ID: 34873
Updated by: [EMAIL PROTECTED]
Reported By: antleclercq at online dot fr
Status: Assigned
Bug Type: Scripting Engine problem
Operating System: Ubuntu (breezy)
PHP Version: 5CVS-2005-10-14 (CVS)
Assigned To: dmitry
New Comment:
gdb bt:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1081772576 (LWP 18178)]
0x083961f1 in zend_hash_find (ht=0x88b1060, arKey=0x88b2458 "value",
nKeyLength=6, pData=0xbfffc6c4) at
/usr/src/dev/orig/php-src_5_1/Zend/zend_hash.c:852
852 p = ht->arBuckets[nIndex];
(gdb) bt
#0 0x083961f1 in zend_hash_find (ht=0x88b1060, arKey=0x88b2458
"value", nKeyLength=6, pData=0xbfffc6c4) at
/usr/src/dev/orig/php-src_5_1/Zend/zend_hash.c:852
#1 0x083f4f20 in zend_symtable_find (ht=0x88b1060, arKey=0x88b2458
"value", nKeyLength=6, pData=0xbfffc6c4) at zend_hash.h:346
#2 0x083f6f6e in zend_fetch_dimension_address_inner (ht=0x88b1060,
dim=0x88b3a8c, type=0) at
/usr/src/dev/orig/php-src_5_1/Zend/zend_execute.c:958
#3 0x083b31cb in zend_fetch_dimension_address (result=0xbfffc8b8,
container_ptr=0xbfffc8a8, dim=0x88b3a8c, dim_is_tmp_var=0, type=0)
at /usr/src/dev/orig/php-src_5_1/Zend/zend_execute.c:1088
#4 0x083c713d in ZEND_FETCH_DIM_R_SPEC_VAR_CONST_HANDLER
(execute_data=0xbfffc8e0) at zend_vm_execute.h:8518
#5 0x083b3aee in execute (op_array=0x88b3540) at zend_vm_execute.h:88
#6 0x083b3f31 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfffca80) at zend_vm_execute.h:224
#7 0x083b4328 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0xbfffca80) at zend_vm_execute.h:310
#8 0x083b3aee in execute (op_array=0x88ac8d0) at zend_vm_execute.h:88
#9 0x0838dc66 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /usr/src/dev/orig/php-src_5_1/Zend/zend.c:1087
#10 0x0834ce3b in php_execute_script (primary_file=0xbfffeed0) at
/usr/src/dev/orig/php-src_5_1/main/main.c:1677
#11 0x083f9d16 in main (argc=2, argv=0xbfffefb4) at
/usr/src/dev/orig/php-src_5_1/sapi/cli/php_cli.c:1041
valgrind's output is here:
http://tony2001.phpclub.net/dev/tmp/bug34873_valgrind.txt
Previous Comments:
------------------------------------------------------------------------
[2005-10-14 21:44:25] [EMAIL PROTECTED]
Dmitry, this patch breaks it:
http://cvs.php.net/diff.php/ZendEngine2/zend_compile.c?r1=1.647.2.7&r2=1.647.2.8&ty=u
Please, take a look at it.
------------------------------------------------------------------------
[2005-10-14 17:18:20] antleclercq at online dot fr
Description:
------------
Hello,
I'm running:
- PHP 5.1RC2 CVS200510141230
I've got a nice segfault with that simple piece of code. The problem is
that the code style showed below is used by Smarty (in the compile
system)...
That problem has been reproduced on several systems.
Thanks for your help,
Antoine
Reproduce code:
---------------
<?php
class pwa {
public $var;
function __construct() {
$this->var = array();
}
function test () {
$cont = array();
$cont["mykey"] = "myvalue";
foreach ($cont as $this->var['key'] => $this->var['value'])
echo $this->var['value'];
}
}
$myPwa = new Pwa();
$myPwa->test();
?>
Expected result:
----------------
This code should display:
myvalue
and continue its execution.
Actual result:
--------------
[EMAIL PROTECTED]:/home/web/sandbox.local/html $ php pwa.php
myvalue*** glibc detected *** double free or corruption (fasttop):
0x085149c8 ***
Aborted
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=34873&edit=1
