ID: 36241
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
-Status: No Feedback
+Status: Open
Bug Type: Reproducible crash
Operating System: Linux on PowerPC
-PHP Version: 6CVS-2006-02-01 (CVS)
+PHP Version: 6CVS-2006-02-10 (CVS)
New Comment:
I just updated my cvs working copy and the error has slightly changed
but is still there.
The following script causes the trouble:
<?php
$arr = explode(",", "bal,blo,ble");
?>
It's not segm fault anymore but that doesn't make much of a
difference. zend_parse_parameters() just returns bogus.
Here is a gdb session:
[EMAIL PROTECTED]:/tmp$ gdb /usr/local/php5-cvs/bin/php
GNU gdb 6.4-debian
Copyright 2005 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and
you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "powerpc-linux-gnu"...Using host
libthread_db library "/lib/tls/libthread_db.so.1".
(gdb) break string.c:1099
Breakpoint 1 at 0x101fada4: file
/home/cvs/php/php-src/ext/standard/string.c, line 1099.
(gdb) run -f explode.php
Starting program: /home/local/php5-cvs/bin/php -f explode.php
warning: Lowest section in /usr/lib/libicudata.so.34 is .hash at
00000094
[Thread debugging using libthread_db enabled]
[New Thread 805588960 (LWP 20645)]
[Switching to Thread 805588960 (LWP 20645)]
Breakpoint 1, zif_explode (ht=2, return_value=0x1069ca68,
return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
at /home/cvs/php/php-src/ext/standard/string.c:1099
1099 if ( zend_parse_parameters(argc TSRMLS_CC, "TT|l",
&delim, &delim_len, &delim_type,
(gdb) next
1104 if ( delim_len == 0 ) {
(gdb) print str
$1 = (void *) 0xb7
(gdb) print delim
$2 = (void *) 0x1040345c
(gdb) print str_len
$3 = 16
(gdb) print delim_len
$4 = 0
(gdb) print (char *) delim
$5 = 0x1040345c "/home/cvs/php/php-src/Zend/zend_vm_execute.h"
If continue the program I get a php error message because the delim
string is empty.
Uwe
Previous Comments:
------------------------------------------------------------------------
[2006-02-09 01:00:04] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
------------------------------------------------------------------------
[2006-02-01 11:15:33] [EMAIL PROTECTED]
Can't reproduce on i386 both in Unicode and regular modes.
------------------------------------------------------------------------
[2006-02-01 09:23:20] [EMAIL PROTECTED]
Description:
------------
This simple script causes a segm fault
<?php
explode("b", "kalsljb lasjb basljf");
?>
php_explode (delim=0xed82208 "", delim_len=2147450528,
str=0x3c <Address 0x3c out of bounds>, str_len=249048784,
str_type=0 '\0',
return_value=0x106ce240, limit=-1) at zend_operators.h:215
215 char ne = needle[needle_len-1];
(gdb) bt
#0 php_explode (delim=0xed82208 "", delim_len=2147450528,
str=0x3c <Address 0x3c out of bounds>, str_len=249048784,
str_type=0 '\0',
return_value=0x106ce240, limit=-1) at zend_operators.h:215
#1 0x1022b380 in zif_explode (ht=2, return_value=0x106ce240,
return_value_ptr=<value optimized out>, this_ptr=<value optimized
out>,
return_value_used=<value optimized out>)
at /home/cvs/php/php-src/ext/standard/string.c:1137
#2 0x1030b414 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff7f80)
at zend_vm_execute.h:201
#3 0x1030a8e4 in execute (op_array=0x106ce0e8) at
zend_vm_execute.h:92
#4 0x102dc0b8 in zend_execute_scripts (type=8, retval=0x1022b380,
file_count=3)
at /home/cvs/php/php-src/Zend/zend.c:1806
#5 0x1027bf7c in php_execute_script (primary_file=0x7fffa4e4)
at /home/cvs/php/php-src/main/main.c:1846
#6 0x103d6348 in main (argc=3, argv=0x7fffaac4)
at /home/cvs/php/php-src/sapi/cli/php_cli.c:1090
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=36241&edit=1
