Bug #61730 [Opn->Fbk]: Segfault from array_walk modifying an array passed by reference

aharvey Fri, 13 Apr 2012 19:56:14 -0700

Edit report at https://bugs.php.net/bug.php?id=61730&edit=1


 ID:                 61730
 Updated by:         ahar...@php.net
 Reported by:        joe dot lencioni at gmail dot com
 Summary:            Segfault from array_walk modifying an array passed
                     by reference
-Status:             Open
+Status:             Feedback
 Type:               Bug
-Package:            Arrays related
+Package:            Reproducible crash
 Operating System:   2.6.32-131.0.15.el6.x86_64
 PHP Version:        5.3.10
 Block user comment: N
 Private report:     N

 New Comment:

Does the crash only occur if xdebug is installed?

Also, can you please generate the backtrace again with the relevant debuginfo 
package installed?


Previous Comments:
------------------------------------------------------------------------
[2012-04-13 20:25:07] joe dot lencioni at gmail dot com

Description:
------------
The following code produces a segmentation fault.

Interestingly, if I remove either the unset or the modifying of the array 
values, it 
seems to work fine. Also, this only segfaults when the size of the array is 
larger. At 
1000 or lower, it worked fine.

We are using Xdebug 2.2.0rc1

gdb backtrace:

GNU gdb (GDB) Red Hat Enterprise Linux (7.2-50.el6)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/php...(no debugging symbols found)...done.
[New Thread 8825]
Reading symbols from /lib64/libcrypt.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libcrypt.so.1
Reading symbols from /usr/lib64/libedit.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libedit.so.0
Reading symbols from /lib64/libncurses.so.5...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/libncurses.so.5
Reading symbols from /usr/lib64/libgmp.so.3...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libgmp.so.3
Reading symbols from /lib64/libbz2.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libbz2.so.1
Reading symbols from /lib64/libz.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libz.so.1
Reading symbols from /lib64/libpcre.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib64/libpcre.so.0
Reading symbols from /lib64/librt.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/librt.so.1
Reading symbols from /lib64/libm.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib64/libm.so.6
Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libdl.so.2
Reading symbols from /lib64/libnsl.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libnsl.so.1
Reading symbols from /usr/lib64/libxml2.so.2...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libxml2.so.2
Reading symbols from /lib64/libgssapi_krb5.so.2...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/libgssapi_krb5.so.2
Reading symbols from /lib64/libkrb5.so.3...(no debugging symbols found)...done.
Loaded symbols for /lib64/libkrb5.so.3
Reading symbols from /lib64/libk5crypto.so.3...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/libk5crypto.so.3
Reading symbols from /lib64/libcom_err.so.2...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/libcom_err.so.2
Reading symbols from /usr/lib64/libssl.so.10...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libssl.so.10
Reading symbols from /usr/lib64/libcrypto.so.10...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libcrypto.so.10
Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib64/libc.so.6
Reading symbols from /lib64/libresolv.so.2...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/libresolv.so.2
Reading symbols from /lib64/libfreebl3.so...(no debugging symbols found)...done.
Loaded symbols for /lib64/libfreebl3.so
Reading symbols from /lib64/libtinfo.so.5...(no debugging symbols found)...done.
Loaded symbols for /lib64/libtinfo.so.5
Reading symbols from /lib64/libpthread.so.0...(no debugging symbols 
found)...done.
[Thread debugging using libthread_db enabled]
Loaded symbols for /lib64/libpthread.so.0
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /lib64/libkrb5support.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/libkrb5support.so.0
Reading symbols from /lib64/libkeyutils.so.1...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/libkeyutils.so.1
Reading symbols from /lib64/libselinux.so.1...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/libselinux.so.1
Reading symbols from /usr/lib64/php/modules/xdebug.so...done.
Loaded symbols for /usr/lib64/php/modules/xdebug.so
Reading symbols from /usr/lib64/php/modules/apc.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/php/modules/apc.so
