Bug #65284 [Com]: Segmentation fault with the CLI
Edit report at https://bugs.php.net/bug.php?id=65284edit=1 ID: 65284 Comment by: sjon at hortensius dot net Reported by:jhaagsma at gmail dot com Summary:Segmentation fault with the CLI Status: Open Type: Bug Package:Reproducible crash Operating System: Ubuntu PHP Version:5.4.17 Block user comment: N Private report: N New Comment: Obviously a vanilla 5.4.17 doesn't crash with this script (as can easily be seen at http://3v4l.org/gBq9U ); so the problem must be your environment; or the patches that were applied. I think you're best of contacting your distro-specific maintainer for this (I noticed several debian patches which could cause this behaviour) Previous Comments: [2013-07-18 07:17:28] jhaagsma at gmail dot com Description: I was updating my machine VM's from 5.4.17RC1 to 5.4.17 and noticed a problem, it was segfaulting. Using this test file on an upgraded machine and non-upgraded machine: machine1:~$ php --version PHP 5.4.17RC1 (cli) (built: Jun 22 2013 19:27:26) Copyright (c) 1997-2013 The PHP Group Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies machine1:~$ php testphp Running from CLI machine2:~$ php --version PHP 5.4.17-1~precise+1 (cli) (built: Jul 17 2013 18:14:06) Copyright (c) 1997-2013 The PHP Group Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies machine2:~$ php testphp Segmentation fault (core dumped) This is on ubuntu using Ondrej's PPA for PHP 5.4, but he said he's not made any debian/ubuntu specific changes since RC1. Test script: --- ?php if(defined('STDIN') ) echo(Running from CLI); else echo(Not Running from CLI); ? Expected result: Expected result was Running from CLI Actual result: -- Segmentation fault (core dumped) -- Edit this bug report at https://bugs.php.net/bug.php?id=65284edit=1
Bug #64896 [Com]: Segfault with gc_collect_cycles using unserialize on certain objects
Edit report at https://bugs.php.net/bug.php?id=64896edit=1 ID: 64896 Comment by: sjon at hortensius dot net Reported by:mark dot chong at acquireap dot com Summary:Segfault with gc_collect_cycles using unserialize on certain objects Status: Open Type: Bug Package:Reproducible crash Operating System: ubuntu PHP Version:5.4.15 Block user comment: N Private report: N New Comment: @laruence I can reproduce this easily, see http://3v4l.org/Z9Bg7#v545 every version of PHP since 5.4.5 segfaults on the script (without xdebug) here is your backtrace without xdebug: #0 0x00608737 in ?? () #1 0x0061f349 in _zval_ptr_dtor () #2 0x0063b8d8 in zend_hash_destroy () #3 0x0062d37b in _zval_dtor_func () #4 0x0069e31d in ?? () #5 0x0065508f in execute () #6 0x00621190 in zend_call_function () #7 0x00644e55 in zend_call_method () #8 0x0064eab2 in zend_objects_destroy_object () #9 0x0064c9a8 in gc_collect_cycles () #10 0x0063e699 in ?? () #11 0x006d6d6c in ?? () #12 0x0065508f in execute () #13 0x0062fb94 in zend_execute_scripts () #14 0x005d1afc in php_execute_script () #15 0x006d8d1f in ?? () #16 0x0042615d in ?? () #17 0x7690fa15 in __libc_start_main () from /usr/lib/libc.so.6 #18 0x004261f9 in _start () With a debug-build; this problem seems unreproducable Previous Comments: [2013-05-24 13:23:43] larue...@php.net please disable xdebug then try again [2013-05-24 01:21:08] edward dot savage at dodo dot com With the given test case I get the segfault as described (Ubuntu 13.04/PHP 5.4.9-4ubuntu2). I found that I could work around it by adding a function like 'usleep(1);' or '$var = 2;' between global and the $bar operation in the destructor. A simple operation like '6^123;', even repeated at length, wasn't enough to avoid the fault. Once the test case was running without crashing I started looking at the array assignment to $bar. I found that printing the result of $bar after the destructor ran showed that the values of $this-_private were lost from the global $bar. Even more information is lost when gc_collect_cycles is executed. It can be shown to only be the values as an assigned multidimensional array will retain its keys. This loss of data and the segfault can be avoided by moving the $bar assignment into a pseudo destructor or by removing the circular reference. However, for the reported case there is definitely a data integrity issue when assigning an array to a global in a __destruct with a circular reference present. I could not repeat this issue with other types of assignment like string and object. [2013-05-22 08:42:45] mark dot chong at acquireap dot com I have run the test case on 3 different machines which call caused a segfault, bellow is the bt from one of them #0 _zend_mm_free_int (heap=0xe09290, p=0x77e793a8) at /tmp/buildd/php5- 5.4.15/Zend/zend_alloc.c:2100 #1 0x0068d97a in _zval_dtor (zvalue=optimised out) at /tmp/buildd/php5-5.4.15/Zend/zend_variables.h:35 #2 _zval_ptr_dtor (zval_ptr=0x77e779a0) at /tmp/buildd/php5- 5.4.15/Zend/zend_execute_API.c:438 #3 _zval_ptr_dtor (zval_ptr=0x77e779a0) at /tmp/buildd/php5- 5.4.15/Zend/zend_execute_API.c:427 #4 0x006aab38 in zend_hash_destroy (ht=0x77e778e0) at /tmp/buildd/php5-5.4.15/Zend/zend_hash.c:560 #5 0x0069b8fb in _zval_dtor_func (zvalue=0x7fffa5a0) at /tmp/buildd/php5-5.4.15/Zend/zend_variables.c:45 #6 0x00718e7d in zend_assign_to_variable (value=0x77e776d8, variable_ptr_ptr=0x77e40410) at /tmp/buildd/php5- 5.4.15/Zend/zend_execute.c:937 #7 ZEND_ASSIGN_SPEC_CV_VAR_HANDLER (execute_data=0x77e40378) at /tmp/buildd/php5-5.4.15/Zend/zend_vm_execute.h:33084 #8 0x006feaa7 in execute (op_array=0x77e76af0) at /tmp/buildd/php5- 5.4.15/Zend/zend_vm_execute.h:410 #9 0x7400fa81 in xdebug_execute (op_array=0x77e76af0) at /srv/debian_developer/xdebug/xdebug-2.2.1/build-php5/xdebug.c:1391 #10 0x0068f7e0 in zend_call_function (fci=fci@entry=0x7fffa970, fci_cache=0x77e73bb0, fci_cache@entry=0x7fffa940) at /tmp/buildd/php5-5.4.15/Zend/zend_execute_API.c:958 #11 0x006b4115 in zend_call_method (object_pp=object_pp@entry=0x7fffaa28, obj_ce=optimised out, fn_proxy=fn_proxy@entry=0x7fffaa20, function_name=function_name@entry=0xaa42a0 __destruct, function_name_len=function_name_len@entry=10, retval_ptr_ptr=retval_ptr_ptr@entry=0x0, param_count=param_count@entry=0, arg1=arg1@entry=0x0
Bug #64938 [Opn]: libxml_disable_entity_loader setting is shared between threads
Edit report at https://bugs.php.net/bug.php?id=64938edit=1 ID: 64938 User updated by:Sjon at hortensius dot net Reported by:Sjon at hortensius dot net -Summary:libxml_disable_entity_loader setting is shared between hits +Summary:libxml_disable_entity_loader setting is shared between threads Status: Open Type: Bug Package:FPM related Operating System: Archlinux PHP Version:5.4.15 Block user comment: N Private report: N New Comment: Clarified summary Previous Comments: [2013-05-29 07:21:46] sjon at hortensius dot net Related To: Bug #62577 [2013-05-28 13:43:33] Sjon at hortensius dot net Description: The libxml_disable_entity_loader() setting is shared between hits in a FPM process. Therefore; our script have the external entity-loader randomly enabled/disabled. Test script: --- ?php die(var_dump(libxml_disable_entity_loader(false))); Expected result: The default setting (which is true since 5.4.13) should always be var_dump-ed Actual result: -- since this setting is remembered in the thread; after a while all hits return false -- Edit this bug report at https://bugs.php.net/bug.php?id=64938edit=1
Bug #62577 [Com]: simplexml_load_file does not file if libxml_disable_entity_loader(true)
Edit report at https://bugs.php.net/bug.php?id=62577edit=1 ID: 62577 Comment by: Sjon at hortensius dot net Reported by:ivan dot enderlin at hoa-project dot net Summary:simplexml_load_file does not file if libxml_disable_entity_loader(true) Status: Assigned Type: Bug Package:SimpleXML related Operating System: All PHP Version:master-Git-2012-07-16 (Git) Assigned To:rrichards Block user comment: N Private report: N New Comment: I can confirm this issue; it is very annoying and unexpected. Can't the code, as a work-around use file-get-contents + simplexml_load_string internally? This issue is also related to #22215 imo Previous Comments: [2012-11-15 11:03:10] paj...@php.net hi Rob! What would be the best/cleanest fix for this issue? It affects quite a lot of apps out there. Thanks! [2012-07-16 09:25:29] ivan dot enderlin at hoa-project dot net I think it's not a normal behavior. [2012-07-16 09:22:31] jpa...@php.net http://lxr.php.net/xref/PHP_5_4/ext/libxml/libxml.c#1058 libxml_disable_entity_loader(true) registers a NULL function (http://lxr.php.net/xref/PHP_5_4/ext/libxml/libxml.c#372) as callback for URI input file handling in libxml. So you cant open any file with libxml after having called this function. Is that the correct behavior ? I have no clue to answer that [2012-07-16 08:56:06] ivan dot enderlin at hoa-project dot net Description: The function simplexml_load_file() failed to open any file (existing or not) if libxml_disable_entity_loader(true) has been called. I have tried with simplexml_load_string(), it works; same with new SimpleXMLElement() etc. The bug is restricted to the simplexml_load_file() function. Test script: --- ?php libxml_use_internal_errors(true); libxml_disable_entity_loader(true); $xml = simplexml_load_file('foo'); print_r(libxml_get_errors()); var_dump($xml); Expected result: Array ( ) ⦠Actual result: -- Array ( [0] = LibXMLError Object ( [level] = 1 [code] = 1549 [column] = 0 [message] = failed to load external entity foo [file] = [line] = 0 ) ) bool(false) -- Edit this bug report at https://bugs.php.net/bug.php?id=62577edit=1
