ID: 34310 Updated by: [EMAIL PROTECTED] Reported By: devriese at cs dot tcd dot ie -Status: Assigned +Status: Closed Bug Type: Reproducible crash Operating System: * PHP Version: 5CVS-2005-08-31 Assigned To: dmitry New Comment:
Fixed in CVS HEAD and PHP_5_1. Previous Comments: ------------------------------------------------------------------------ [2005-08-31 11:18:05] [EMAIL PROTECTED] I added a test for this in Zend/tests/ ------------------------------------------------------------------------ [2005-08-31 10:43:35] [EMAIL PROTECTED] Dmitry, check this out please. ------------------------------------------------------------------------ [2005-08-30 16:14:21] devriese at cs dot tcd dot ie Description: ------------ When using an object attribute to store the key in a foreach loop, PHP crashes with a segmentation error (note that using an object attribute to store a value does work; see example code). Also: this code runs fine in PHP 5.0.3, but crashes with PHP 5.1.0RC1. Reproduce code: --------------- <?php class C { var $d; } $c = new C(); $arr = array(1 => 'a', 2 => 'b', 3 => 'c'); // Works fine: foreach($arr as $x => $c->d) echo "$c->d\n"; // Crashes: foreach($arr as $c->d => $x) echo "$c->d\n"; ?> Expected result: ---------------- a b c 1 2 3 Actual result: -------------- (in GDB): a b c Program received signal SIGSEGV, Segmentation fault. 0x003357c0 in zend_pzval_unlock_func (z=0x0, should_free=0xffbfdd7c) at /misc/csw/src/php-5.1.0RC1/Zend/zend_execute.c:66 66 if (!--z->refcount) { (gdb) bt #0 0x003357c0 in zend_pzval_unlock_func (z=0x0, should_free=0xffbfdd7c) at /misc/csw/src/php-5.1.0RC1/Zend/zend_execute.c:66 #1 0x00335774 in _get_zval_ptr_ptr_var (node=0x50b270, Ts=0xffbfde90, should_free=0xffbfdd7c) at /misc/csw/src/php-5.1.0RC1/Zend/zend_execute.c:259 #2 0x00335700 in _get_zval_ptr_ptr (node=0x50b270, Ts=0xffbfde90, should_free=0xffbfdd7c, type=1) at /misc/csw/src/php-5.1.0RC1/Zend/zend_execute.c:300 #3 0x00337088 in zend_assign_to_variable (result=0x50b258, op1=0x50b270, op2=0x50b288, value=0xffbfe028, type=2, Ts=0xffbfde90) at /misc/csw/src/php-5.1.0RC1/Zend/zend_execute.c:632 #4 0x0035f62c in ZEND_ASSIGN_SPEC_VAR_TMP_HANDLER (execute_data=0xffbfe088) at zend_vm_execute.h:10210 #5 0x00333b1c in execute (op_array=0x506618) at zend_vm_execute.h:87 #6 0x002f6e1c in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /misc/csw/src/php-5.1.0RC1/Zend/zend.c:1078 #7 0x00286e44 in php_execute_script (primary_file=0xffbfe848) at /misc/csw/src/php-5.1.0RC1/main/main.c:1672 #8 0x003a47a0 in main (argc=2, argv=0xffbfe8fc) at /misc/csw/src/php-5.1.0RC1/sapi/cgi/cgi_main.c:1574 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=34310&edit=1