address_inner (ht=0x88b1060, dim=0x88b3a8c, type=0) at /usr/src/dev/orig/php-src_5_1/Zend/zend_execute.c:958 #3 0x083b31cb in zend_fetch_dimension_address (result=0xbfffc8b8, container_ptr=0xbfffc8a8, dim=0x88b3a8c, dim_is_tmp_var=0, type=0) at /usr/src/dev/orig/php-src_5_1/Zend/zend_execute.c:1088 #4 0x083c713d in ZEND_FETCH_DIM_R_SPEC_VAR_CONST_HANDLER (execute_data=0xbfffc8e0) at zend_vm_execute.h:8518 #5 0x083b3aee in execute (op_array=0x88b3540) at zend_vm_execute.h:88 #6 0x083b3f31 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffca80) at zend_vm_execute.h:224 #7 0x083b4328 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbfffca80) at zend_vm_execute.h:310 #8 0x083b3aee in execute (op_array=0x88ac8d0) at zend_vm_execute.h:88 #9 0x0838dc66 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/dev/orig/php-src_5_1/Zend/zend.c:1087 #10 0x0834ce3b in php_execute_script (primary_file=0xbfffeed0) at /usr/src/dev/orig/php-src_5_1/main/main.c:1677 #11 0x083f9d16 in main (argc=2, argv=0xbfffefb4) at /usr/src/dev/orig/php-src_5_1/sapi/cli/php_cli.c:1041 valgrind's output is here: http://tony2001.phpclub.net/dev/tmp/bug34873_valgrind.txt ------------------------------------------------------------------------ [2005-10-14 21:44:25] [EMAIL PROTECTED] Dmitry, this patch breaks it: http://cvs.php.net/diff.php/ZendEngine2/zend_compile.c?r1=1.647.2.7&r2=1.647.2.8&ty=u Please, take a look at it. ------------------------------------------------------------------------ [2005-10-14 17:18:20] antleclercq at online dot fr Description: ------------ Hello, I'm running: - PHP 5.1RC2 CVS200510141230 I've got a nice segfault with that simple piece of code. The problem is that the code style showed below is used by Smarty (in the compile system)... That problem has been reproduced on several systems. Thanks for your help, Antoine Reproduce code: --------------- <?php class pwa { public $var; function __construct() { $this->var = array(); } function test () { $cont = array(); $cont["mykey"] = "myvalue"; foreach ($cont as $this->var['key'] => $this->var['value']) echo $this->var['value']; } } $myPwa = new Pwa(); $myPwa->test(); ?> Expected result: ---------------- This code should display: myvalue and continue its execution. Actual result: -------------- [EMAIL PROTECTED]:/home/web/sandbox.local/html $ php pwa.php myvalue*** glibc detected *** double free or corruption (fasttop): 0x085149c8 *** Aborted ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=34873&edit=1