Bug #62577 [Com]: simplexml_load_file does not file if libxml_disable_entity_loader(true)
Edit report at https://bugs.php.net/bug.php?id=62577edit=1 ID: 62577 Comment by: sjon at hortensius dot net Reported by:ivan dot enderlin at hoa-project dot net Summary:simplexml_load_file does not file if libxml_disable_entity_loader(true) Status: Assigned Type: Bug Package:SimpleXML related Operating System: All PHP Version:master-Git-2012-07-16 (Git) Assigned To:rrichards Block user comment: N Private report: N New Comment: I can confirm this issue; it is very annoying and unexpected. Can't the code, as a work-around use file-get-contents + simplexml_load_string internally? This issue is also related to bug #64938 imo Previous Comments: [2013-05-29 07:20:39] Sjon at hortensius dot net I can confirm this issue; it is very annoying and unexpected. Can't the code, as a work-around use file-get-contents + simplexml_load_string internally? This issue is also related to #22215 imo [2012-11-15 11:03:10] paj...@php.net hi Rob! What would be the best/cleanest fix for this issue? It affects quite a lot of apps out there. Thanks! [2012-07-16 09:25:29] ivan dot enderlin at hoa-project dot net I think it's not a normal behavior. [2012-07-16 09:22:31] jpa...@php.net http://lxr.php.net/xref/PHP_5_4/ext/libxml/libxml.c#1058 libxml_disable_entity_loader(true) registers a NULL function (http://lxr.php.net/xref/PHP_5_4/ext/libxml/libxml.c#372) as callback for URI input file handling in libxml. So you cant open any file with libxml after having called this function. Is that the correct behavior ? I have no clue to answer that [2012-07-16 08:56:06] ivan dot enderlin at hoa-project dot net Description: The function simplexml_load_file() failed to open any file (existing or not) if libxml_disable_entity_loader(true) has been called. I have tried with simplexml_load_string(), it works; same with new SimpleXMLElement() etc. The bug is restricted to the simplexml_load_file() function. Test script: --- ?php libxml_use_internal_errors(true); libxml_disable_entity_loader(true); $xml = simplexml_load_file('foo'); print_r(libxml_get_errors()); var_dump($xml); Expected result: Array ( ) ⦠Actual result: -- Array ( [0] = LibXMLError Object ( [level] = 1 [code] = 1549 [column] = 0 [message] = failed to load external entity foo [file] = [line] = 0 ) ) bool(false) -- Edit this bug report at https://bugs.php.net/bug.php?id=62577edit=1
Bug #27792 [Com]: [PATCH] Functions fail on large files (filesize,is_file,is_dir,readdir)
Edit report at https://bugs.php.net/bug.php?id=27792edit=1 ID: 27792 Comment by: Sjon at hortensius dot net Reported by:kode at kodekrash dot com Summary:[PATCH] Functions fail on large files (filesize,is_file,is_dir,readdir) Status: Critical Type: Bug Package:Filesystem function related Operating System: * (LFS) PHP Version:5.*, 6CVS (2009-04-30) Block user comment: N Private report: N New Comment: According to http://3v4l.org/sBClC; this is not a problem on a 64 bits linux machine (on any php version). I propose (since this bug obviously won't be fixed) to close this issue and tell people to use 64 bits machines instead of trying to get LFS support in PHP Previous Comments: [2012-08-09 13:28:31] adu at rdsor dot ro @marcb I tested it in PHP 5.4.0 (cli) (built: Apr 12 2012 13:02:59)) on Ubuntu 12.04 kernel 3.0.0-19 i686 and the BUG is still here. Reproduced code: $fname = 'file_of_7GB'; var_dump(filesize( $fname )); // PHP Warning: filesize(): stat failed for file_of_7GB in php_bug_27792.php on line 4 // dumps bool(false) var_dump(is_file( $fname )); // dumps bool(false) var_dump(is_dir( $fname )); // dumps bool(false) $fname = 'file_of_354MB'; var_dump(filesize( $fname )); // dumps int(370336155) var_dump(is_file( $fname )); // dumps bool(true) var_dump(is_dir( $fname )); // dumps bool(false) [2011-01-05 04:46:23] marcb at voicemeup dot com Is anyone able to confirm if this was fixed in any of the 5.X branch ? This is a pretty stupid problem to have to deal with ! [2009-11-12 10:27:45] boite dot pour dot spam at gmail dot com The patch from Wez doesn't work, as it assumes size_t are 64 bits, which is not the case, even when LFS is defined. The patch from Mail Pourri works on 5.3.0 (I haven't tested in 5.3.1) [2009-09-14 08:59:36] j...@php.net The latest patch for this: http://www.php.net/~wez/lfs.diff [2009-07-11 13:40:57] mail dot pourri at laposte dot net Please see fix in http://bugs.php.net/bug.php?id=48886 The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=27792 -- Edit this bug report at https://bugs.php.net/bug.php?id=27792edit=1
Bug #64868 [Com]: segfault in zval_mark_grey(), Zend/zend_gc.c:421
Edit report at https://bugs.php.net/bug.php?id=64868edit=1 ID: 64868 Comment by: Sjon at hortensius dot net Reported by:martin dot schuette at icans-gmbh dot com Summary:segfault in zval_mark_grey(), Zend/zend_gc.c:421 Status: Open Type: Bug Package:Reproducible crash Operating System: Debian Linux PHP Version:5.4.15 Block user comment: N Private report: N New Comment: Well pinpointing this should be easy; open PHPUnit_Util_Test and look for the usage of REGEX_REQUIRES (which is in your trace). Var dump the parameters and tell us which ones were passed that caused that caused the segfault? Previous Comments: [2013-05-21 10:09:13] martin dot schuette at icans-gmbh dot com So far I was unable to reproduce the crash with a smaller code sample (i.e. without requiring our complete application and test suite). [2013-05-17 10:57:43] larue...@php.net could you please provide a reproduce test script? thanks [2013-05-17 10:47:30] martin dot schuette at icans-gmbh dot com Description: As part of a PHPUnit test suite I get this segfault. Interestingly it depends on phpunit's command line options. Segfault with phpunit -c app/phpunit.xml.dist --log-junit /dev/null No problem with phpunit -c app/phpunit.xml.dist and phpunit -c app/phpunit.xml.dist --log-junit /dev/null --debug Without GC it works as well: php -dzend.enable_gc=0 /usr/bin/phpunit -c app/phpunit.xml.dist --log-junit /dev/null Expected result: complete PHPUnit run Actual result: -- deploy@jenkins:/tmp/gitphp -v PHP 5.4.4-14 (cli) (built: Mar 4 2013 14:08:43) Copyright (c) 1997-2012 The PHP Group Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies deploy@jenkins:/tmp/gitgdb --args php /usr/bin/phpunit -c app/phpunit.xml.dist --log-junit /dev/null GNU gdb (GDB) 7.4.1-debian Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type show copying and show warranty for details. This GDB was configured as x86_64-linux-gnu. For bug reporting instructions, please see: http://www.gnu.org/software/gdb/bugs/... Reading symbols from /usr/bin/php...Reading symbols from /usr/lib/debug/usr/bin/php5...done. done. (gdb) run Starting program: /usr/bin/php /usr/bin/phpunit -c app/phpunit.xml.dist --log-junit /dev/null [Thread debugging using libthread_db enabled] Using host libthread_db library /lib/x86_64-linux-gnu/libthread_db.so.1. warning: the debug information found in /usr/lib/debug//usr/lib/php5/20100525/mysql.so does not match /usr/lib/php5/20100525/mysql.so (CRC mismatch). warning: the debug information found in /usr/lib/debug/usr/lib/php5/20100525/mysql.so does not match /usr/lib/php5/20100525/mysql.so (CRC mismatch). warning: the debug information found in /usr/lib/debug//usr/lib/php5/20100525/mysqli.so does not match /usr/lib/php5/20100525/mysqli.so (CRC mismatch). warning: the debug information found in /usr/lib/debug/usr/lib/php5/20100525/mysqli.so does not match /usr/lib/php5/20100525/mysqli.so (CRC mismatch). warning: the debug information found in /usr/lib/debug//usr/lib/php5/20100525/pdo_mysql.so does not match /usr/lib/php5/20100525/pdo_mysql.so (CRC mismatch). warning: the debug information found in /usr/lib/debug/usr/lib/php5/20100525/pdo_mysql.so does not match /usr/lib/php5/20100525/pdo_mysql.so (CRC mismatch). [New Thread 0x7fffe80d8700 (LWP 27679)] [Thread 0x7fffe80d8700 (LWP 27679) exited] PHPUnit 3.7.10 by Sebastian Bergmann. Configuration read from /tmp/git/app/phpunit.xml.dist . 61 / 3421 ( 1%) ...S. 122 / 3421 ( 3%) . 183 / 3421 ( 5%) . 244 / 3421 ( 7%) . 305 / 3421 ( 8%) . 366 / 3421 ( 10%) . 427 / 3421 ( 12%) . 488 / 3421 ( 14%) . 549 / 3421 ( 16%) . 610 / 3421 ( 17%) . 671 / 3421 ( 19%) . 732 / 3421 ( 21
[PHP-BUG] Bug #64938 [NEW]: libxml_disable_entity_loader setting is shared between hits