Reading symbols from /usr/lib64/php/modules/curl.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/php/modules/curl.so
Reading symbols from /usr/lib64/libcurl.so.4...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libcurl.so.4
Reading symbols from /lib64/libidn.so.11...(no debugging symbols found)...done.
Loaded symbols for /lib64/libidn.so.11
Reading symbols from /lib64/libldap-2.4.so.2...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/libldap-2.4.so.2
Reading symbols from /usr/lib64/libssl3.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libssl3.so
Reading symbols from /usr/lib64/libsmime3.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libsmime3.so
Reading symbols from /usr/lib64/libnss3.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libnss3.so
Reading symbols from /usr/lib64/libnssutil3.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libnssutil3.so
Reading symbols from /lib64/libplds4.so...(no debugging symbols found)...done.
Loaded symbols for /lib64/libplds4.so
Reading symbols from /lib64/libplc4.so...(no debugging symbols found)...done.
Loaded symbols for /lib64/libplc4.so
Reading symbols from /lib64/libnspr4.so...(no debugging symbols found)...done.
Loaded symbols for /lib64/libnspr4.so
Reading symbols from /usr/lib64/libssh2.so.1...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libssh2.so.1
Reading symbols from /lib64/liblber-2.4.so.2...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/liblber-2.4.so.2
Reading symbols from /usr/lib64/libsasl2.so.2...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libsasl2.so.2
Reading symbols from /usr/lib64/php/modules/dom.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/php/modules/dom.so
Reading symbols from /usr/lib64/php/modules/fileinfo.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/php/modules/fileinfo.so
Reading symbols from /usr/lib64/php/modules/gd.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/php/modules/gd.so
Reading symbols from /usr/lib64/libt1.so.5...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libt1.so.5
Reading symbols from /usr/lib64/libfreetype.so.6...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libfreetype.so.6
Reading symbols from /usr/lib64/libX11.so.6...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libX11.so.6
Reading symbols from /usr/lib64/libXpm.so.4...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libXpm.so.4
Reading symbols from /usr/lib64/libpng12.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libpng12.so.0
Reading symbols from /usr/lib64/libjpeg.so.62...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libjpeg.so.62
Reading symbols from /usr/lib64/libxcb.so.1...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libxcb.so.1
Reading symbols from /usr/lib64/libXau.so.6...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libXau.so.6
Reading symbols from /usr/lib64/php/modules/json.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/php/modules/json.so
Reading symbols from /usr/lib64/php/modules/ldap.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/php/modules/ldap.so
Reading symbols from /usr/lib64/php/modules/mbstring.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/php/modules/mbstring.so
Reading symbols from /usr/lib64/php/modules/mcrypt.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/php/modules/mcrypt.so
Reading symbols from /usr/lib64/libmcrypt.so.4...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libmcrypt.so.4
Reading symbols from /usr/lib64/libltdl.so.7...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libltdl.so.7
Reading symbols from /usr/lib64/php/modules/mssql.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/php/modules/mssql.so
Reading symbols from /usr/lib64/libsybdb.so.5...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libsybdb.so.5
Reading symbols from /usr/lib64/libgnutls.so.26...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libgnutls.so.26
Reading symbols from /lib64/libgcrypt.so.11...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/libgcrypt.so.11
Reading symbols from /usr/lib64/libtasn1.so.3...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libtasn1.so.3
Reading symbols from /lib64/libgpg-error.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/libgpg-error.so.0
Reading symbols from /usr/lib64/php/modules/mysql.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/php/modules/mysql.so
Reading symbols from /usr/lib64/mysql/libmysqlclient.so.18...(no debugging 
symbols 
found)...done.
Loaded symbols for /usr/lib64/mysql/libmysqlclient.so.18
Reading symbols from /usr/lib64/libstdc++.so.6...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libstdc++.so.6
