#34584 [NEW]: Segfault with SPL autoload handler

[php dot net at benjamin dot schulz dot name]

From:             php dot net at benjamin dot schulz dot name
Operating system: linux
PHP version:      5CVS-2005-09-21 (CVS)
PHP Bug Type:     Reproducible crash
Bug description:  Segfault with SPL autoload handler

Description:
------------
Backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 6664)]
0xb792bfb4 in _zend_hash_add_or_update (ht=0x82ac114, arKey=0xbfc97a40
"foo_autoload",
    nKeyLength=14, pData=0xbfc97a68, nDataSize=4, pDest=0xbfc97a60,
flag=2)
    at /home/bs/workspace/src/php5-cvs-5_1/Zend/zend_hash.c:215
215                     if ((p->h == h) && (p->nKeyLength == nKeyLength))
{
(gdb) bt
#0  0xb792bfb4 in _zend_hash_add_or_update (ht=0x82ac114, arKey=0xbfc97a40
"foo_autoload",
    nKeyLength=14, pData=0xbfc97a68, nDataSize=4, pDest=0xbfc97a60,
flag=2)
    at /home/bs/workspace/src/php5-cvs-5_1/Zend/zend_hash.c:215
#1  0xb786645f in zif_spl_autoload_register (ht=1,
return_value=0x82d70a4,
    return_value_ptr=0x0, this_ptr=0x0, return_value_used=0)
    at /home/bs/workspace/src/php5-cvs-5_1/ext/spl/php_spl.c:424
#2  0xb794994c in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfc97bf0)
    at zend_vm_execute.h:186
#3  0xb7949358 in execute (op_array=0x83608b4) at zend_vm_execute.h:87
#4  0xb79569b7 in ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER
(execute_data=0xbfc97fe0)
    at zend_vm_execute.h:4338
#5  0xb7949358 in execute (op_array=0x8287e7c) at zend_vm_execute.h:87
#6  0xb794f8d7 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER
(execute_data=0xbfc98a20)
    at zend_vm_execute.h:1921
#7  0xb7949358 in execute (op_array=0x82d80cc) at zend_vm_execute.h:87
#8  0xb794f8d7 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER
(execute_data=0xbfc99130)
    at zend_vm_execute.h:1921
#9  0xb7949358 in execute (op_array=0x831a344) at zend_vm_execute.h:87
#10 0xb7923f60 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/bs/workspace/src/php5-cvs-5_1/Zend/zend.c:1087
#11 0xb78e91bd in php_execute_script (primary_file=0xbfc9b490)
    at /home/bs/workspace/src/php5-cvs-5_1/main/main.c:1677
#12 0xb79b4a72 in php_handler (r=0x8292d98)
    at
/home/bs/workspace/src/php5-cvs-5_1/sapi/apache2handler/sapi_apache2.c:568
#13 0x08068aa5 in ap_run_handler ()
#14 0x08068f1c in ap_invoke_handler ()
#15 0x08065ce8 in ap_process_request ()
#16 0x08060ec8 in _start ()
#17 0x08292d98 in ?? ()
---Type <return> to continue, or q <return> to quit---
#18 0x00000004 in ?? ()
#19 0x08292d98 in ?? ()
#20 0x08072bbc in ap_run_pre_connection ()
#21 0x08072a75 in ap_run_process_connection ()
#22 0x08066c6b in ap_graceful_stop_signalled ()
#23 0x08066e69 in ap_graceful_stop_signalled ()
#24 0x08066f70 in ap_graceful_stop_signalled ()
#25 0x080677ad in ap_mpm_run ()
#26 0x0806e090 in main ()


Reproduce code:
---------------
simplified autoload function:
function foo_autoload($class)
{
    $search = array(
        // FOO_BAR -> FOO/BAR.php
        str_replace('_', DIRECTORY_SEPARATOR, $class)
    );

    // FOO/BAR/BAR.php
    array_push($search,
$search[0].DIRECTORY_SEPARATOR.basename($search[0]));
    $paths = explode(PATH_SEPARATOR, get_include_path());

    foreach($search AS $file)
    {
        foreach($paths AS $path)
        {
            if (file_exists($f = $path.DIRECTORY_SEPARATOR.$file.'.php'))
                        {
                                $GLOBALS['_FOO_AUTOLOAD'][$class] = $f;
                return include_once($f);
                        }
        }
    }

    return false;
}


-- 
Edit bug report at http://bugs.php.net/?id=34584&edit=1
-- 
Try a CVS snapshot (php4):   http://bugs.php.net/fix.php?id=34584&r=trysnapshot4
Try a CVS snapshot (php5.0): 
http://bugs.php.net/fix.php?id=34584&r=trysnapshot50
Try a CVS snapshot (php5.1): 
http://bugs.php.net/fix.php?id=34584&r=trysnapshot51
Fixed in CVS:                http://bugs.php.net/fix.php?id=34584&r=fixedcvs
Fixed in release:            http://bugs.php.net/fix.php?id=34584&r=alreadyfixed
Need backtrace:              http://bugs.php.net/fix.php?id=34584&r=needtrace
Need Reproduce Script:       http://bugs.php.net/fix.php?id=34584&r=needscript
Try newer version:           http://bugs.php.net/fix.php?id=34584&r=oldversion
Not developer issue:         http://bugs.php.net/fix.php?id=34584&r=support
Expected behavior:           http://bugs.php.net/fix.php?id=34584&r=notwrong
Not enough info:             
http://bugs.php.net/fix.php?id=34584&r=notenoughinfo
Submitted twice:             
http://bugs.php.net/fix.php?id=34584&r=submittedtwice
register_globals:            http://bugs.php.net/fix.php?id=34584&r=globals
PHP 3 support discontinued:  http://bugs.php.net/fix.php?id=34584&r=php3
Daylight Savings:            http://bugs.php.net/fix.php?id=34584&r=dst
IIS Stability:               http://bugs.php.net/fix.php?id=34584&r=isapi
Install GNU Sed:             http://bugs.php.net/fix.php?id=34584&r=gnused
Floating point limitations:  http://bugs.php.net/fix.php?id=34584&r=float
No Zend Extensions:          http://bugs.php.net/fix.php?id=34584&r=nozend
MySQL Configuration Error:   http://bugs.php.net/fix.php?id=34584&r=mysqlcfg