ID: 22463
Updated by: [EMAIL PROTECTED]
Reported By: mccannwj at pha dot jhu dot edu
-Status: Closed
+Status: Open
Bug Type: Arrays related
Operating System: redhat-linux-8.0
-PHP Version: 4.3.2-dev
+PHP Version: 4.3.11-dev
New Comment:
With memory corruption checking enabled in libc, this test case still
fails with 4.3-dev (but passes in 5.0-dev and 5.1-dev):
MALLOC_CHECK_=3 gdb --args ./4.3-on-2.0.x/sapi/cli/php -f bug22463.php
...
Program received signal SIGSEGV, Segmentation fault.
call_user_function_ex (function_table=0x8dc1078, object_pp=0x0,
function_name=0x0,
retval_ptr_ptr=0xbff693e4, param_count=2, params=0xbff693e8,
no_separation=0,
symbol_table=0x0) at /local/php/4.3/Zend/zend_execute_API.c:443
443 if (function_name->type==IS_ARRAY) { /* assume
array($obj, $name) couple */
(gdb) where
#0 call_user_function_ex (function_table=0x8dc1078, object_pp=0x0,
function_name=0x0,
retval_ptr_ptr=0xbff693e4, param_count=2, params=0xbff693e8,
no_separation=0,
symbol_table=0x0) at /local/php/4.3/Zend/zend_execute_API.c:443
#1 0x080ad4bd in zif_array_reduce (ht=148960076,
return_value=0x8e0982c, this_ptr=0x0,
return_value_used=1) at /local/php/4.3/ext/standard/array.c:3258
#2 0x0815019f in execute (op_array=0x8e0f128) at
/local/php/4.3/Zend/zend_execute.c:1651
#3 0x0814e1c4 in execute (op_array=0x8e0eef8) at
/local/php/4.3/Zend/zend_execute.c:1695
#4 0x081344af in call_user_function_ex (function_table=0x8dc1078,
object_pp=0x0,
function_name=0x8e092c4, retval_ptr_ptr=0xbff69e74, param_count=2,
params=0xbff69e78,
no_separation=0, symbol_table=0x0) at
/local/php/4.3/Zend/zend_execute_API.c:565
#5 0x080ad4bd in zif_array_reduce (ht=148959852,
return_value=0x8e09564, this_ptr=0x0,
return_value_used=1) at /local/php/4.3/ext/standard/array.c:3258
#6 0x0815019f in execute (op_array=0x8e0f128) at
/local/php/4.3/Zend/zend_execute.c:1651
#7 0x0814e1c4 in execute (op_array=0x8e0eef8) at
/local/php/4.3/Zend/zend_execute.c:1695
#8 0x081344af in call_user_function_ex (function_table=0x8dc1078,
object_pp=0x0,
function_name=0x8e0dfc4, retval_ptr_ptr=0xbff6a904, param_count=2,
params=0xbff6a908,
no_separation=0, symbol_table=0x0) at
/local/php/4.3/Zend/zend_execute_API.c:565
#9 0x080ad4bd in zif_array_reduce (ht=148959676,
return_value=0x8e0929c, this_ptr=0x0,
return_value_used=1) at /local/php/4.3/ext/standard/array.c:3258
#10 0x0815019f in execute (op_array=0x8e0f128) at
/local/php/4.3/Zend/zend_execute.c:1651
#11 0x0814e1c4 in execute (op_array=0x8e0eef8) at
/local/php/4.3/Zend/zend_execute.c:1695
#12 0x081344af in call_user_function_ex (function_table=0x8dc1078,
object_pp=0x0,
function_name=0x8e0dc2c, retval_ptr_ptr=0xbff6b394, param_count=2,
params=0xbff6b398,
no_separation=0, symbol_table=0x0) at
/local/php/4.3/Zend/zend_execute_API.c:565
#13 0x080ad4bd in zif_array_reduce (ht=148914716,
return_value=0x8e0df9c, this_ptr=0x0,
return_value_used=1) at /local/php/4.3/ext/standard/array.c:3258
#14 0x0815019f in execute (op_array=0x8e0f128) at
/local/php/4.3/Zend/zend_execute.c:1651
#15 0x0814e1c4 in execute (op_array=0x8e0eef8) at
/local/php/4.3/Zend/zend_execute.c:1695
#16 0x081344af in call_user_function_ex (function_table=0x8dc1078,
object_pp=0x0,
function_name=0x8e0db8c, retval_ptr_ptr=0xbff6be24, param_count=2,
params=0xbff6be28,
