ID: 26839 Updated by: [EMAIL PROTECTED] Reported By: dweller at devonweller dot com -Status: Verified +Status: Closed Bug Type: Arrays related Operating System: Linux Intel (Redhat) PHP Version: 4CVS-2004-01-08 (dev) New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. This is fixed in PHP 5.0. This will not be fixed in PHP 4 as that would require an API change. The bug is the result of a refcount being defined as a short. Previous Comments: ------------------------------------------------------------------------ [2004-01-08 14:29:09] [EMAIL PROTECTED] Without the print_r() call no crash but this: --------------------------------------- /usr/src/web/php/php4/Zend/zend_execute.h(44) : Block 0x0864E478 status: Beginning: Overrun (magic=0x40847B54, expected=0x7312F8DC) End: Unknown --------------------------------------- ------------------------------------------------------------------------ [2004-01-08 14:28:14] [EMAIL PROTECTED] Works fine with PHP 5, crashes for me with PHP 4 (latest CVS): #0 0x407884ec in mempcpy () from /lib/i686/libc.so.6 #1 0x4077a850 in _IO_new_file_xsputn () from /lib/i686/libc.so.6 #2 0x4076ff9f in fwrite () from /lib/i686/libc.so.6 #3 0x082b0f75 in sapi_cli_single_write (str=0x0, str_length=1515870810) at /usr/src/web/php/php4/sapi/cli/php_cli.c:190 #4 0x082afb2e in sapi_cli_ub_write (str=0x0, str_length=1515870810) at /usr/src/web/php/php4/sapi/cli/php_cli.c:203 #5 0x082699fd in php_ub_body_write_no_header (str=0x0, str_length=1515870810) at /usr/src/web/php/php4/main/output.c:689 #6 0x0826863a in php_body_write (str=0x0, str_length=1515870810) at /usr/src/web/php/php4/main/output.c:121 #7 0x08254dc0 in php_body_write_wrapper (str=0x0, str_length=1515870810) at /usr/src/web/php/php4/main/main.c:1022 #8 0x0828c2d8 in zend_print_zval_ex (write_func=0x8254d9f <php_body_write_wrapper>, expr=0xbfffd330, indent=0) at /usr/src/web/php/php4/Zend/zend.c:211 #9 0x0828c256 in zend_print_zval (expr=0x864e2cc, indent=0) at /usr/src/web/php/php4/Zend/zend.c:192 #10 0x0828bd0f in zend_print_variable (var=0x864e2cc) at /usr/src/web/php/php4/Zend/zend_variables.c:147 #11 0x0828c45a in zend_print_zval_r_ex (write_func=0x8254d9f <php_body_write_wrapper>, expr=0x864e2cc, indent=8) at /usr/src/web/php/php4/Zend/zend.c:253 #12 0x0828c335 in zend_print_zval_r (expr=0x864e2cc, indent=8) at /usr/src/web/php/php4/Zend/zend.c:221 #13 0x0828bf6f in print_hash (ht=0x865337c, indent=4) at /usr/src/web/php/php4/Zend/zend.c:130 #14 0x0828c3c8 in zend_print_zval_r_ex (write_func=0x8254d9f <php_body_write_wrapper>, expr=0x86534e4, indent=0) at /usr/src/web/php/php4/Zend/zend.c:235 #15 0x0828c335 in zend_print_zval_r (expr=0x86534e4, indent=0) at /usr/src/web/php/php4/Zend/zend.c:221 #16 0x081e082d in zif_print_r (ht=1, return_value=0x962c23c, this_ptr=0x0, return_value_used=0) at /usr/src/web/php/php4/ext/standard/basic_functions.c:2488 #17 0x0829ed0e in execute (op_array=0x864e9f4) at /usr/src/web/php/php4/Zend/zend_execute.c:1616 #18 0x0828d76a in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/web/php/php4/Zend/zend.c:884 #19 0x08256573 in php_execute_script (primary_file=0xbffffbc0) at /usr/src/web/php/php4/main/main.c:1727 #20 0x082b0da3 in main (argc=2, argv=0xbffffc54) at /usr/src/web/php/php4/sapi/cli/php_cli.c:820 ------------------------------------------------------------------------ [2004-01-08 10:04:42] [EMAIL PROTECTED] $i < 32768 results in array(2) { ["var1"]=> UNKNOWN:0 ["var2"]=> UNKNOWN:0 } $i < 32767 results in array(2) { ["var1"]=> int(1) ["var2"]=> int(1) } ------------------------------------------------------------------------ [2004-01-08 07:01:49] dweller at devonweller dot com Description: ------------ The attached simple array routine produces unexpected results when the loop count is greater than approx. 33000. Perhaps this is some kind of reference counting bug. Reproduce code: --------------- // causes unexpected *RECURSION* references $var1 = 1; $array = array(); for($i=0;$i<33000;++$i) { $var2 = $var1; $array[] = array( 'var1' => $var1, 'var2' => $var2, ); } print_r($array[0]); Expected result: ---------------- Array ( [var1] => 1 [var2] => 1 ) Actual result: -------------- Array ( [var1] => Array ( [var1] => Array *RECURSION* [var2] => Array *RECURSION* ) [var2] => Array ( [var1] => Array *RECURSION* [var2] => Array *RECURSION* ) ) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=26839&edit=1