From: eyal at zend dot com Operating system: Linux PHP version: 5.2.6 PHP Bug Type: Scripting Engine problem Bug description: Segmentation fault on second request for 2 array functions
Description: ------------ Hi, After execution of 5.2.6 phpt's I discovered a seg fault that occurs in array_udiff_assoc on second request (we have a tool that executes each phpt 3 times. all zend extensions were disabled). Tested with apache module. To reproduce: use apache bench on the script from Reproduce code section (this is phpt: ext/standard/tests/array/array_udiff_assoc_basic.phpt) as follows: ab -c10 -n10000 [script url] This is reproduced on 5.2.5 as well and was also tested on lampp. Reproduced everywhere. Reproduce code: --------------- <?php /* * proto array array_udiff_assoc ( array $array1, array $array2 [, array $ ..., callback $data_compare_func] ) * Function is implemented in ext/standard/array.c */ class cr { private $priv_member; function cr($val) { $this->priv_member = $val; } static function comp_func_cr($a, $b) { if ($a->priv_member === $b->priv_member) return 0; return ($a->priv_member > $b->priv_member) ? 1 : -1; } } $a = array("0.1" => new cr(9), "0.5" => new cr(12), 0 => new cr(23), 1 => new cr(4), 2 => new cr(-15),); $b = array("0.2" => new cr(9), "0.5" => new cr(22), 0 => new cr(3), 1 => new cr(4), 2 => new cr(-15),); $result = array_udiff_assoc($a, $b, array("cr", "comp_func_cr")); var_dump($result); ?> Expected result: ---------------- array\(3\) \{ \["0\.1"\]\=\> object\(cr\)#[0-9]+ \(1\) \{ \["priv_member\:private"\]\=\> int\(9\) \} \["0\.5"\]\=\> object\(cr\)#[0-9]+ \(1\) \{ \["priv_member\:private"\]\=\> int\(12\) \} \[0\]\=\> object\(cr\)#[0-9]+ \(1\) \{ \["priv_member\:private"\]\=\> int\(23\) \} \} Actual result: -------------- Fatal error: Non-static method (null)::1() cannot be called statically in /var/www/php-5.2.6/ext/standard/tests/array/array_udiff_assoc_basic.php on line 18. ************************************************************************ gdb output: (gdb) c Continuing. Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1216059728 (LWP 29528)] 0xb7c0d583 in strlen () from /lib/tls/i686/cmov/libc.so.6 (gdb) bt 0 0xb7c0d583 in strlen () from /lib/tls/i686/cmov/libc.so.6 1 0xb74da70a in vspprintf (pbuf=0xbfd49e28, max_len=1024, format=<value optimized out>, ap=0xbfd49ed8 "") at /php-5.2.6/main/spprintf.c:550 2 0xb74d7b7a in php_error_cb (type=1, error_filename=0x8360540 "/var/www/tests/1.php", error_lineno=18, format=0xb779af4c "Non-static method %s::%s() cannot be called statically", args=0xbfd49ed8 "") at /php-5.2.6/main/main.c:799 3 0xb751d257 in zend_error (type=1, format=0xb779af4c "Non-static method %s::%s() cannot be called statically") at /php-5.2.6/Zend/zend.c:976 4 0xb7510b0f in zend_call_function (fci=0xbfd49fdc, fci_cache=0xb781f810) at /php-5.2.6/Zend/zend_execute_API.c:991 5 0xb74620f7 in zval_user_compare (a=0x836459c, b=0x8364b2c) at /php-5.2.6/ext/standard/array.c:2943 6 0xb745dadb in php_array_diff_key (ht=<value optimized out>, return_value=0x83605f4, return_value_ptr=<value optimized out>, this_ptr=0x0, return_value_used=1, data_compare_type=1) at /php-5.2.6/ext/standard/array.c:3509 7 0xb754d98f in zend_do_fcall_common_helper_SPEC (execute_data=0xbfd4a4cc) at /php-5.2.6/Zend/zend_vm_execute.h:200 8 0xb753cff8 in execute (op_array=0x83602f4) at /php-5.2.6/Zend/zend_vm_execute.h:92 9 0xb751bfe3 in zend_execute_scripts (type=8, retval=<value optimized out>, file_count=3) at /php-5.2.6/Zend/zend.c:1134 10 0xb74d5312 in php_execute_script (primary_file=0xbfd4c788) at /php-5.2.6/main/main.c:2005 11 0xb75a36ab in php_handler (r=0x839ffa8) at /php-5.2.6/sapi/apache2handler/sapi_apache2.c:629 12 0x08079259 in ap_run_handler () 13 0x0807c5b7 in ap_invoke_handler () 14 0x08089998 in ap_process_request () 15 0x08086c9b in ?? () 16 0x0839ffa8 in ?? () 17 0x00000004 in ?? () 18 0x0839ffa8 in ?? () 19 0x00000000 in ?? () -- Edit bug report at http://bugs.php.net/?id=45312&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=45312&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=45312&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=45312&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=45312&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=45312&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=45312&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=45312&r=needscript Try newer version: http://bugs.php.net/fix.php?id=45312&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=45312&r=support Expected behavior: http://bugs.php.net/fix.php?id=45312&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=45312&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=45312&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=45312&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=45312&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=45312&r=dst IIS Stability: http://bugs.php.net/fix.php?id=45312&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=45312&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=45312&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=45312&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=45312&r=mysqlcfg