#30092 [Opn]: Segmentation fault when comparing a simplexml object.

Wed, 15 Sep 2004 04:50:31 -0700 

 ID:               30092
 Updated by:       [EMAIL PROTECTED]
-Summary:          Segmantation fault when comparing a simplexml object.
 Reported By:      [EMAIL PROTECTED]
 Status:           Open
 Bug Type:         Class/Object related
 Operating System: N/A
 PHP Version:      5CVS-2004-09-15 (dev)
 New Comment:

Also known as a Segmentation fault. :)


Previous Comments:
------------------------------------------------------------------------

[2004-09-15 13:47:15] [EMAIL PROTECTED]

Description:
------------
Segmantation fault when comparing a simplexml object.

Reproduce code:
---------------
<?php
class Crash {
    public $param;
    public function __construct($param)
    {
        $this->param = $param;

        if ($this->param < 1) {
            echo ('Param is smaller than 1');
        }
    }
}

$xml = simplexml_load_string('<a><b><c></c></b></a>');
$C = new Crash($xml);
?>

Actual result:
--------------
(gdb) bt
#0  0x4207acfd in free () from /lib/i686/libc.so.6
#1  0x08168b68 in _efree (ptr=0xbfffd460)
    at /root/bunldes/php5-STABLE-200408261030/Zend/zend_alloc.c:287
#2  0x08179d06 in compare_function (result=0xbfffd560, op1=0xbfffd460,
    op2=0x828e45c)
    at
/root/bunldes/php5-STABLE-200408261030/Zend/zend_operators.c:1249
#3  0x0817a519 in is_smaller_function (result=0xbfffd560,
op1=0x828e72c,
    op2=0x820d4b8)
    at
/root/bunldes/php5-STABLE-200408261030/Zend/zend_operators.c:1476
#4  0x0819e197 in zend_is_smaller_handler (execute_data=0xbfffd580,
    opline=0x828e42c, op_array=0x828f5b4)
    at /root/bunldes/php5-STABLE-200408261030/Zend/zend_execute.c:1547
#5  0x0819af6c in execute (op_array=0x828f5b4)
    at /root/bunldes/php5-STABLE-200408261030/Zend/zend_execute.c:1400
#6  0x081b6cc9 in zend_do_fcall_common_helper
(execute_data=0xbfffd750,
    opline=0x828ceb0, op_array=0x82889f4)
    at /root/bunldes/php5-STABLE-200408261030/Zend/zend_execute.c:2737
#7  0x081b7085 in zend_do_fcall_by_name_handler
(execute_data=0xbfffd750,
    opline=0x828ceb0, op_array=0x82889f4)
    at /root/bunldes/php5-STABLE-200408261030/Zend/zend_execute.c:2822
#8  0x0819af6c in execute (op_array=0x82889f4)
    at /root/bunldes/php5-STABLE-200408261030/Zend/zend_execute.c:1400
#9  0x0817d4b5 in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
---Type <return> to continue, or q <return> to quit---
    at /root/bunldes/php5-STABLE-200408261030/Zend/zend.c:1061
#10 0x08149e58 in php_execute_script (primary_file=0xbffffb20)
    at /root/bunldes/php5-STABLE-200408261030/main/main.c:1629
#11 0x081c0f60 in main (argc=2, argv=0xbffffbc4)
    at /root/bunldes/php5-STABLE-200408261030/sapi/cli/php_cli.c:943
#12 0x42017589 in __libc_start_main () from /lib/i686/libc.so.6
(gdb) frame 5
#5  0x0819af6c in execute (op_array=0x828f5b4)
    at /root/bunldes/php5-STABLE-200408261030/Zend/zend_execute.c:1400
1400    /root/bunldes/php5-STABLE-200408261030/Zend/zend_execute.c: No
such file or directory.
        in /root/bunldes/php5-STABLE-200408261030/Zend/zend_execute.c