From: Sjon at hortensius dot net Operating system: Archlinux PHP version: 5.4.15 Package: FPM related Bug Type: Bug Bug description:libxml_disable_entity_loader setting is shared between hits Description: The libxml_disable_entity_loader() setting is shared between hits in a FPM process. Therefore; our script have the external entity-loader randomly enabled/disabled. Test script: --- ?php die(var_dump(libxml_disable_entity_loader(false))); Expected result: The default setting (which is true since 5.4.13) should always be var_dump-ed Actual result: -- since this setting is remembered in the thread; after a while all hits return false -- Edit bug report at https://bugs.php.net/bug.php?id=64938edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=64938r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=64938r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=64938r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=64938r=fixed Fixed in release: https://bugs.php.net/fix.php?id=64938r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=64938r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=64938r=needscript Try newer version: https://bugs.php.net/fix.php?id=64938r=oldversion Not developer issue:https://bugs.php.net/fix.php?id=64938r=support Expected behavior: https://bugs.php.net/fix.php?id=64938r=notwrong Not enough info: https://bugs.php.net/fix.php?id=64938r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=64938r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=64938r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=64938r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=64938r=dst IIS Stability: https://bugs.php.net/fix.php?id=64938r=isapi Install GNU Sed:https://bugs.php.net/fix.php?id=64938r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=64938r=float No Zend Extensions: https://bugs.php.net/fix.php?id=64938r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=64938r=mysqlcfg
Bug #64395 [Com]: Wrong result
Edit report at https://bugs.php.net/bug.php?id=64395edit=1 ID: 64395 Comment by: sjon at hortensius dot net Reported by:abc905 at mail dot ru Summary:Wrong result Status: Open Type: Bug Package:Network related Operating System: Windows 7 x64 PHP Version:5.4.13 Block user comment: N Private report: N New Comment: Php interprets numbers with leading zeros as octal [1]. Octal 011 = Decimal 9. Also, I think this is not a valid IP address notation. This is fixed in newer PHP versions, where this format is rejected and false is returned; see http://3v4l.org/EBD9k 1. http://php.net/manual/en/language.types.integer.php Previous Comments: [2013-03-28 15:48:28] abc905 at mail dot ru PHP. Ver. 5.4.13 (Open Server Win7 x64) Output: 1.1.011.011 - 1.1.9.9 1.1.071.071 - 1.1.57.57 1.1.081.081 - 0.0.0.0 Looks like long2ip() converts segments with leading zero as octal. [2013-03-21 16:11:01] abc905 at mail dot ru Unfortunatly my output is wrong PHP. Ver. 5.4.11 (Open Server Win7 x64) and 5.4.9 (Windows Installer install) Output: 1.1.011.011 - 1.1.9.9 1.1.071.071 - 1.1.57.57 1.1.081.081 - 0.0.0.0 Looks like long2ip() converts segments with leading zero as octal. [2013-03-17 02:39:34] pete at petermcdonald dot co dot uk I have tried to reproduce on php 5.4.11 (zend server install) using code specified but output is expected 1.1.11.11. [2013-03-08 19:54:51] abc905 at mail dot ru Description: Hello, It seems ip2long function returns wrong result 1.1.9.9 instead of 1.1.11.11 when convert ip address like '1.1.011.011' Thank you, Alexander --- From manual page: http://www.php.net/function.long2ip --- Test script: --- $ip = '1.1.011.011'; $ip_long = sprintf(%u, ip2long($ip)); print long2ip($ip_long); -- Edit this bug report at https://bugs.php.net/bug.php?id=64395edit=1
Bug #63898 [Com]: json_encode sets string to null for invalid characters
Edit report at https://bugs.php.net/bug.php?id=63898edit=1 ID: 63898 Comment by: Sjon at hortensius dot net Reported by:sreed at ontraport dot com Summary:json_encode sets string to null for invalid characters Status: Open Type: Bug Package:JSON related Operating System: All PHP Version:5.4.10 Block user comment: N Private report: N New Comment: This actually worked fine in 5.3.14 but was broken in 5.3.14: http://3v4l.org/Eouni#v5314 5.2.0 - 5.2.6 would truncate the character without notice but wouldn't produce invalid json either Previous Comments: [2013-01-04 01:06:40] sreed at ontraport dot com . [2013-01-04 01:04:31] sreed at ontraport dot com Description: When you use json_encode with an invalid UTF-8 byte sequence in a string PHP will generate a warning (with display_errors set to off) and the function returns an invalid json encoded string. The string with the invalid UTF-8 byte sequence is replaced with null (for example: {null:}). This is invalid json and can not be decoded with json_decode. I would think the expected behavior should be that json_encode should never returns an invalid json encoded string. It should either return false on failure as the documentation states or the invalid UTF-8 byte sequence should be handled in a way that does not corrupt the json string. Test script: --- $key = Foo . chr(163); $array = array($key = ); var_dump($array); $json = json_encode($array); echo $json.\n; var_dump(json_decode($json)); Expected result: I would expect the returned json string to be valid or for json_encode to return false. Actual result: -- array(1) { [Foo �]= string(0) } {null:} NULL -- Edit this bug report at https://bugs.php.net/bug.php?id=63898edit=1
Bug #62536 [Com]: file uploads MAX_FILE_SIZE doesn't work as described
Edit report at https://bugs.php.net/bug.php?id=62536edit=1 ID: 62536 Comment by: Sjon at hortensius dot net Reported by:danny at tibibi dot com Summary:file uploads MAX_FILE_SIZE doesn't work as described Status: Open Type: Bug Package:Unknown/Other Function Operating System: Windows Server 2008 PHP Version:5.4.4 Block user comment: N Private report: N New Comment: If you read the link I posted, you'll see that PHP _also_ checks for the defined MAX_FILE_SIZE and behaves the same as it would with max_upload_size @ini. So: PHP checks this too, but the client-side advantage isn't implemented in any browser (which is also described here: https://bugs.php.net/bug.php?id=40387) Previous Comments: [2012-07-12 17:15:01] danny at tibibi dot com Thanks for your comment. If php doesn't do anything with the variable, then why is it php returns error 2 in the $_FILES array when I set that variable, and upload a file that is smaller than the max_upload_size in the .ini file but larger than the MAX_FILE_SIZE variable I post? [2012-07-12 13:57:07] Sjon at hortensius dot net This feature is meant for clients (eg. browsers), but it seems your browser doesn't implement this feature. PHP doesn't do anything with this variable More info @ http://stackoverflow.com/questions/1381364/max-file-size-in-php-whats-the-point [2012-07-11 17:10:07] danny at tibibi dot com Description: The documentation for handling file uploads, http://us3.php.net/manual/en/features.file-upload.post-method.php states that when declaring a hidden field named MAX_FILE_SIZE, if the file submitted is larger, then the user will not have to wait longer to be told that the file was too large. ?php if (isset($_POST['MAX_FILE_SIZE'])) { echo $_FILES['file1']['error']; } ? html body form action=/test.php method=post enctype=multipart/form-data input type=hidden name=MAX_FILE_SIZE value=100 / input type=file name=file1 input type=submit value=submit /form /body /html Actual result: -- The complete file gets uploaded however big it is, and the result shows: 2 This confirms that MAX_FILE_SIZE worked, and the file was too large, but it did not stop processing the request after 100 bytes were processed. -- Edit this bug report at https://bugs.php.net/bug.php?id=62536edit=1
Bug #62536 [Com]: file uploads MAX_FILE_SIZE doesn't work as described
Edit report at https://bugs.php.net/bug.php?id=62536edit=1 ID: 62536 Comment by: Sjon at hortensius dot net Reported by:danny at tibibi dot com Summary:file uploads MAX_FILE_SIZE doesn't work as described Status: Open Type: Bug Package:Unknown/Other Function Operating System: Windows Server 2008 PHP Version:5.4.4 Block user comment: N Private report: N New Comment: This feature is meant for clients (eg. browsers), but it seems your browser doesn't implement this feature. PHP doesn't do anything with this variable More info @ http://stackoverflow.com/questions/1381364/max-file-size-in-php-whats-the-point Previous Comments: [2012-07-11 17:10:07] danny at tibibi dot com Description: The documentation for handling file uploads, http://us3.php.net/manual/en/features.file-upload.post-method.php states that when declaring a hidden field named MAX_FILE_SIZE, if the file submitted is larger, then the user will not have to wait longer to be told that the file was too large. ?php if (isset($_POST['MAX_FILE_SIZE'])) { echo $_FILES['file1']['error']; } ? html body form action=/test.php method=post enctype=multipart/form-data input type=hidden name=MAX_FILE_SIZE value=100 / input type=file name=file1 input type=submit value=submit /form /body /html Actual result: -- The complete file gets uploaded however big it is, and the result shows: 2 This confirms that MAX_FILE_SIZE worked, and the file was too large, but it did not stop processing the request after 100 bytes were processed. -- Edit this bug report at https://bugs.php.net/bug.php?id=62536edit=1
