ID: 47522
Updated by: paj...@php.net
Reported By: ms419 at freezone dot co dot uk
-Status: Open
+Status: Feedback
Bug Type: Reproducible crash
Operating System: Debian
PHP Version: 5.2CVS-2009-02-27 (snap)
New Comment:
Please provide a small script to reproduce the problem. The Zend
Framework is not a small script. You can also post a bug there and ask
them to figure out what's wrong.
Previous Comments:
[2009-03-20 15:04:30] josh dot butts at vertive dot com
We have also tracked down a segfault which appears to be directly
related to this.
getElement('query'))?>
where $form is a Zend_Form object from Zend Framework. Not able to
reproduce it out of context but within the context of the site happens
almost 100% of the time. Removing html_entity_decode() fixes the
segfault, as does casting (string) on the $form, or calling
$form->render(). The implicit call to __toString() appears to be the
root cause of this problem.
[2009-03-02 19:23:02] ms419 at freezone dot co dot uk
Unfortunately I have been unable to reproduce this segfault in a short
script - it seems whenever I try to cut something out of the larger
project where it occurs, the segfault disappears.
Casting the object to a string in a parent function does not produce a
segfault, while calling a function and casting in the called function
does. Even passing the object as the first as opposed to fourth argument
of the function causes the segfault to disappear.
The segfault occurs at line eight of this file:
http://code.google.com/p/qubit-toolkit/source/browse/trunk/qubit/apps/qubit/modules/repository/templates/showIsdiahSuccess.php#8
Since r2041, a workaround has been committed to the render_title()
function: http://code.google.com/p/qubit-toolkit/source/detail?r=2041
Removing that workaround causes the segfault to reappear.
I am eager to help any way I can - but I have had no luck reproducing
this segfault in a short script...
[2009-02-27 19:28:24] fel...@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves.
A proper reproducing script starts with ,
is max. 10-20 lines long and does not require any external
resources such as databases, etc. If the script requires a
database to demonstrate the issue, please make sure it creates
all necessary tables, stored procedures etc.
Please avoid embedding huge scripts into the report.
[2009-02-27 18:52:36] ms419 at freezone dot co dot uk
Description:
http://cgi.sfu.ca/~jdbates/tmp/php/200902270/core
I am experiencing a reproducible segfault. I experience it with PHP
5.2.4 and 5.2.6.
The segfault occurs at this expression: strlen($repository) where
$repository is an object with a __toString() method.
By substituting this expression, the segfault does not occur:
strlen($repository->__toString())
To try to debug this segfault, I compiled a recent 5.2 snapshot with
--enable-debug. It produced the above linked core file, which I opened
with gdb to print a backtrace:
http://cgi.sfu.ca/~jdbates/tmp/php/200902270/screenlog
I am not sure what should be my next steps to help fix this segfault?
--
Edit this bug report at http://bugs.php.net/?id=47522&edit=1
