#34310 [Asn->Csd]: foreach($arr as $c->d => $x) crashes (works with PHP 5.0.3)

Thu, 01 Sep 2005 03:55:37 -0700 

 ID:               34310
 Updated by:       [EMAIL PROTECTED]
 Reported By:      devriese at cs dot tcd dot ie
-Status:           Assigned
+Status:           Closed
 Bug Type:         Reproducible crash
 Operating System: *
 PHP Version:      5CVS-2005-08-31
 Assigned To:      dmitry
 New Comment:

Fixed in CVS HEAD and PHP_5_1.


Previous Comments:
------------------------------------------------------------------------

[2005-08-31 11:18:05] [EMAIL PROTECTED]

I added a test for this in Zend/tests/


------------------------------------------------------------------------

[2005-08-31 10:43:35] [EMAIL PROTECTED]

Dmitry, check this out please.

------------------------------------------------------------------------

[2005-08-30 16:14:21] devriese at cs dot tcd dot ie

Description:
------------
When using an object attribute to store the key in a foreach loop, PHP
crashes with a segmentation error (note that using an object attribute
to store a value does work; see example code). 

Also: this code runs fine in PHP 5.0.3, but crashes with PHP 5.1.0RC1.

Reproduce code:
---------------
<?php
   class C
   {
      var $d;
   }

   $c = new C();

   $arr = array(1 => 'a', 2 => 'b', 3 => 'c');

   // Works fine:
   foreach($arr as $x => $c->d) echo "$c->d\n";

   // Crashes:
   foreach($arr as $c->d => $x) echo "$c->d\n";
?>

Expected result:
----------------
a
b
c
1
2
3


Actual result:
--------------
(in GDB):

a
b
c

Program received signal SIGSEGV, Segmentation fault.
0x003357c0 in zend_pzval_unlock_func (z=0x0, should_free=0xffbfdd7c)
    at /misc/csw/src/php-5.1.0RC1/Zend/zend_execute.c:66
66              if (!--z->refcount) {
(gdb) bt
#0  0x003357c0 in zend_pzval_unlock_func (z=0x0,
should_free=0xffbfdd7c)
    at /misc/csw/src/php-5.1.0RC1/Zend/zend_execute.c:66
#1  0x00335774 in _get_zval_ptr_ptr_var (node=0x50b270, Ts=0xffbfde90,

    should_free=0xffbfdd7c)
    at /misc/csw/src/php-5.1.0RC1/Zend/zend_execute.c:259
#2  0x00335700 in _get_zval_ptr_ptr (node=0x50b270, Ts=0xffbfde90, 
    should_free=0xffbfdd7c, type=1)
    at /misc/csw/src/php-5.1.0RC1/Zend/zend_execute.c:300
#3  0x00337088 in zend_assign_to_variable (result=0x50b258,
op1=0x50b270, 
    op2=0x50b288, value=0xffbfe028, type=2, Ts=0xffbfde90)
    at /misc/csw/src/php-5.1.0RC1/Zend/zend_execute.c:632
#4  0x0035f62c in ZEND_ASSIGN_SPEC_VAR_TMP_HANDLER
(execute_data=0xffbfe088)
    at zend_vm_execute.h:10210
#5  0x00333b1c in execute (op_array=0x506618) at zend_vm_execute.h:87
#6  0x002f6e1c in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
    at /misc/csw/src/php-5.1.0RC1/Zend/zend.c:1078
#7  0x00286e44 in php_execute_script (primary_file=0xffbfe848)
    at /misc/csw/src/php-5.1.0RC1/main/main.c:1672
#8  0x003a47a0 in main (argc=2, argv=0xffbfe8fc)
    at /misc/csw/src/php-5.1.0RC1/sapi/cgi/cgi_main.c:1574


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=34310&edit=1

Reply via email to