ID: 30092 Updated by: [EMAIL PROTECTED] -Summary: Segmantation fault when comparing a simplexml object. Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Class/Object related Operating System: N/A PHP Version: 5CVS-2004-09-15 (dev) New Comment:
Also known as a Segmentation fault. :) Previous Comments: ------------------------------------------------------------------------ [2004-09-15 13:47:15] [EMAIL PROTECTED] Description: ------------ Segmantation fault when comparing a simplexml object. Reproduce code: --------------- <?php class Crash { public $param; public function __construct($param) { $this->param = $param; if ($this->param < 1) { echo ('Param is smaller than 1'); } } } $xml = simplexml_load_string('<a><b><c></c></b></a>'); $C = new Crash($xml); ?> Actual result: -------------- (gdb) bt #0 0x4207acfd in free () from /lib/i686/libc.so.6 #1 0x08168b68 in _efree (ptr=0xbfffd460) at /root/bunldes/php5-STABLE-200408261030/Zend/zend_alloc.c:287 #2 0x08179d06 in compare_function (result=0xbfffd560, op1=0xbfffd460, op2=0x828e45c) at /root/bunldes/php5-STABLE-200408261030/Zend/zend_operators.c:1249 #3 0x0817a519 in is_smaller_function (result=0xbfffd560, op1=0x828e72c, op2=0x820d4b8) at /root/bunldes/php5-STABLE-200408261030/Zend/zend_operators.c:1476 #4 0x0819e197 in zend_is_smaller_handler (execute_data=0xbfffd580, opline=0x828e42c, op_array=0x828f5b4) at /root/bunldes/php5-STABLE-200408261030/Zend/zend_execute.c:1547 #5 0x0819af6c in execute (op_array=0x828f5b4) at /root/bunldes/php5-STABLE-200408261030/Zend/zend_execute.c:1400 #6 0x081b6cc9 in zend_do_fcall_common_helper (execute_data=0xbfffd750, opline=0x828ceb0, op_array=0x82889f4) at /root/bunldes/php5-STABLE-200408261030/Zend/zend_execute.c:2737 #7 0x081b7085 in zend_do_fcall_by_name_handler (execute_data=0xbfffd750, opline=0x828ceb0, op_array=0x82889f4) at /root/bunldes/php5-STABLE-200408261030/Zend/zend_execute.c:2822 #8 0x0819af6c in execute (op_array=0x82889f4) at /root/bunldes/php5-STABLE-200408261030/Zend/zend_execute.c:1400 #9 0x0817d4b5 in zend_execute_scripts (type=8, retval=0x0, file_count=3) ---Type <return> to continue, or q <return> to quit--- at /root/bunldes/php5-STABLE-200408261030/Zend/zend.c:1061 #10 0x08149e58 in php_execute_script (primary_file=0xbffffb20) at /root/bunldes/php5-STABLE-200408261030/main/main.c:1629 #11 0x081c0f60 in main (argc=2, argv=0xbffffbc4) at /root/bunldes/php5-STABLE-200408261030/sapi/cli/php_cli.c:943 #12 0x42017589 in __libc_start_main () from /lib/i686/libc.so.6 (gdb) frame 5 #5 0x0819af6c in execute (op_array=0x828f5b4) at /root/bunldes/php5-STABLE-200408261030/Zend/zend_execute.c:1400 1400 /root/bunldes/php5-STABLE-200408261030/Zend/zend_execute.c: No such file or directory. in /root/bunldes/php5-STABLE-200408261030/Zend/zend_execute.c $ valgrind --tool=memcheck php test.php ==13706== Memcheck, a memory error detector for x86-linux. ==13706== Copyright (C) 2002-2004, and GNU GPL'd, by Julian Seward et al. ==13706== Using valgrind-2.2.0, a program supervision framework for x86-linux. ==13706== Copyright (C) 2000-2004, and GNU GPL'd, by Julian Seward et al. ==13706== For more details, rerun with: -v ==13706== ==13706== Conditional jump or move depends on uninitialised value(s) ==13706== at 0x8179CEF: compare_function (/root/bunldes/php5-STABLE-200408261030/Zend/zend_operators.c:1247) ==13706== by 0x817A518: is_smaller_function (/root/bunldes/php5-STABLE-200408261030/Zend/zend_operators.c:1476) ==13706== by 0x819E196: zend_is_smaller_handler (/root/bunldes/php5-STABLE-200408261030/Zend/zend_execute.c:1547) ==13706== by 0x819AF6B: execute (/root/bunldes/php5-STABLE-200408261030/Zend/zend_execute.c:1400) ==13706== ==13706== Conditional jump or move depends on uninitialised value(s) ==13706== at 0x8168AFF: _efree (/root/bunldes/php5-STABLE-200408261030/Zend/zend_alloc.c:271) ==13706== by 0x8179D05: compare_function (/root/bunldes/php5-STABLE-200408261030/Zend/zend_operators.c:1249) ==13706== by 0x817A518: is_smaller_function (/root/bunldes/php5-STABLE-200408261030/Zend/zend_operators.c:1476) ==13706== by 0x819E196: zend_is_smaller_handler (/root/bunldes/php5-STABLE-200408261030/Zend/zend_execute.c:1547) ==13706== ==13706== Use of uninitialised value of size 4 ==13706== at 0x8168B51: _efree (/root/bunldes/php5-STABLE-200408261030/Zend/zend_alloc.c:281) ==13706== by 0x8179D05: compare_function (/root/bunldes/php5-STABLE-200408261030/Zend/zend_operators.c:1249) ==13706== by 0x817A518: is_smaller_function (/root/bunldes/php5-STABLE-200408261030/Zend/zend_operators.c:1476) ==13706== by 0x819E196: zend_is_smaller_handler (/root/bunldes/php5-STABLE-200408261030/Zend/zend_execute.c:1547) ==13706== ==13706== Conditional jump or move depends on uninitialised value(s) ==13706== at 0x8168B57: _efree (/root/bunldes/php5-STABLE-200408261030/Zend/zend_alloc.c:281) ==13706== by 0x8179D05: compare_function (/root/bunldes/php5-STABLE-200408261030/Zend/zend_operators.c:1249) ==13706== by 0x817A518: is_smaller_function (/root/bunldes/php5-STABLE-200408261030/Zend/zend_operators.c:1476) ==13706== by 0x819E196: zend_is_smaller_handler (/root/bunldes/php5-STABLE-200408261030/Zend/zend_execute.c:1547) ==13706== ==13706== Use of uninitialised value of size 4 ==13706== at 0x8168B5C: _efree (/root/bunldes/php5-STABLE-200408261030/Zend/zend_alloc.c:281) ==13706== by 0x8179D05: compare_function (/root/bunldes/php5-STABLE-200408261030/Zend/zend_operators.c:1249) ==13706== by 0x817A518: is_smaller_function (/root/bunldes/php5-STABLE-200408261030/Zend/zend_operators.c:1476) ==13706== by 0x819E196: zend_is_smaller_handler (/root/bunldes/php5-STABLE-200408261030/Zend/zend_execute.c:1547) ==13706== ==13706== Invalid free() / delete / delete[] ==13706== at 0x1B9023AA: free (vg_replace_malloc.c:153) ==13706== by 0x8168B67: _efree (/root/bunldes/php5-STABLE-200408261030/Zend/zend_alloc.c:287) ==13706== by 0x8179D05: compare_function (/root/bunldes/php5-STABLE-200408261030/Zend/zend_operators.c:1249) ==13706== by 0x817A518: is_smaller_function (/root/bunldes/php5-STABLE-200408261030/Zend/zend_operators.c:1476) ==13706== Address 0x52BFC3D4 is on thread 1's stack Param is smaller than 1==13706== ==13706== ERROR SUMMARY: 6 errors from 6 contexts (suppressed: 50 from 3) ==13706== malloc/free: in use at exit: 316 bytes in 3 blocks. ==13706== malloc/free: 6971 allocs, 6969 frees, 531779 bytes allocated. ==13706== For a detailed leak analysis, rerun with: --leak-check=yes ==13706== For counts of detected errors, rerun with: -v ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=30092&edit=1