Bug #62524 [Com]: fopen follows redirects for non-3xx statuses
Edit report at https://bugs.php.net/bug.php?id=62524edit=1 ID: 62524 Comment by: Sjon at hortensius dot net Reported by:mike dot hall at twistdigital dot co dot uk Summary:fopen follows redirects for non-3xx statuses Status: Open Type: Bug Package:Streams related Operating System: Ubuntu 12.04 PHP Version:5.4.4 Block user comment: N Private report: N New Comment: A more complete example confirms this behavior: I also fixed some syntax errors ?php header('Location: http://php.net', true, 201); if (isset($_GET['waa'])) return; $context = stream_context_create(array( http = array( method = POST, header = Content-Length: 13, content = {\foo\:\bar\}, ), )); $fp = fopen('http://'.$_SERVER['SERVER_NAME']. $_SERVER['PHP_SELF'] .'?waa=1', 'r', null, $context); print(stream_get_contents($fp)); Previous Comments: [2012-07-10 16:00:52] mike dot hall at twistdigital dot co dot uk Description: The HTTP location header can either be used to direct the user to another resource (when accompanied by a 3xx status code) or to inform the user of the location of the document they just created (with a 2xx) status code. It doesn't make sense to treat the location header as a redirect in the second context - the location header indicates a redirect only when accompanied by a 3xx status code. Currently, PHP follows Location headers as if they are redirects regardless of the returned status code. Test script: --- $context = stream_context_create([ http = [ method = POST header = Content-Length: 13 content = {\foo\:\bar\}, ], ]); // Returns HTTP/1.1 201 Created // Location: http://example.com/mydb/documentid // // {status:ok} $fp = fopen('http://example.com/mydb', 'r', null, $context); $data = stream_get_contents($fp); list($headers, $body) = explode(\r\n\r\n, $data, 2); echo $body; Expected result: {status:ok} Actual result: -- {foo:bar} -- Edit this bug report at https://bugs.php.net/bug.php?id=62524edit=1
Bug #62476 [Com]: DateTime::createFromFormat z format incorrect wrt 29.02
Edit report at https://bugs.php.net/bug.php?id=62476edit=1 ID: 62476 Comment by: Sjon at hortensius dot net Reported by:kaido at tradenet dot ee Summary:DateTime::createFromFormat z format incorrect wrt 29.02 Status: Open Type: Bug Package:Calendar related Operating System: debian 2.6.32-5-amd64 PHP Version:5.4.4 Block user comment: N Private report: N New Comment: I can confirm this, this is broken since 5.3.9 http://3v4l.org/1Z4W4 Previous Comments: [2012-07-04 00:20:58] kaido at tradenet dot ee Description: When creating DateTime object from string and using z (day of year) format option, the 29.02 of the leap year is missing. works ok in 5.3.5 Test script: --- for ($d=55;$d65;$d++) { $dt = DateTime::createFromFormat ('z.Y', $d.'.2012'); $dd = $dt-format ('d.m.Y'); echo $d $dd\n; } 29.02.2012 is clearly missing .. Expected result: 55 25.02.2012 56 26.02.2012 57 27.02.2012 58 28.02.2012 59 29.02.2012 60 01.03.2012 61 02.03.2012 62 03.03.2012 63 04.03.2012 64 05.03.2012 Actual result: -- 55 25.02.2012 56 26.02.2012 57 27.02.2012 58 28.02.2012 59 01.03.2012 60 02.03.2012 61 03.03.2012 62 04.03.2012 63 05.03.2012 64 06.03.2012 -- Edit this bug report at https://bugs.php.net/bug.php?id=62476edit=1
Bug #62468 [Com]: SimpleXML memory leak, if circular references are removed by Garbage Collector
Edit report at https://bugs.php.net/bug.php?id=62468edit=1 ID: 62468 Comment by: Sjon at hortensius dot net Reported by:zerkyn at gmail dot com Summary:SimpleXML memory leak, if circular references are removed by Garbage Collector Status: Open Type: Bug Package:SimpleXML related Operating System: Windows 7, Linux PHP Version:5.3.14 Block user comment: N Private report: N New Comment: I can confirm this, but it has already been fixed in PHP 5.4. I assume this is because of the circular references that were fixed then. http://3v4l.org/JICRi Previous Comments: [2012-07-02 20:13:45] zerkyn at gmail dot com Description: The SimpleXMLElement memory leaks, when: 1) An object holds reference to a SimpleXMLElement, and 2) The object is involved in a circular references net, and 3) All external references to that net are cleared, so Garbage Collector finds that net, correctly sees it as a garbage cycle, and cleans all its objects After the Garbage Collector finishes its work, the memory, consumed by SimpleXMLElement is not freed, thus producing a memory leak. The issue is reproduced both at Windows and Linux platforms. Full version for the test script is there: https://dl.dropbox.com/u/17950262/php/issues/simplexml_memory_leak.zip Test script: --- ?php class SelfLinked { public $xml; public $me; public function __construct() { $this-xml = simplexml_load_file('pretty_big_file_of_1mb_size.xml'); $this-me = $this; } } echo Sys memory usage before: , SystemMemoryUsage(), \n; for ($i = 0; $i 1000; $i++) { $a = new SelfLinked(); unset($a); gc_collect_cycles(); } echo Sys memory usage after: , SystemMemoryUsage(), \n; /** - */ function SystemMemoryUsage() { ... // Return memory consumption by executing system tool - tasklist, ps or anything else // See https://bugs.php.net/bug.php?id=62467 on proper memory profiling of SimpleXML functions } } Expected result: Memory consumption does not change. Actual result: -- Huge increase of memory consumption is reported. -- Edit this bug report at https://bugs.php.net/bug.php?id=62468edit=1
Bug #62457 [Com]: Excuse me, is this a bug?
Edit report at https://bugs.php.net/bug.php?id=62457edit=1 ID: 62457 Comment by: Sjon at hortensius dot net Reported by:mybugs at 163 dot com Summary:Excuse me, is this a bug? Status: Open Type: Bug Package:Safe Mode/open_basedir Operating System: Microsoft Windows Server 2003 R2 PHP Version:5.4.4 Block user comment: N Private report: N New Comment: What if you remove all '@' from your script, what are the error-messages that appear? Because with those added, all errors are hidden. Previous Comments: [2012-07-01 06:43:48] mybugs at 163 dot com php.ini disable_functions =system [PATH= D:/Web/test.com/public] open_basedir [2012-07-01 06:42:05] mybugs at 163 dot com Description: php.ini [PATH= D:/Web/test.com/public] open_basedir=D:/Web/test.com/public/ Test script: --- ?php echo 'open_basedir:'.ini_get('open_basedir').'br /'; //D:\WEB\TEST_COM\ $cmd = 'ping qq.com'; echo execute('system',$cmd); echo execute('passthru',$cmd); echo execute('shell_exec',$cmd); echo execute('exec',$cmd); echo execute('popen',$cmd); function execute($type,$cfe) { $data = ''; if ($cfe) { if($type=='system') { @ob_start(); @system($cfe); $data = @ob_get_contents(); @ob_end_clean(); } elseif($type=='passthru') { @ob_start(); @passthru($cfe); $data = @ob_get_contents(); @ob_end_clean(); } elseif($type=='shell_exec') { $data = @shell_exec($cfe); } elseif($type=='exec') { @exec($cfe,$data); $data = join(\n,$data); } elseif($type=='popen') { $f = @popen($cfe,r); while(!@feof($f)) { $data .= @fread($f,1024); } @pclose($f); } } return $type.'--br /'.$data.'br /'.$type.'--br /br /'; } ? Expected result: open_basedir:D:\Web\test.com\public\ system-- system-- passthru-- Pinging qq.com [119.147.15.13] with 32 bytes of data: Reply from 119.147.15.13: bytes=32 time=11ms TTL=56 Reply from 119.147.15.13: bytes=32 time=11ms TTL=56 Reply from 119.147.15.13: bytes=32 time=11ms TTL=56 Reply from 119.147.15.13: bytes=32 time=11ms TTL=56 Ping statistics for 119.147.15.13: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 11ms, Maximum = 11ms, Average = 11ms passthru-- shell_exec-- Pinging qq.com [119.147.15.17] with 32 bytes of data: Reply from 119.147.15.17: bytes=32 time=9ms TTL=56 Reply from 119.147.15.17: bytes=32 time=9ms TTL=56 Reply from 119.147.15.17: bytes=32 time=9ms TTL=56 Reply from 119.147.15.17: bytes=32 time=9ms TTL=56 Ping statistics for 119.147.15.17: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 9ms, Maximum = 9ms, Average = 9ms shell_exec-- exec-- Pinging qq.com [119.147.15.17] with 32 bytes of data: Reply from 119.147.15.17: bytes=32 time=9ms TTL=56 Reply from 119.147.15.17: bytes=32 time=9ms TTL=56 Reply from 119.147.15.17: bytes=32 time=9ms TTL=56 Reply from 119.147.15.17: bytes=32 time=9ms TTL=56 Ping statistics for 119.147.15.17: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 9ms, Maximum = 9ms, Average = 9ms exec-- popen-- Pinging qq.com [119.147.15.17] with 32 bytes of data: Reply from 119.147.15.17: bytes=32 time=9ms TTL=56 Reply from 119.147.15.17: bytes=32 time=9ms TTL=56 Reply from 119.147.15.17: bytes=32 time=9ms TTL=56 Reply from 119.147.15.17: bytes=32 time=9ms TTL=56 Ping statistics for 119.147.15.17: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 9ms, Maximum = 9ms, Average = 9ms popen-- Actual result: -- open_basedir:D:\Web\test.com\public\ system-- system-- passthru-- passthru-- shell_exec-- shell_exec-- exec-- exec-- popen-- popen-- -- Edit this bug report at https://bugs.php.net/bug.php?id=62457edit=1
Bug #62457 [Com]: Excuse me, is this a bug?
