ID: 22463 Updated by: [EMAIL PROTECTED] Reported By: mccannwj at pha dot jhu dot edu -Status: Closed +Status: Open Bug Type: Arrays related Operating System: redhat-linux-8.0 -PHP Version: 4.3.2-dev +PHP Version: 4.3.11-dev New Comment:
With memory corruption checking enabled in libc, this test case still fails with 4.3-dev (but passes in 5.0-dev and 5.1-dev): MALLOC_CHECK_=3 gdb --args ./4.3-on-2.0.x/sapi/cli/php -f bug22463.php ... Program received signal SIGSEGV, Segmentation fault. call_user_function_ex (function_table=0x8dc1078, object_pp=0x0, function_name=0x0, retval_ptr_ptr=0xbff693e4, param_count=2, params=0xbff693e8, no_separation=0, symbol_table=0x0) at /local/php/4.3/Zend/zend_execute_API.c:443 443 if (function_name->type==IS_ARRAY) { /* assume array($obj, $name) couple */ (gdb) where #0 call_user_function_ex (function_table=0x8dc1078, object_pp=0x0, function_name=0x0, retval_ptr_ptr=0xbff693e4, param_count=2, params=0xbff693e8, no_separation=0, symbol_table=0x0) at /local/php/4.3/Zend/zend_execute_API.c:443 #1 0x080ad4bd in zif_array_reduce (ht=148960076, return_value=0x8e0982c, this_ptr=0x0, return_value_used=1) at /local/php/4.3/ext/standard/array.c:3258 #2 0x0815019f in execute (op_array=0x8e0f128) at /local/php/4.3/Zend/zend_execute.c:1651 #3 0x0814e1c4 in execute (op_array=0x8e0eef8) at /local/php/4.3/Zend/zend_execute.c:1695 #4 0x081344af in call_user_function_ex (function_table=0x8dc1078, object_pp=0x0, function_name=0x8e092c4, retval_ptr_ptr=0xbff69e74, param_count=2, params=0xbff69e78, no_separation=0, symbol_table=0x0) at /local/php/4.3/Zend/zend_execute_API.c:565 #5 0x080ad4bd in zif_array_reduce (ht=148959852, return_value=0x8e09564, this_ptr=0x0, return_value_used=1) at /local/php/4.3/ext/standard/array.c:3258 #6 0x0815019f in execute (op_array=0x8e0f128) at /local/php/4.3/Zend/zend_execute.c:1651 #7 0x0814e1c4 in execute (op_array=0x8e0eef8) at /local/php/4.3/Zend/zend_execute.c:1695 #8 0x081344af in call_user_function_ex (function_table=0x8dc1078, object_pp=0x0, function_name=0x8e0dfc4, retval_ptr_ptr=0xbff6a904, param_count=2, params=0xbff6a908, no_separation=0, symbol_table=0x0) at /local/php/4.3/Zend/zend_execute_API.c:565 #9 0x080ad4bd in zif_array_reduce (ht=148959676, return_value=0x8e0929c, this_ptr=0x0, return_value_used=1) at /local/php/4.3/ext/standard/array.c:3258 #10 0x0815019f in execute (op_array=0x8e0f128) at /local/php/4.3/Zend/zend_execute.c:1651 #11 0x0814e1c4 in execute (op_array=0x8e0eef8) at /local/php/4.3/Zend/zend_execute.c:1695 #12 0x081344af in call_user_function_ex (function_table=0x8dc1078, object_pp=0x0, function_name=0x8e0dc2c, retval_ptr_ptr=0xbff6b394, param_count=2, params=0xbff6b398, no_separation=0, symbol_table=0x0) at /local/php/4.3/Zend/zend_execute_API.c:565 #13 0x080ad4bd in zif_array_reduce (ht=148914716, return_value=0x8e0df9c, this_ptr=0x0, return_value_used=1) at /local/php/4.3/ext/standard/array.c:3258 #14 0x0815019f in execute (op_array=0x8e0f128) at /local/php/4.3/Zend/zend_execute.c:1651 #15 0x0814e1c4 in execute (op_array=0x8e0eef8) at /local/php/4.3/Zend/zend_execute.c:1695 #16 0x081344af in call_user_function_ex (function_table=0x8dc1078, object_pp=0x0, function_name=0x8e0db8c, retval_ptr_ptr=0xbff6be24, param_count=2, params=0xbff6be28, no_separation=0, symbol_table=0x0) at /local/php/4.3/Zend/zend_execute_API.c:565 #17 0x080ad4bd in