$ valgrind --tool=memcheck php test.php
==13706== Memcheck, a memory error detector for x86-linux.
==13706== Copyright (C) 2002-2004, and GNU GPL'd, by Julian Seward et
al.
==13706== Using valgrind-2.2.0, a program supervision framework for
x86-linux.
==13706== Copyright (C) 2000-2004, and GNU GPL'd, by Julian Seward et
al.
==13706== For more details, rerun with: -v
==13706==
==13706== Conditional jump or move depends on uninitialised value(s)
==13706==    at 0x8179CEF: compare_function
(/root/bunldes/php5-STABLE-200408261030/Zend/zend_operators.c:1247)
==13706==    by 0x817A518: is_smaller_function
(/root/bunldes/php5-STABLE-200408261030/Zend/zend_operators.c:1476)
==13706==    by 0x819E196: zend_is_smaller_handler
(/root/bunldes/php5-STABLE-200408261030/Zend/zend_execute.c:1547)
==13706==    by 0x819AF6B: execute
(/root/bunldes/php5-STABLE-200408261030/Zend/zend_execute.c:1400)
==13706==
==13706== Conditional jump or move depends on uninitialised value(s)
==13706==    at 0x8168AFF: _efree
(/root/bunldes/php5-STABLE-200408261030/Zend/zend_alloc.c:271)
==13706==    by 0x8179D05: compare_function
(/root/bunldes/php5-STABLE-200408261030/Zend/zend_operators.c:1249)
==13706==    by 0x817A518: is_smaller_function
(/root/bunldes/php5-STABLE-200408261030/Zend/zend_operators.c:1476)
==13706==    by 0x819E196: zend_is_smaller_handler
(/root/bunldes/php5-STABLE-200408261030/Zend/zend_execute.c:1547)
==13706==
==13706== Use of uninitialised value of size 4
==13706==    at 0x8168B51: _efree
(/root/bunldes/php5-STABLE-200408261030/Zend/zend_alloc.c:281)
==13706==    by 0x8179D05: compare_function
(/root/bunldes/php5-STABLE-200408261030/Zend/zend_operators.c:1249)
==13706==    by 0x817A518: is_smaller_function
(/root/bunldes/php5-STABLE-200408261030/Zend/zend_operators.c:1476)
==13706==    by 0x819E196: zend_is_smaller_handler
(/root/bunldes/php5-STABLE-200408261030/Zend/zend_execute.c:1547)
==13706==
==13706== Conditional jump or move depends on uninitialised value(s)
==13706==    at 0x8168B57: _efree
(/root/bunldes/php5-STABLE-200408261030/Zend/zend_alloc.c:281)
==13706==    by 0x8179D05: compare_function
(/root/bunldes/php5-STABLE-200408261030/Zend/zend_operators.c:1249)
==13706==    by 0x817A518: is_smaller_function
(/root/bunldes/php5-STABLE-200408261030/Zend/zend_operators.c:1476)
==13706==    by 0x819E196: zend_is_smaller_handler
(/root/bunldes/php5-STABLE-200408261030/Zend/zend_execute.c:1547)
==13706==
==13706== Use of uninitialised value of size 4
==13706==    at 0x8168B5C: _efree
(/root/bunldes/php5-STABLE-200408261030/Zend/zend_alloc.c:281)
==13706==    by 0x8179D05: compare_function
(/root/bunldes/php5-STABLE-200408261030/Zend/zend_operators.c:1249)
==13706==    by 0x817A518: is_smaller_function
(/root/bunldes/php5-STABLE-200408261030/Zend/zend_operators.c:1476)
==13706==    by 0x819E196: zend_is_smaller_handler
(/root/bunldes/php5-STABLE-200408261030/Zend/zend_execute.c:1547)
==13706==
==13706== Invalid free() / delete / delete[]
==13706==    at 0x1B9023AA: free (vg_replace_malloc.c:153)
==13706==    by 0x8168B67: _efree
(/root/bunldes/php5-STABLE-200408261030/Zend/zend_alloc.c:287)
==13706==    by 0x8179D05: compare_function
(/root/bunldes/php5-STABLE-200408261030/Zend/zend_operators.c:1249)
==13706==    by 0x817A518: is_smaller_function
(/root/bunldes/php5-STABLE-200408261030/Zend/zend_operators.c:1476)
==13706==  Address 0x52BFC3D4 is on thread 1's stack
Param is smaller than 1==13706==
==13706== ERROR SUMMARY: 6 errors from 6 contexts (suppressed: 50 from
3)
==13706== malloc/free: in use at exit: 316 bytes in 3 blocks.
==13706== malloc/free: 6971 allocs, 6969 frees, 531779 bytes
allocated.
==13706== For a detailed leak analysis,  rerun with: --leak-check=yes
==13706== For counts of detected errors, rerun with: -v


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=30092&edit=1

Reply via email to