#47673 [NEW]: calling phpinfo() after tokenizer token_get_all() results in Segfault

[serhii dot piddubchak at gmail dot com]

From:             serhii dot piddubchak at gmail dot com
Operating system: FreeBSD 7.1
PHP version:      5.2.9
PHP Bug Type:     Reproducible crash
Bug description:  calling phpinfo() after tokenizer token_get_all() results in 
Segfault

Description:
------------
I'm getting a segmentation fault when trying to call phpinfo() after
token_get_all();
phpinfo() works fine if called before token_get_all();

Here is a short information about my system:
PHP Version 5.2.8
FreeBSD medved.hvosting.ua 7.1-RELEASE FreeBSD 7.1-RELEASE #0: Thu Jan 22
09:27:15 UTC 2009 r...@free.ds:/usr/obj/usr/src/sys/ISPSYSTEM amd64

Build Date      Feb 11 2009 15:20:04

Configure Command       './configure' '--with-layout=GNU'
'--with-config-file-scan-dir=/usr/local/etc/php' '--disable-all'
'--enable-libxml' '--with-libxml-dir=/usr/local' '--with-pcre-regex=yes'
'--enable-reflection' '--program-prefix=' '--enable-fastcgi'
'--with-regex=php' '--with-zend-vm=CALL' '--enable-zend-multibyte'
'--disable-ipv6' '--prefix=/usr/local' '--mandir=/usr/local/man'
'--infodir=/usr/local/info/' '--build=amd64-portbld-freebsd7.1'

Server API      CGI/FastCGI

Also there is no extensions like eAccelerator or ZendOptimizer.
Also I tried it on another FreeBSD 6.1 system, PHP5.2.8 configured as
apache module, the bug wasn't reproducible. So, it looks like CGI/FastCGI
or 64bit arch issue. Thanks in advance for any help.

I can't install PHP5.2.9 because I don't own the server, it is a hosting
account but I think it is reproducible in 5.2.9 since I didn't notice
something relevant fixed in Changelog for 5.2.9

Reproduce code:
---------------
<?php

$tokens = token_get_all('/* comment */');
phpinfo();

?>

Expected result:
----------------
Expected result is to see full output from phpinfo()

Actual result:
--------------
The first summary table of phpinfo is printed, then process crashes with
core dump.

Here is a backtrace:
This GDB was configured as "amd64-marcel-freebsd"...(no debugging symbols
found)...
Core was generated by `php-cgi'.
Program terminated with signal 11, Segmentation fault.

...

Reading symbols from /lib/libc.so.7...(no debugging symbols
found)...done.
Loaded symbols for /lib/libc.so.7
Reading symbols from /usr/local/lib/php/20060613/tokenizer.so...(no
debugging symbols found)...done.
Loaded symbols for /usr/local/lib/php/20060613/tokenizer.so

...

#0  0x000000080121ee80 in ?? ()
[New Thread 0x8012b5180 (LWP 100392)]
(gdb) bt
#0  0x000000080121ee80 in ?? ()
#1  0x00000000005065e1 in zend_html_puts ()
#2  0x0000000000494738 in php_print_info ()
#3  0x00000000004948ae in zif_phpinfo ()
#4  0x00000000005397d2 in zend_do_fcall_common_helper_SPEC ()
#5  0x000000000052ba87 in execute ()
#6  0x000000000050f177 in zend_execute_scripts ()
#7  0x00000000004d2767 in php_execute_script ()
#8  0x0000000000586773 in main ()

-- 
Edit bug report at http://bugs.php.net/?id=47673&edit=1
-- 
Try a CVS snapshot (PHP 5.2):        
http://bugs.php.net/fix.php?id=47673&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):        
http://bugs.php.net/fix.php?id=47673&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):        
http://bugs.php.net/fix.php?id=47673&r=trysnapshot60
Fixed in CVS:                        
http://bugs.php.net/fix.php?id=47673&r=fixedcvs
Fixed in CVS and need be documented: 
http://bugs.php.net/fix.php?id=47673&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=47673&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=47673&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=47673&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=47673&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=47673&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=47673&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=47673&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=47673&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=47673&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=47673&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=47673&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=47673&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=47673&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=47673&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=47673&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=47673&r=mysqlcfg