Edit report at https://bugs.php.net/bug.php?id=62457edit=1 ID: 62457 Comment by: Sjon at hortensius dot net Reported by:mybugs at 163 dot com Summary:Excuse me, is this a bug? Status: Open Type: Bug Package:Safe Mode/open_basedir Operating System: Microsoft Windows Server 2003 R2 PHP Version:5.4.4 Block user comment: N Private report: N New Comment: Aha, so your report is that open_basedir does not restrict the binaries that you can run using the various methods of system-calls? Because that is not a bug :) open_basedir, by design, cannot limit the paths that system-calls will eventually be able to reach since it has no control over that. This was previously reported as #55761 Also, the next time you report a bug, a more descriptive title would be appreciated! Previous Comments: [2012-07-01 11:30:20] mybugs at 163 dot com I 'm sorry . I set the wrong position by Actual result and Expected result at the time of submission . It should be theActual resultis the Expected result,and the Expected result is the Actual result This problem is that it can restrict path but at the same time it also can perform the other program except the path. It is the significant security hidden danger. fix php.ini disable_functions=system [PATH=D:/Web/test.com/public] open_basedir=D:/Web/test.com/public/ [2012-07-01 09:58:28] Sjon at hortensius dot net What if you remove all '@' from your script, what are the error-messages that appear? Because with those added, all errors are hidden. [2012-07-01 06:43:48] mybugs at 163 dot com php.ini disable_functions =system [PATH= D:/Web/test.com/public] open_basedir [2012-07-01 06:42:05] mybugs at 163 dot com Description: php.ini [PATH= D:/Web/test.com/public] open_basedir=D:/Web/test.com/public/ Test script: --- ?php echo 'open_basedir:'.ini_get('open_basedir').'br /'; //D:\WEB\TEST_COM\ $cmd = 'ping qq.com'; echo execute('system',$cmd); echo execute('passthru',$cmd); echo execute('shell_exec',$cmd); echo execute('exec',$cmd); echo execute('popen',$cmd); function execute($type,$cfe) { $data = ''; if ($cfe) { if($type=='system') { @ob_start(); @system($cfe); $data = @ob_get_contents(); @ob_end_clean(); } elseif($type=='passthru') { @ob_start(); @passthru($cfe); $data = @ob_get_contents(); @ob_end_clean(); } elseif($type=='shell_exec') { $data = @shell_exec($cfe); } elseif($type=='exec') { @exec($cfe,$data); $data = join(\n,$data); } elseif($type=='popen') { $f = @popen($cfe,r); while(!@feof($f)) { $data .= @fread($f,1024); } @pclose($f); } } return $type.'--br /'.$data.'br /'.$type.'--br /br /'; } ? Expected result: open_basedir:D:\Web\test.com\public\ system-- system-- passthru-- Pinging qq.com [119.147.15.13] with 32 bytes of data: Reply from 119.147.15.13: bytes=32 time=11ms TTL=56 Reply from 119.147.15.13: bytes=32 time=11ms TTL=56 Reply from 119.147.15.13: bytes=32 time=11ms TTL=56 Reply from 119.147.15.13: bytes=32 time=11ms TTL=56 Ping statistics for 119.147.15.13: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 11ms, Maximum = 11ms, Average = 11ms passthru-- shell_exec-- Pinging qq.com [119.147.15.17] with 32 bytes of data: Reply from 119.147.15.17: bytes=32 time=9ms TTL=56 Reply from 119.147.15.17: bytes=32 time=9ms TTL=56 Reply from 119.147.15.17: bytes=32 time=9ms TTL=56 Reply from 119.147.15.17: bytes=32 time=9ms TTL=56 Ping statistics for 119.147.15.17: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 9ms, Maximum = 9ms, Average = 9ms shell_exec-- exec-- Pinging qq.com [119.147.15.17] with 32 bytes of data: Reply from 119.147.15.17: bytes=32 time=9ms TTL=56 Reply from 119.147.15.17: bytes=32 time=9ms TTL=56 Reply from 119.147.15.17: bytes=32 time=9ms TTL=56 Reply from 119.147.15.17: bytes=32 time=9ms TTL=56 Ping statistics for 119.147.15.17: Packets: Sent = 4, Received
Bug #62456 [Com]: Incorrect description of notice
Edit report at https://bugs.php.net/bug.php?id=62456edit=1 ID: 62456 Comment by: Sjon at hortensius dot net Reported by:iblacksmoke at gmail dot com Summary:Incorrect description of notice Status: Open Type: Bug Package:I18N and L10N related Operating System: debian linux PHP Version:5.4.4 Block user comment: N Private report: N New Comment: If you suspect that this is caused by encoding in your script, can't you post an example that actually contains these characters? Because your current test-script works fine here. Maybe you can post an example with eval and chr? Previous Comments: [2012-06-30 22:57:59] iblacksmoke at gmail dot com Description: Description of notice when calling missing property of standard php object contains incorrect characters (possibly from different encoding). They cause error in class of standard class ErrorException, and script returns fatal error(with no information) rather than exception. It turns out there as much as two bugs: incorrect encoding of strings and lack of data filtering in ErrorException constructor. Test script: --- one: $test = new StdClass(); echo $test-qwerty; two: set_error_handler(function($errno, $errstr, $errfile, $errline){ throw new ErrorException($errstr, 0, $errno, $errfile, $errline); }); $test = new StdClass(); echo $test-qwerty; Expected result: one: Notice: Undefined property: stdClass::$qwerty in script two: correct php exception Actual result: -- one: Notice: Undefined property: stdClass�K�::$qwerty in script two: Fatal error: in script -- Edit this bug report at https://bugs.php.net/bug.php?id=62456edit=1
Bug #62437 [Com]: Strange behavior with global variables (objects) in ob_start() output callback
Edit report at https://bugs.php.net/bug.php?id=62437edit=1 ID: 62437 Comment by: Sjon at hortensius dot net Reported by:tero dot tasanen at gmail dot com Summary:Strange behavior with global variables (objects) in ob_start() output callback Status: Open Type: Bug Package:Output Control Operating System: Linux 64bit PHP Version:5.3.14 Block user comment: N Private report: N New Comment: Contrary to what tony2001 says in #40604, this was actually working fine until it was broken in 5.2 http://3v4l.org/SUUkK The reason that http://3v4l.org/pZ2PP works might be explained to the second reference to the same object which could prevent destruction, but that would then actually be a bug too (since it indicates a memory-leak). Previous Comments: [2012-06-28 11:56:12] tero dot tasanen at gmail dot com Description: Global variables in output buffering seem to work in very strange way. don't know actually if this has anything to do with output buffering callback but see the test case attached to reproduce this. And the strangest thing is that if you uncomment the last line the script works as expected! After some searching I found two similar bug reports (#40604, #44840) and the comments indicate that this is expected behavior?! Not just that it seem really strange that all objects get destroyed before the output callback is called, but why does the use of the $test variable in the end of the script change this behavior? This really does not make any sense! Test script: --- ? function output($buffer) { global $object; return $buffer . $object-bar; } ob_start('output'); $object = new stdClass(); $object-bar = bar; echo foo ; // $test = $object; Expected result: foo bar Actual result: -- PHP Notice: Trying to get property of non-object in /home/ttasanen/test.php on line 5 PHP Stack trace: PHP 1. output() /home/ttasanen/test.php:0 foo -- Edit this bug report at https://bugs.php.net/bug.php?id=62437edit=1
Bug #62419 [Com]: RuntimeException throws fatal error if passing a previous exception to the ctor
Edit report at https://bugs.php.net/bug.php?id=62419edit=1 ID: 62419 Comment by: Sjon at hortensius dot net Reported by:bugs dot php at mohiva dot com Summary:RuntimeException throws fatal error if passing a previous exception to the ctor Status: Open Type: Bug Package:SPL related Operating System: Gentoo Linux PHP Version:5.4.4 Block user comment: N Private report: N New Comment: I cannot reproduce this, it seems to work fine? http://3v4l.org/IAF3d#v530 Previous Comments: [2012-06-26 11:26:52] bugs dot php at mohiva dot com Description: If you pass a previous exception to the constructor of the RuntimeException class, then PHP throws a fatal error without an error message. I have tested those exceptions which are derived from RuntimeException, and they all work fine. The same counts for the base Exception class. Test script: --- ?php throw new RuntimeException(Exception message, 0, new Exception()); Expected result: Fatal error: Uncaught exception 'RuntimeException' ... on line 3 Actual result: -- Fatal error: in exception.php on line 3 -- Edit this bug report at https://bugs.php.net/bug.php?id=62419edit=1
Bug #62189 [Com]: Behavior of serialize has changed
Edit report at https://bugs.php.net/bug.php?id=62189edit=1 ID: 62189 Comment by: Sjon at hortensius dot net Reported by:mg at ovos dot at Summary:Behavior of serialize has changed Status: Open Type: Bug Package:Variables related Operating System: Win64 PHP Version:5.4.3 Block user comment: N Private report: N New Comment: Maybe you misread my comment, or misinterpreted the results demonstrated. I can reproduce your described behavior perfectly using the script I posted. In the results I posted, 5.4 references only Placeholder#8 and #10, while 5.3 and earlier contains references to Placeholder#8, #10, #12 and #14; demonstrating what was fixed in 5.4 again, this behaviour is better in 5.4 and there is no bug demonstrated in that script Previous Comments: [2012-06-23 21:13:52] mg at ovos dot at Dear Sjon, You stripped it from the key lines, no wonder you cannot reproduce it. It is all about the lines that you removed. Cheers, Marcin [2012-06-23 14:25:15] Sjon at hortensius dot net Have a look at this example (based on your code): http://3v4l.org/D7HIa Before 5.4, the Placeholder instances were actually different objects. This was fixed in 5.4, therefore the properties correctly reference to the same objects. Regarding your bug, where objects are NOT properly recreated, I am afraid you will need to create an actual reproducable testcase before expecting anyone to take a look at it :) [2012-06-12 12:45:06] mg at ovos dot at Feedback - Open. [2012-06-04 14:09:11] mg at ovos dot at Please have a look at the following scenario: http://pastebin.com/QRWtX0dM Of course such double serialization makes no sense, but I found it to be present in Doctrine 1.2 library. Therefore I am wondering if the references should still work in this case like it was in PHP 5.3. [2012-05-30 17:22:12] mg at ovos dot at It seems that my issue is directly related to fixing a bug in PHP: https://bugs.php.net/bug.php?id=36424 If this is true, the test case I included does not cover entirely the issue I am having. In my case unserialize() does not bring back the referenced object, although the test case does. I had no luck in extracting my scenario into a test case as yet. I am trying to find the difference between test case and the live case, which is obviosly many times more complex. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=62189 -- Edit this bug report at https://bugs.php.net/bug.php?id=62189edit=1
Bug #62189 [Com]: Behavior of serialize has changed