Reading symbols from /lib64/libgcc_s.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libgcc_s.so.1
Reading symbols from /usr/lib64/php/modules/mysqli.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/php/modules/mysqli.so
Reading symbols from /usr/lib64/php/modules/odbc.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/php/modules/odbc.so
Reading symbols from /usr/lib64/libodbc.so.2...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libodbc.so.2
Reading symbols from /usr/lib64/php/modules/pdo.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/php/modules/pdo.so
Reading symbols from /usr/lib64/php/modules/pdo_dblib.so...(no debugging 
symbols 
found)...done.
Loaded symbols for /usr/lib64/php/modules/pdo_dblib.so
Reading symbols from /usr/lib64/php/modules/pdo_mysql.so...(no debugging 
symbols 
found)...done.
Loaded symbols for /usr/lib64/php/modules/pdo_mysql.so
Reading symbols from /usr/lib64/php/modules/pdo_odbc.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/php/modules/pdo_odbc.so
Reading symbols from /usr/lib64/php/modules/pdo_sqlite.so...(no debugging 
symbols 
found)...done.
Loaded symbols for /usr/lib64/php/modules/pdo_sqlite.so
Reading symbols from /usr/lib64/libsqlite3.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libsqlite3.so.0
Reading symbols from /usr/lib64/php/modules/phar.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/php/modules/phar.so
Reading symbols from /usr/lib64/php/modules/pspell.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/php/modules/pspell.so
Reading symbols from /usr/lib64/libaspell.so.15...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libaspell.so.15
Reading symbols from /usr/lib64/libpspell.so.15...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libpspell.so.15
Reading symbols from /usr/lib64/php/modules/soap.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/php/modules/soap.so
Reading symbols from /usr/lib64/php/modules/sqlite3.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/php/modules/sqlite3.so
Reading symbols from /usr/lib64/php/modules/stats.so...done.
Loaded symbols for /usr/lib64/php/modules/stats.so
Reading symbols from /usr/lib64/php/modules/wddx.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/php/modules/wddx.so
Reading symbols from /usr/lib64/php/modules/xmlreader.so...(no debugging 
symbols 
found)...done.
Loaded symbols for /usr/lib64/php/modules/xmlreader.so
Reading symbols from /usr/lib64/php/modules/xmlwriter.so...(no debugging 
symbols 
found)...done.
Loaded symbols for /usr/lib64/php/modules/xmlwriter.so
Reading symbols from /usr/lib64/php/modules/xsl.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/php/modules/xsl.so
Reading symbols from /usr/lib64/libexslt.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libexslt.so.0
Reading symbols from /usr/lib64/libxslt.so.1...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/libxslt.so.1
Reading symbols from /usr/lib64/php/modules/zip.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib64/php/modules/zip.so
Reading symbols from /lib64/libnss_files.so.2...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/libnss_files.so.2
Core was generated by `php segfault.php'.
Program terminated with signal 11, Segmentation fault.
#0  0x00000000005bb5e2 in zend_hash_get_current_data_ex ()
Missing separate debuginfos, use: debuginfo-install 
php-cli-5.3.10-2.el6.remi.x86_64
(gdb) bt
#0  0x00000000005bb5e2 in zend_hash_get_current_data_ex ()
#1  0x00000000004f0d98 in ?? ()
#2  0x00000000004f1538 in ?? ()
#3  0x00007fdc92cbc367 in xdebug_execute_internal 
(current_execute_data=0x7fdc4a547050,
    return_value_used=0) at /var/tmp/xdebug/xdebug.c:1468
#4  0x00000000005fda96 in ?? ()
#5  0x00000000005d5310 in execute ()
#6  0x00007fdc92cbcac9 in xdebug_execute (op_array=0x2276040) at 
/var/tmp/xdebug/xdebug.c:1376
#7  0x00000000005aee5d in zend_execute_scripts ()
#8  0x000000000055c0f8 in php_execute_script ()
#9  0x0000000000639b57 in ?? ()
#10 0x0000003c7601ecdd in __libc_start_main () from /lib64/libc.so.6
#11 0x0000000000422319 in _start ()

Test script:
---------------
$myArray = array_fill(0, 10000, md5('test'));

array_walk(
    $myArray,
    function($value, $key, $myArray)
    {
      if (rand(0, 1)) {
        unset($myArray[$key]);
      } else if (rand(0, 1)) {
        $myArray[$key] = md5(rand(0, 10000));
      }
    },
    &$myArray
);

Expected result:
----------------
No segmentation fault

Actual result:
--------------
Segmentation fault


------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=61730&edit=1

Bug #61730 [Opn->Fbk]: Segfault from array_walk modifying an array passed by reference

Reply via email to