no_separation=0, symbol_table=0x0) at
/local/php/4.3/Zend/zend_execute_API.c:565
#17 0x080ad4bd in zif_array_reduce (ht=148914548,
return_value=0x8e0dc04, this_ptr=0x0,
return_value_used=1) at /local/php/4.3/ext/standard/array.c:3258
#18 0x0815019f in execute (op_array=0x8e0f128) at
/local/php/4.3/Zend/zend_execute.c:1651
#19 0x0814e1c4 in execute (op_array=0x8e0902c) at
/local/php/4.3/Zend/zend_execute.c:1695
#20 0x0813d1d9 in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
at /local/php/4.3/Zend/zend.c:926
#21 0x08113642 in php_execute_script (primary_file=0xbff6eb50)
at /local/php/4.3/main/main.c:1739
#22 0x0815833b in main (argc=3, argv=0xbff6ec14) at
/local/php/4.3/sapi/cli/php_cli.c:825
Previous Comments:
------------------------------------------------------------------------
[2003-05-11 01:39:57] [EMAIL PROTECTED]
This bug has been fixed in CVS.
In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.
In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
Thank you for the report, and for helping us make PHP better.
------------------------------------------------------------------------
[2003-03-25 13:57:12] [EMAIL PROTECTED]
It coredumps with latest 5.0.0-dev
Backtrace (relevant lines):
#0 _zend_is_inconsistent (ht=0x7312f8dc, file=0x8139340
"/home/tal/php5/Zend/zend_hash.c",
line=1048) at /home/tal/php5/Zend/zend_hash.c:79
#1 0x080fa6a0 in zend_hash_move_forward_ex (ht=0x7312f8dc,
pos=0xbfffb700)
at /home/tal/php5/Zend/zend_hash.c:1048
#2 0x08065fb8 in zif_array_reduce (ht=-1073760512,
return_value=0x4021a3c8, this_ptr=0x0,
return_value_used=1, tsrm_ls=0x8147e38) at
/home/tal/php5/ext/standard/array.c:3371
Seems like some corruption?
------------------------------------------------------------------------
[2003-03-25 13:37:57] [EMAIL PROTECTED]
On my debian/ 4.3.2-dev it doesn't segfault. Valgring reports memoery
read errors. Here is the script modified :
<?php
$a['one']['two']['three']['four'][] = array("FILE_NUMBER"=>2256,
"INGEST_DATE"=>'2003-01-16');
$a['one']['two']['three']['four'][] = array("FILE_NUMBER"=>2258,
"INGEST_DATE"=>'2003-01-17');
$num = nodeCount($a);
print $num;
function checkNode($v, $var) {
var_dump($v, $var);
echo str_repeat("-=",30)."\n";
if (is_scalar($var)) {
$v += 1;
} elseif (is_null($var)) {
} else {
echo "Recursy down\n";
$v += nodeCount($var);
//$v = 2;
echo "Recursy up\n";
}
echo "checkNode - END\n";
return $v;
}
function nodeCount($array) {
$number = 0;
if (is_array($array)) {
$number = array_reduce($array, "checkNode" , 0);
}
return $number;
}
?>
checkNode calls recursively itself. After getting of the recursy
something bad happens at this line :
zend_hash_move_forward_ex(Z_ARRVAL_PP(input), &pos);
I think this is the line.
Unfortunately I cannot help more atm.
------------------------------------------------------------------------
[2003-02-27 15:50:07] [EMAIL PROTECTED]
Updated version & verified
------------------------------------------------------------------------
[2003-02-27 15:08:05] mccannwj at pha dot jhu dot edu
It core dumps when I run it from the command line.
% gdb /usr/bin/php core.30270
[symbols blah blah]
#0 0x0814c3d5 in zif_array_reduce ()
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/22463
--
Edit this bug report at http://bugs.php.net/?id=22463&edit=1