Edit report at https://bugs.php.net/bug.php?id=62189edit=1 ID: 62189 Comment by: Sjon at hortensius dot net Reported by:mg at ovos dot at Summary:Behavior of serialize has changed Status: Open Type: Bug Package:Variables related Operating System: Win64 PHP Version:5.4.3 Block user comment: N Private report: N New Comment: Have a look at this example (based on your code): http://3v4l.org/D7HIa Before 5.4, the Placeholder instances were actually different objects. This was fixed in 5.4, therefore the properties correctly reference to the same objects. Regarding your bug, where objects are NOT properly recreated, I am afraid you will need to create an actual reproducable testcase before expecting anyone to take a look at it :) Previous Comments: [2012-06-12 12:45:06] mg at ovos dot at Feedback - Open. [2012-06-04 14:09:11] mg at ovos dot at Please have a look at the following scenario: http://pastebin.com/QRWtX0dM Of course such double serialization makes no sense, but I found it to be present in Doctrine 1.2 library. Therefore I am wondering if the references should still work in this case like it was in PHP 5.3. [2012-05-30 17:22:12] mg at ovos dot at It seems that my issue is directly related to fixing a bug in PHP: https://bugs.php.net/bug.php?id=36424 If this is true, the test case I included does not cover entirely the issue I am having. In my case unserialize() does not bring back the referenced object, although the test case does. I had no luck in extracting my scenario into a test case as yet. I am trying to find the difference between test case and the live case, which is obviosly many times more complex. [2012-05-30 13:26:14] mg at ovos dot at I'm attaching a DIFF with output of the testCase: http://diffchecker.com/5399UzhN Left side: PHP 5.3.8 Right side: PHP 5.4.3 [2012-05-30 13:20:48] mg at ovos dot at Hello! I managed to produce a simple testCase, please find it here: http://pastebin.com/sw1ZwvNv The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=62189 -- Edit this bug report at https://bugs.php.net/bug.php?id=62189edit=1
Bug #62333 [Nab]: Cannot statically call method to parent class
Edit report at https://bugs.php.net/bug.php?id=62333edit=1 ID: 62333 User updated by:Sjon at hortensius dot net Reported by:Sjon at hortensius dot net Summary:Cannot statically call method to parent class Status: Not a bug Type: Bug Package:Scripting Engine problem PHP Version:Irrelevant Block user comment: N Private report: N New Comment: You describe my exact problem, but why deny this is a bug? I understand this would be unfixable without breaking implementations that depend on this behaviour, but I do not understand that you deny the huge inconsistency, thus preferably fixable behaviour that PHP has here? Previous Comments: [2012-06-19 08:32:13] cataphr...@php.net Not a bug. A::foo() is not necessarily a static call. Namely, if foo() is not static and there is a compatible context ($this exists and its class is either the class of the target method or a subclass of it), an instance call will be made. In your case, because you sort of have a static and non-static foo() via magic, the non-static is preferred. You'll have to be creative, like maybe calling __callstatic directly or using a closure. [2012-06-15 11:11:53] Sjon at hortensius dot net Description: All static calls to a class-parent end up being non-static Inconsistency clearly proven: http://3v4l.org/Mkn0L http://3v4l.org/1L3Wk (same, but without __call) Test script: --- See http://3v4l.org/Mkn0L ?php class A { public function __call($name, $args) { echo Not static\n; } public static function __callStatic($name, $args) { echo Static\n; } } class B extends A { public function test() { forward_static_call(array('A', 'stuff')); call_user_func(array('A', 'stuff')); A::stuff(); } } class C { public function test() { forward_static_call(array('A', 'stuff')); call_user_func(array('A', 'stuff')); A::stuff(); } } A::test(); echo = B =\n; $b = new B(); $b-test(); echo = C =\n; $c = new C(); $c-test(); Expected result: Static = B = Not static Not static Not static = C = Static Static Static Actual result: -- Static = B = Not static Not static Not static = C = Static Static Static -- Edit this bug report at https://bugs.php.net/bug.php?id=62333edit=1
Bug #62330 [Com]: PHP confuse __callStatic with __call
Edit report at https://bugs.php.net/bug.php?id=62330edit=1 ID: 62330 Comment by: Sjon at hortensius dot net Reported by:magike dot net at gmail dot com Summary:PHP confuse __callStatic with __call Status: Open Type: Bug Package:Scripting Engine problem Operating System: Ubuntu Server 12.04 PHP Version:5.3.14 Block user comment: N Private report: N New Comment: This is actually a feature: when you use CLASSNAME:: while extending that class, it mimics parent::, but to a specific class (so you can skip one parent) You should instead use forward_static_call for this Previous Comments: [2012-06-15 02:40:29] magike dot net at gmail dot com Description: I find PHP will call __call instead of __callStatic when I'm calling a non- exists static method from the class (Class A) which is the parent of current class (Class B). And if the class (Class C) is not the child of that class (Class A), the result will be correct. Test script: --- ?php class A { public function __call($name, $args) { echo NO\n; } public static function __callStatic($name, $args) { echo YES\n; } } class B extends A { public function test() { A::test(); } } class C { public function test() { A::test(); } } A::test(); $b = new B(); $b-test(); $c = new C(); $c-text(); Expected result: YES YES YES Actual result: -- YES NO YES -- Edit this bug report at https://bugs.php.net/bug.php?id=62330edit=1
[PHP-BUG] Bug #62333 [NEW]: Cannot statically call method to parent class
From: Sjon at hortensius dot net Operating system: PHP version: Irrelevant Package: Scripting Engine problem Bug Type: Bug Bug description:Cannot statically call method to parent class Description: All static calls to a class-parent end up being non-static Inconsistency clearly proven: http://3v4l.org/Mkn0L http://3v4l.org/1L3Wk (same, but without __call) Test script: --- See http://3v4l.org/Mkn0L ?php class A { public function __call($name, $args) { echo Not static\n; } public static function __callStatic($name, $args) { echo Static\n; } } class B extends A { public function test() { forward_static_call(array('A', 'stuff')); call_user_func(array('A', 'stuff')); A::stuff(); } } class C { public function test() { forward_static_call(array('A', 'stuff')); call_user_func(array('A', 'stuff')); A::stuff(); } } A::test(); echo = B =\n; $b = new B(); $b-test(); echo = C =\n; $c = new C(); $c-test(); Expected result: Static = B = Not static Not static Not static = C = Static Static Static Actual result: -- Static = B = Not static Not static Not static = C = Static Static Static -- Edit bug report at https://bugs.php.net/bug.php?id=62333edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=62333r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=62333r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=62333r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=62333r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=62333r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=62333r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=62333r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=62333r=needscript Try newer version: https://bugs.php.net/fix.php?id=62333r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=62333r=support Expected behavior: https://bugs.php.net/fix.php?id=62333r=notwrong Not enough info: https://bugs.php.net/fix.php?id=62333r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=62333r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=62333r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=62333r=php4 Daylight Savings:https://bugs.php.net/fix.php?id=62333r=dst IIS Stability: https://bugs.php.net/fix.php?id=62333r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=62333r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=62333r=float No Zend Extensions: https://bugs.php.net/fix.php?id=62333r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=62333r=mysqlcfg
Bug #62330 [Com]: PHP confuse __callStatic with __call
Edit report at https://bugs.php.net/bug.php?id=62330edit=1 ID: 62330 Comment by: Sjon at hortensius dot net Reported by:magike dot net at gmail dot com Summary:PHP confuse __callStatic with __call Status: Open Type: Bug Package:Scripting Engine problem Operating System: Ubuntu Server 12.04 PHP Version:5.3.14 Block user comment: N Private report: N New Comment: I actually found a related bug, I filed it here: https://bugs.php.net/bug.php?id=62333 PS. there is a small typo in your script, your last call to -text() should have gone to -test() Previous Comments: [2012-06-15 10:46:13] Sjon at hortensius dot net This is actually a feature: when you use CLASSNAME:: while extending that class, it mimics parent::, but to a specific class (so you can skip one parent) You should instead use forward_static_call for this [2012-06-15 02:40:29] magike dot net at gmail dot com Description: I find PHP will call __call instead of __callStatic when I'm calling a non- exists static method from the class (Class A) which is the parent of current class (Class B). And if the class (Class C) is not the child of that class (Class A), the result will be correct. Test script: --- ?php class A { public function __call($name, $args) { echo NO\n; } public static function __callStatic($name, $args) { echo YES\n; } } class B extends A { public function test() { A::test(); } } class C { public function test() { A::test(); } } A::test(); $b = new B(); $b-test(); $c = new C(); $c-text(); Expected result: YES YES YES Actual result: -- YES NO YES -- Edit this bug report at https://bugs.php.net/bug.php?id=62330edit=1
Bug #62236 [Com]: Hardcoded path /usr/local/bin/php
Edit report at https://bugs.php.net/bug.php?id=62236edit=1 ID: 62236 Comment by: Sjon at hortensius dot net Reported by:max dot antonoff at gmail dot com Summary:Hardcoded path /usr/local/bin/php Status: Open Type: Bug Package:CGI/CLI related Operating System: Linux PHP Version:5.4.4RC2 Block user comment: N Private report: N New Comment: /usr/bin/pear is a simple script that determines which PHP binary to use. It should be easy to debug this yourself, I think an incorrect $PHP_PEAR_PHP_BIN might cause this for example Previous Comments: [2012-06-05 20:04:05] max dot antonoff at gmail dot com Description: max 23:58:24 php-src $ pear list-all exec: 28: /usr/local/bin/php: not found max 23:58:15 php-src $ php -v PHP 5.4.4-RC2 (cli) (built: Jun 5 2012 23:48:00) Copyright (c) 1997-2012 The PHP Group Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies max 23:58:29 php-src $ which php ; which pear; php -i |grep configure /home/max/local/bin/php /home/max/local/bin/pear Configure Command = './configure' '--prefix=/home/max/local' '--enable-proxy' '--disable-cgi' '--with-mysqli' '--enable-fpm' '--with-fpm-user=max' '--with- fpm-group=max' '--with-config-file-path=/home/max/local/etc/php.ini' '--with- config-file-scan-dir=/home/max/local/etc/php.d' '--enable-sigchild' '--disable- ipv6' '--with-openssl' '--with-pcre-regex' '--with-zlib' '--enable-bcmath' '-- with-bz2' '--with-curl' '--with-curlwrappers' '--enable-exif' '--enable-ftp' '-- with-gd' '--enable-gd-native-ttf' '--with-mhash' '--enable-mbstring' '--with- mcrypt' '--with-mysql' '--with-mysql-sock=/var/run/mysqld/mysqld.sock' '-- enable-pcntl' '--with-pdo-mysql' '--enable-shmop' '--enable-soap' '--enable- sockets' '--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--enable- wddx' '--with-xsl' '--enable-zip' '--enable-mysqlnd' '--with- pear=/home/max/local/PEAR' '--with-jpeg-dir' '--with-png-dir' '--enable-intl' Test script: --- max 23:58:24 php-src $ pear list-all Expected result: list of packages Actual result: -- exec: 28: /usr/local/bin/php: not found -- Edit this bug report at https://bugs.php.net/bug.php?id=62236edit=1
