ID: 31300
Comment by: matt dot bevan at marginsoftware dot com
Reported By: gardan at gmx dot com
Status: Verified
Bug Type: Zend Engine 2 problem
Operating System: *
PHP Version: 5CVS-2005-01-10
New Comment:
Consider this bug confirmed using Apache/2.0.52
(Gentoo/Linux) PHP/5.0.3 but is not re-producible in a
small amount of code.
In my case, performing strange acts got around the bug
when using the array access more than once with three
other variable assignments in-between the first call and
second:
- The first dot-concatenated call worked fine.
- The second segfaulted Apache, unless:
- The first call is commented out, or
- The second call is placed right below the first, or
- One line of three lines is commented out.
- All array accesses are changed to use sprintf
not dot concatenation.
It doesn't matter which line of the three simple, static
variable assignments is commented.
This bug drove me crazy all today. I'm going to have
nightmares about this bug. ;)
Previous Comments:
[2005-01-11 08:24:01] [EMAIL PROTECTED]
ArrayAccess is defined and controlled by the engine not SPL
[2004-12-26 22:40:38] gardan at gmx dot com
Still crashing with cvs snapshot (Windows).
[2004-12-26 12:24:08] [EMAIL PROTECTED]
Please try using this CVS snapshot:
http://snaps.php.net/php5-STABLE-latest.tar.gz
For Windows:
http://snaps.php.net/win32/php5.0-win32-latest.zip
[2004-12-26 07:32:35] Beater at orgalan dot de
I can partially confirm this for 5.0.3 running on Windows XP. The
behaviour is very unpredictable.
Following you'll find some test cases and the behaviour on my system.
class arr implements ArrayAccess {
public $x = array(ab_cd = hello);
function offsetExists($offset) { return isset($this-x[$offset]); }
function offsetSet($offset, $value) { $this-x[$offset] = $value; }
function offsetGet($offset) { return $this-x[$offset]; }
function offsetUnset($offset) { unset($this-x[$offset]); }
function __get($offset) { return $this-x[$offset]; }
}
$test = new arr;
case 1:
echo($test[ab._cd]);// crashs
case 2:
echo($test[ab_cd]); // works
echo($test[ab._cd]);// works
case 3:
echo($test[ab_cd]); // works
echo($test-{ab_cd}); // works
echo($test[ab._cd]);// crashs
sounds stupid, but you'll confirm it, i guess
[2004-12-26 07:06:45] gardan at gmx dot com
Description:
When executing the posted code, PHP 5.0.2 and 5.0.3rc-2 crash and kill
apache on the first echo. When uncommenting the first echo, it crashes
on the second one.
Like this
echo($test[ab_cd]);
echo($test-{ab_cd});
it works.
Reproduce code:
---
class arr implements ArrayAccess {
public $x = array(ab_cd = hello);
function offsetExists($offset) { return isset($this-x[$offset]); }
function offsetSet($offset, $value) { $this-x[$offset] = $value; }
function offsetGet($offset) { return $this-x[$offset]; }
function offsetUnset($offset) { unset($this-x[$offset]); }
function __get($offset) { return $this-x[$offset]; }
}
$test = new arr;
echo($test[ab_cd]); // works
echo($test-{ab_cd}); // works
echo($test[ab._cd]);// crash
echo($test-{ab._cd}); // crash
Expected result:
hellohellohellohello
Actual result:
--
hellohello crash
Windows Apache Log:
Parent: child process exited with status 3221225477 -- Restarting
--
Edit this bug report at http://bugs.php.net/?id=31300edit=1
