From: eyal at zend dot com
Operating system: Linux
PHP version: 5.2.6
PHP Bug Type: Scripting Engine problem
Bug description: Segmentation fault on second request for 2 array functions
Description:
------------
Hi,
After execution of 5.2.6 phpt's I discovered a seg fault that occurs in
array_udiff_assoc on second request (we have a tool that executes each phpt
3 times. all zend extensions were disabled).
Tested with apache module.
To reproduce:
use apache bench on the script from Reproduce code section (this is phpt:
ext/standard/tests/array/array_udiff_assoc_basic.phpt) as follows:
ab -c10 -n10000 [script url]
This is reproduced on 5.2.5 as well and was also tested on lampp.
Reproduced everywhere.
Reproduce code:
---------------
<?php
/*
* proto array array_udiff_assoc ( array $array1, array $array2 [, array $
..., callback $data_compare_func] )
* Function is implemented in ext/standard/array.c
*/
class cr {
private $priv_member;
function cr($val) {
$this->priv_member = $val;
}
static function comp_func_cr($a, $b) {
if ($a->priv_member === $b->priv_member) return 0;
return ($a->priv_member > $b->priv_member) ? 1 : -1;
}
}
$a = array("0.1" => new cr(9), "0.5" => new cr(12), 0 => new cr(23), 1 =>
new cr(4), 2 => new cr(-15),);
$b = array("0.2" => new cr(9), "0.5" => new cr(22), 0 => new cr(3), 1 =>
new cr(4), 2 => new cr(-15),);
$result = array_udiff_assoc($a, $b, array("cr", "comp_func_cr"));
var_dump($result);
?>
Expected result:
----------------
array\(3\) \{
\["0\.1"\]\=\>
object\(cr\)#[0-9]+ \(1\) \{
\["priv_member\:private"\]\=\>
int\(9\)
\}
\["0\.5"\]\=\>
object\(cr\)#[0-9]+ \(1\) \{
\["priv_member\:private"\]\=\>
int\(12\)
\}
\[0\]\=\>
object\(cr\)#[0-9]+ \(1\) \{
\["priv_member\:private"\]\=\>
int\(23\)
\}
\}
Actual result:
--------------
Fatal error: Non-static method (null)::1() cannot be called statically in
/var/www/php-5.2.6/ext/standard/tests/array/array_udiff_assoc_basic.php on
line 18.
************************************************************************
gdb output:
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1216059728 (LWP 29528)]
0xb7c0d583 in strlen () from /lib/tls/i686/cmov/libc.so.6
(gdb) bt
0 0xb7c0d583 in strlen () from /lib/tls/i686/cmov/libc.so.6
1 0xb74da70a in vspprintf (pbuf=0xbfd49e28, max_len=1024, format=<value
optimized out>, ap=0xbfd49ed8 "") at /php-5.2.6/main/spprintf.c:550
2 0xb74d7b7a in php_error_cb (type=1, error_filename=0x8360540
"/var/www/tests/1.php", error_lineno=18,
format=0xb779af4c "Non-static method %s::%s() cannot be called
statically", args=0xbfd49ed8 "") at /php-5.2.6/main/main.c:799
3 0xb751d257 in zend_error (type=1, format=0xb779af4c "Non-static method
%s::%s() cannot be called statically") at /php-5.2.6/Zend/zend.c:976
4 0xb7510b0f in zend_call_function (fci=0xbfd49fdc, fci_cache=0xb781f810)
at /php-5.2.6/Zend/zend_execute_API.c:991
5 0xb74620f7 in zval_user_compare (a=0x836459c, b=0x8364b2c) at
/php-5.2.6/ext/standard/array.c:2943
6 0xb745dadb in php_array_diff_key (ht=<value optimized out>,
return_value=0x83605f4, return_value_ptr=<value optimized out>,
this_ptr=0x0,
return_value_used=1, data_compare_type=1) at
/php-5.2.6/ext/standard/array.c:3509
7 0xb754d98f in zend_do_fcall_common_helper_SPEC (execute_data=0xbfd4a4cc)
at /php-5.2.6/Zend/zend_vm_execute.h:200
8 0xb753cff8 in execute (op_array=0x83602f4) at
/php-5.2.6/Zend/zend_vm_execute.h:92
9 0xb751bfe3 in zend_execute_scripts (type=8, retval=<value optimized
out>, file_count=3) at /php-5.2.6/Zend/zend.c:1134
10 0xb74d5312 in php_execute_script (primary_file=0xbfd4c788) at
/php-5.2.6/main/main.c:2005
11 0xb75a36ab in php_handler (r=0x839ffa8) at
/php-5.2.6/sapi/apache2handler/sapi_apache2.c:629
12 0x08079259 in ap_run_handler ()
13 0x0807c5b7 in ap_invoke_handler ()
14 0x08089998 in ap_process_request ()
15 0x08086c9b in ?? ()
16 0x0839ffa8 in ?? ()
17 0x00000004 in ?? ()
18 0x0839ffa8 in ?? ()
19 0x00000000 in ?? ()
--
Edit bug report at http://bugs.php.net/?id=45312&edit=1
--
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=45312&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=45312&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=45312&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=45312&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=45312&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=45312&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=45312&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=45312&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=45312&r=support
Expected behavior: http://bugs.php.net/fix.php?id=45312&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=45312&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=45312&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=45312&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=45312&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=45312&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=45312&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=45312&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=45312&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=45312&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=45312&r=mysqlcfg