Bug #62264 [Com]: array_walk not changeing keys
Edit report at https://bugs.php.net/bug.php?id=62264edit=1 ID: 62264 Comment by: Sjon at hortensius dot net Reported by:marti dot markov at gmail dot com Summary:array_walk not changeing keys Status: Open Type: Bug Package:Arrays related Operating System: Mac OS X PHP Version:master-Git-2012-06-08 (Git) Block user comment: N Private report: N New Comment: The manual says Only the values of the array may potentially be changed; If the callback does not respect this requirement, the behavior of this function is undefined, and unpredictable. I think this could be a feature request, but not really a bug? Also, your test-script is incomplete; but PHP's behavious is pretty consistent regarding this functionality: http://3v4l.org/1dn4f Previous Comments: [2012-06-08 09:32:25] marti dot markov at gmail dot com Description: I have found this problem with 5.3.10 and got the latest GIT head revision and the problem was still there. When I try and change the value of the key it will not update it in the array, even though that I use the key as a reference. Test script: --- $array = ( 'a' = 'Hello', 'b' = 'World'); array_walk($array, 'adda'); function adda($value, $key) { $key = a.$key; } Expected result: $array = ( 'aa' = 'Hello', 'ab' = 'World'); Actual result: -- $array = ( 'a' = 'Hello', 'b' = 'World'); -- Edit this bug report at https://bugs.php.net/bug.php?id=62264edit=1
Bug #62253 [Com]: Number check bug
Edit report at https://bugs.php.net/bug.php?id=62253edit=1 ID: 62253 Comment by: Sjon at hortensius dot net Reported by:rophp at live dot it Summary:Number check bug Status: Open Type: Bug Package:*Math Functions Operating System: All PHP Version:Irrilevante Block user comment: N Private report: N New Comment: You should have a look at bug number #43304 Previous Comments: [2012-06-07 17:57:56] rophp at live dot it Description: Hello, when i go to check if the 2 vars are equals with this return 'equal' also if the end number is different. There is a limit? Test script: --- $record['xod']=727202440420867488; $cookiecodiceconnessione=727202440420867484; if ($record['xod']==$cookiecodiceconnessione) { echo 'equal'; }else{ echo 'not equal'; } Expected result: not equal Actual result: -- equal -- Edit this bug report at https://bugs.php.net/bug.php?id=62253edit=1
Bug #62181 [Com]: wddx_serialize_value() returns wrong string
Edit report at https://bugs.php.net/bug.php?id=62181edit=1 ID: 62181 Comment by: sjon at hortensius dot net Reported by:clemens at gutweiler dot net Summary:wddx_serialize_value() returns wrong string Status: Open Type: Bug Package:WDDX related Operating System: Linux PHP Version:5.4.3 Block user comment: N Private report: N New Comment: I cannot reproduce this bug using a vanilla 5.4.3 version, could you check if disabling your extensions fixes this? http://3v4l.org/nH7LO Previous Comments: [2012-05-29 11:05:34] clemens at gutweiler dot net Description: wddx_serialize_value() returns wrong string, associative key elements are wrong interpreted in the output the resulting string could not be interpreted by wddx_deserialize() Test script: --- var_dump(wddx_serialize_value(array(foo=1))); PHP 5.3.8 string(118) wddxPacket version='1.0'header/datastructvar name='foo'number1/number/var/struct/data/wddxPacket PHP 5.4.3 string(117) wddxPacket version='1.0'header/datastructvar name='foo'number1/number/var/array/data/wddxPacket var_dump(wddx_serialize_value(array(foo=1,bar=barstr))); PHP 5.3.8 string(163) wddxPacket version='1.0'header/datastructvar name='foo'number1/number/varvar name='bar'stringbarstr/string/var/struct/data/wddxPacket PHP 5.4.3 string(140) wddxPacket version='1.0'header/datastructvar name='foo'number1/number/varstringbarstr/string/array/data/wddxPacket -- Edit this bug report at https://bugs.php.net/bug.php?id=62181edit=1
Req #61972 [Com]: addchild treats text as a tag
Edit report at https://bugs.php.net/bug.php?id=61972edit=1 ID: 61972 Comment by: sjon at hortensius dot net Reported by:crashyn at op dot pl Summary:addchild treats text as a tag Status: Open Type: Feature/Change Request Package:SimpleXML related Operating System: Windows XP PHP Version:5.4.2 Block user comment: N Private report: N New Comment: Shouldn't the values passed to xmlNewChild in addChild go through BAD_CAST like all other Xml related methods do? Previous Comments: [2012-05-20 21:54:40] crashyn at op dot pl ?php $xml_header = ?xml version='1.0' encoding='utf-8'?xml/; $xml = new SimpleXMLElement($xml_header); $xml-addChild(first_string,this is lt;mystringgt;); $xml-addChild(second_string,this is lt; mystringgt;); $xml-asXML(test.xml); echo pre . $xml-first_string . br /; // 'this is ' echo $xml-second_string . /pre;// 'this is mystring' ? [2012-05-16 20:55:00] riptide dot tempora at opinehub dot com Can you provide a test script and its actual vs. expected output to show exactly what you mean? [2012-05-07 21:09:58] crashyn at op dot pl Description: --- From manual page: http://www.php.net/simplexmlelement.addchild --- addChild treats lt;my_stringgt; as a tag nd removes it completely -- Edit this bug report at https://bugs.php.net/bug.php?id=61972edit=1
[PHP-BUG] Bug #62135 [NEW]: Closure-bindTo plus $this reassign = corruption
From: Sjon at hortensius dot net Operating system: ArchLinux PHP version: 5.4.3 Package: Scripting Engine problem Bug Type: Bug Bug description:Closure-bindTo plus $this reassign = corruption Description: I just found the bindTo method on a Closure, a started to play with it. I found out I can get some serieusly strange behaviour by re-assigning $this. Somehow I end up with one variable pointing to different objects? Test script: --- From: http://3v4l.org/bp598#v540 ?php class A { public $a = 'public'; } $m = function (){ $x = $this; $x = new stdClass; var_dump($this, $this-a); }; $a = new A; $m = $m-bindTo($a); $m(); Expected result: * Cannot re-assign $this OR * 'stdClass' + Notice OR * 'A' + 'public Actual result: -- object(stdClass)#1 (0) { } string(6) public -- Edit bug report at https://bugs.php.net/bug.php?id=62135edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=62135r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=62135r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=62135r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=62135r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=62135r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=62135r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=62135r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=62135r=needscript Try newer version: https://bugs.php.net/fix.php?id=62135r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=62135r=support Expected behavior: https://bugs.php.net/fix.php?id=62135r=notwrong Not enough info: https://bugs.php.net/fix.php?id=62135r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=62135r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=62135r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=62135r=php4 Daylight Savings:https://bugs.php.net/fix.php?id=62135r=dst IIS Stability: https://bugs.php.net/fix.php?id=62135r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=62135r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=62135r=float No Zend Extensions: https://bugs.php.net/fix.php?id=62135r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=62135r=mysqlcfg
Bug #62135 [Nab]: Closure-bindTo plus $this reassign = corruption
Edit report at https://bugs.php.net/bug.php?id=62135edit=1 ID: 62135 User updated by:Sjon at hortensius dot net Reported by:Sjon at hortensius dot net Summary:Closure-bindTo plus $this reassign = corruption Status: Not a bug Type: Bug Package:Scripting Engine problem Operating System: ArchLinux PHP Version:5.4.3 Block user comment: N Private report: N New Comment: Ah, too bad; I should have tested that. Thanks for your explanation! Previous Comments: [2012-05-24 10:02:50] johan...@php.net Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://www.php.net/manual/ and the instructions on how to report a bug at http://bugs.php.net/how-to-report.php With the can not reassign $this message we try to prevent mistakes. For performance and architecture reasons we can't prevent all ways one can shoot in one own's foot though. your behavior also isn't closure related: class A { public$a = public; function __construct() { $x = $this; $x = new stdClass; var_dump($this, $this-a); } } new A(); will show the same result. The difference between $this and $this-a comes from the fact that $this is some magic variable. [2012-05-24 09:25:58] Sjon at hortensius dot net Description: I just found the bindTo method on a Closure, a started to play with it. I found out I can get some serieusly strange behaviour by re-assigning $this. Somehow I end up with one variable pointing to different objects? Test script: --- From: http://3v4l.org/bp598#v540 ?php class A { public $a = 'public'; } $m = function (){ $x = $this; $x = new stdClass; var_dump($this, $this-a); }; $a = new A; $m = $m-bindTo($a); $m(); Expected result: * Cannot re-assign $this OR * 'stdClass' + Notice OR * 'A' + 'public Actual result: -- object(stdClass)#1 (0) { } string(6) public -- Edit this bug report at https://bugs.php.net/bug.php?id=62135edit=1
[PHP-BUG] Bug #61542 [NEW]: xml_parse with invalid attribute returns 1; while xmlwf throws an error
From: Operating system: Archlinux PHP version: 5.3.10 Package: XML related Bug Type: Bug Bug description:xml_parse with invalid attribute returns 1; while xmlwf throws an error Description: Html with an invalid attribute should make xml_parse return 0, instead of 1 For as far as I can see, xml_* is based on expat. Expat supplies xmlwf, so I confirmed checked what xmlwf would return for the xml. I found that xmlwf behaves correctly. -- [sjon@sjon-desktop ~]$ xmlwf ?xml version=1.0 encoding=UTF-8 ? img src=http://i.mg/; title=a\b / STDIN:2:34: not well-formed (invalid token) Test script: --- $p = xml_parser_create('UTF-8'); $html = 'img src=http://i.mg/; title=a\b /'; var_dump(xml_parse($p, $html)); Expected result: 0 Actual result: -- 1 -- Edit bug report at https://bugs.php.net/bug.php?id=61542edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=61542r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=61542r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=61542r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=61542r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=61542r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=61542r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=61542r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=61542r=needscript Try newer version: https://bugs.php.net/fix.php?id=61542r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=61542r=support Expected behavior: https://bugs.php.net/fix.php?id=61542r=notwrong Not enough info: https://bugs.php.net/fix.php?id=61542r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=61542r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=61542r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=61542r=php4 Daylight Savings:https://bugs.php.net/fix.php?id=61542r=dst IIS Stability: https://bugs.php.net/fix.php?id=61542r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=61542r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=61542r=float No Zend Extensions: https://bugs.php.net/fix.php?id=61542r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=61542r=mysqlcfg
Bug #60701 [Com]: __toString() which stores $this reference triggers segfault (with fix!)