zif_array_reduce (ht=148914548, return_value=0x8e0dc04, this_ptr=0x0, return_value_used=1) at /local/php/4.3/ext/standard/array.c:3258 #18 0x0815019f in execute (op_array=0x8e0f128) at /local/php/4.3/Zend/zend_execute.c:1651 #19 0x0814e1c4 in execute (op_array=0x8e0902c) at /local/php/4.3/Zend/zend_execute.c:1695 #20 0x0813d1d9 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /local/php/4.3/Zend/zend.c:926 #21 0x08113642 in php_execute_script (primary_file=0xbff6eb50) at /local/php/4.3/main/main.c:1739 #22 0x0815833b in main (argc=3, argv=0xbff6ec14) at /local/php/4.3/sapi/cli/php_cli.c:825 Previous Comments: ------------------------------------------------------------------------ [2003-05-11 01:39:57] [EMAIL PROTECTED] This bug has been fixed in CVS. In case this was a PHP problem, snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. In case this was a documentation problem, the fix will show up soon at http://www.php.net/manual/. In case this was a PHP.net website problem, the change will show up on the PHP.net site and on the mirror sites in short time. Thank you for the report, and for helping us make PHP better. ------------------------------------------------------------------------ [2003-03-25 13:57:12] [EMAIL PROTECTED] It coredumps with latest 5.0.0-dev Backtrace (relevant lines): #0 _zend_is_inconsistent (ht=0x7312f8dc, file=0x8139340 "/home/tal/php5/Zend/zend_hash.c", line=1048) at /home/tal/php5/Zend/zend_hash.c:79 #1 0x080fa6a0 in zend_hash_move_forward_ex (ht=0x7312f8dc, pos=0xbfffb700) at /home/tal/php5/Zend/zend_hash.c:1048 #2 0x08065fb8 in zif_array_reduce (ht=-1073760512, return_value=0x4021a3c8, this_ptr=0x0, return_value_used=1, tsrm_ls=0x8147e38) at /home/tal/php5/ext/standard/array.c:3371 Seems like some corruption? ------------------------------------------------------------------------ [2003-03-25 13:37:57] [EMAIL PROTECTED] On my debian/ 4.3.2-dev it doesn't segfault. Valgring reports memoery read errors. Here is the script modified : <?php $a['one']['two']['three']['four'][] = array("FILE_NUMBER"=>2256, "INGEST_DATE"=>'2003-01-16'); $a['one']['two']['three']['four'][] = array("FILE_NUMBER"=>2258, "INGEST_DATE"=>'2003-01-17'); $num = nodeCount($a); print $num; function checkNode($v, $var) { var_dump($v, $var); echo str_repeat("-=",30)."\n"; if (is_scalar($var)) { $v += 1; } elseif (is_null($var)) { } else { echo "Recursy down\n"; $v += nodeCount($var); //$v = 2; echo "Recursy up\n"; } echo "checkNode - END\n"; return $v; } function nodeCount($array) { $number = 0; if (is_array($array)) { $number = array_reduce($array, "checkNode" , 0); } return $number; } ?> checkNode calls recursively itself. After getting of the recursy something bad happens at this line : zend_hash_move_forward_ex(Z_ARRVAL_PP(input), &pos); I think this is the line. Unfortunately I cannot help more atm. ------------------------------------------------------------------------ [2003-02-27 15:50:07] [EMAIL PROTECTED] Updated version & verified ------------------------------------------------------------------------ [2003-02-27 15:08:05] mccannwj at pha dot jhu dot edu It core dumps when I run it from the command line. % gdb /usr/bin/php core.30270 [symbols blah blah] #0 0x0814c3d5 in zif_array_reduce () ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/22463 -- Edit this bug report at http://bugs.php.net/?id=22463&edit=1