Edit report at https://bugs.php.net/bug.php?id=60701edit=1 ID: 60701 Comment by: sjon at hortensius dot net Reported by:daan at react dot com Summary:__toString() which stores $this reference triggers segfault (with fix!) Status: Assigned Type: Bug Package:Reproducible crash Operating System: CentOS PHP Version:5.3.8 Assigned To:dmitry Block user comment: N Private report: N New Comment: @andrew at localcoast dot net Did you try to remove all __toString methods from your application? If that didn't fix it you are experiencing another bug and will probably need to generate a small reproducing script yourself @pada at hrz dot tu-chemnitz dot de your problem has nothing to do with this bug, You are simply demonstrating a recursive loop. Previous Comments: [2012-02-13 18:00:01] pada at hrz dot tu-chemnitz dot de This patch does not work for me. I'm still experiencing SegFaults with the following code on CentOS 6.0 with php 5.3.3 and https://bugs.php.net/patch-display.php?bug_id=60701patch=bug60701.patchrevision=1327066212 applied. Test-Script: ?php class C{function f(){$this-o=new O();return$this-o;}function __destruct(){}}class O{function __toString(){$this-$this;}}$c=new C();$o=$c-f();trim($o); ? With the patch applied, I'm still getting SegFaults in /var/log/httpd/error_log, but no coredumps any more. This is very strange, since coredumping is correctly configured and with other reproducer scripts from other bugs I'm getting coredumps. [2012-02-11 00:49:07] andrew at localcoast dot net I can produce a similar issue on PHP 5.3.10 on Ubuntu 10.04 LTS x86_64 with the patch applied. However, the initial test script provided in the first comment runs without trouble. Here's the backtrace for the issue I am having: http://paste2.org/p/1900387 #0 0x7f71fa9b8d11 in gc_zval_possible_root (zv=0x7f7201483740) at /home/andrew/.Applications/build/php-5.3.10-patched/Zend/zend_gc.c:143 #1 0x7f71fa9a777b in zend_hash_destroy (ht=0x7f7201496908) at /home/andrew/.Applications/build/php-5.3.10-patched/Zend/zend_hash.c:529 p = 0x7f7201497c58 #2 0x7f71fa9ba379 in zend_object_std_dtor (object=0x7f7201497428) at /home/andrew/.Applications/build/php-5.3.10-patched/Zend/zend_objects.c:45 #3 0x7f71fa9ba399 in zend_objects_free_object_storage (object=0x7f7201483740) at /home/andrew/.Applications/build/php-5.3.10-patched/Zend/zend_objects.c:126 #4 0x7f71fa9bdba8 in zend_objects_store_free_object_storage (objects=0x7f71fb162a18) at /home/andrew/.Applications/build/php-5.3.10-patched/Zend/zend_objects_API.c:92 i = 626 #5 0x7f71fa98ebfb in shutdown_executor () at /home/andrew/.Applications/build/php-5.3.10-patched/Zend/zend_execute_API.c:304 __bailout = {{__jmpbuf = {140127520564832, -3282099667358606386, 140127614418320, 0, -4294967295, 140127589456664, -3211606770996110386, -3282099660654535730}, __mask_was_saved = 0, __saved_mask = {__val = {140127612053568, 96, 140127512287676, 140127629890216, 140127638595144, 88, 140127512287676, 592, 140127512287676, 140127520566336, 140127520563352, 140127520564648, 0, 18446744069414584321, 140127512403989, 140127520566336 #6 0x7f71fa99b612 in zend_deactivate () at /home/andrew/.Applications/build/php-5.3.10-patched/Zend/zend.c:891 #7 0x7f71fa947ad5 in php_request_shutdown (dummy=value optimized out) at /home/andrew/.Applications/build/php-5.3.10-patched/main/main.c:1661 report_memleaks = 1 '\001' #8 0x7f71faa24a97 in php_apache_request_dtor (r=value optimized out) at /home/andrew/.Applications/build/php-5.3.10-patched/sapi/apache2handler/sapi_apache2.c:509 #9 php_handler (r=value optimized out) at /home/andrew/.Applications/build/php-5.3.10-patched/sapi/apache2handler/sapi_apache2.c:681 ctx = 0x7f7200ae5840 conf = 0x7f7200689c98 brigade = 0x7f7200ae6658 bucket = value optimized out rv = value optimized out parent_req = 0x0 #10 0x7f71ff0e3280 in ap_run_handler (r=0x7f7200ae3d90) at /build/buildd/apache2-2.2.14/server/config.c:159 n = 6 rv = -2039876096 #11 0x7f71ff0e6be8 in ap_invoke_handler (r=0x7f7200ae3d90) at /build/buildd/apache2-2.2.14/server/config.c:373 handler = 0x7f7200ad61d8 Xa\255 result = 11362776 old_handler = 0x7f7200792ec8 application/x-httpd-php ignore = value optimized out #12 0x7f71ff0f45fc in ap_internal_redirect (new_uri=value optimized out, r=value optimized out) at /build/buildd/apache2-2.2.14/modules/http/http_request.c:501 new = 0x7f7200ae3d90 access_status = -2039876096 #13 0x7f71f664dc95 in ?? () from /usr/lib/apache2
Bug #60457 [Com]: gc_zval_possible_root SIGSEGV
Edit report at https://bugs.php.net/bug.php?id=60457edit=1 ID: 60457 Comment by: sjon at hortensius dot net Reported by:Sjon at hortensius dot net Summary:gc_zval_possible_root SIGSEGV Status: Open Type: Bug Package:Scripting Engine problem Operating System: Linux PHP Version:5.3.8 Block user comment: N Private report: N New Comment: This bug has been solved in a more specific bug which includes a patch: https://bugs.php.net/bug.php?id=60701 Previous Comments: [2012-01-04 08:26:51] Sjon at hortensius dot net For anyone interested, this bug is not related to a single class, but we have worked around, and seen this bug occur again, in many different places. I have also been reproducing this in 5.3.6 / 5.3.5 / 5.3.4 and 5.3.3 [2012-01-04 07:31:07] no at snaxor dot com I may be bumping into this one as well, Similarly, I cannot provide a script to reproduce it since it happens in a project with many classes, but I'll see if I can narrow it down and create one. It is very inconsistent. It will die one the same page but with different data it will be fine. What seems to be sparking it in my case is Smarty, with lots of sub-template files. The content is rendered correctly, but during Smarty's cleanup is when it dies. It is trigger-able via php command line or apache module. gc_disable() doesn't unfortunately have any effect. PHP Version: 5.3.8 on OSX. Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0x003dca9fd2f1 0x000100359618 in gc_zval_possible_root () (gdb) bt #0 0x000100359618 in gc_zval_possible_root () #1 0x00010034a765 in zend_hash_destroy () #2 0x00010035c86c in zend_object_std_dtor () #3 0x00010035c4f8 in zend_objects_free_object_storage () #4 0x00010035faae in zend_objects_store_del_ref_by_handle_ex () #5 0x00010035fb64 in zend_objects_store_del_ref () #6 0x000100334e2d in _zval_ptr_dtor () #7 0x00010034a765 in zend_hash_destroy () #8 0x00010033f1b0 in _zval_dtor_func () #9 0x000100334e2d in _zval_ptr_dtor () #10 0x00010034a765 in zend_hash_destroy () #11 0x00010035c86c in zend_object_std_dtor () #12 0x00010035c4f8 in zend_objects_free_object_storage () #13 0x00010035f6eb in zend_objects_store_free_object_storage () #14 0x000100337750 in shutdown_executor () #15 0x00010033feae in zend_deactivate () #16 0x0001002f08b1 in php_request_shutdown () #17 0x0001003ba366 in main () #18 0x000110ec in start () [2011-12-12 15:58:33] Sjon at hortensius dot net I am afraid not, gc_disable() doesn't solve this segfault unfortunately [2011-12-11 19:41:22] arekm at maven dot pl Isn't this something similar to last comments of #40479 (there is reproduction script there). [2011-12-07 14:05:33] Sjon at hortensius dot net Description: Our application segfaults after completely finishing the request. Unfortunately I cannot provide a script to reproduce this as it occurs in an application consisting of many classes. I have been poking at this with gdb for a while, but can't find the cause for this problem. How can I supply you with the information you need to resolve this? We can 'fix' the problem by die()-ing in the __destruct of the class that seems to cause this Actual result: -- #0 0x005bf0e9 in gc_zval_possible_root (zv=0x1985580) at /usr/src/debug/php-5.3.8/Zend/zend_gc.c:143 #1 0x005aeb28 in zend_hash_destroy (ht=0x1363998) at /usr/src/debug/php-5.3.8/Zend/zend_hash.c:529 #2 0x005c0609 in zend_object_std_dtor (object=0x1363970) at /usr/src/debug/php-5.3.8/Zend/zend_objects.c:45 #3 0x005c0629 in zend_objects_free_object_storage (object=0x1985580) at /usr/src/debug/php-5.3.8/Zend/zend_objects.c:126 #4 0x005c46d6 in zend_objects_store_free_object_storage (objects=0x91bef8) at /usr/src/debug/php-5.3.8/Zend/zend_objects_API.c:92 #5 0x00595757 in shutdown_executor () at /usr/src/debug/php- 5.3.8/Zend/zend_execute_API.c:304 #6 0x005a1fc2 in zend_deactivate () at /usr/src/debug/php- 5.3.8/Zend/zend.c:891 #7 0x0054f2ce in php_request_shutdown (dummy=value optimized out) at /usr/src/debug/php-5.3.8/main/main.c:1640 #8 0x0062b10f in main (argc=3, argv=0x7fffea88) at /usr/src/debug/php-5.3.8/sapi/cli/php_cli.c:1363 (gdb) frame 2 #2 0x005c0609 in zend_object_std_dtor (object=0x1363970) at /usr/src/debug/php-5.3.8/Zend/zend_objects.c:45 45
Bug #60701 [Com]: __toString() which stores $this reference triggers segfault
Edit report at https://bugs.php.net/bug.php?id=60701edit=1 ID: 60701 Comment by: sjon at hortensius dot net Reported by:daan at react dot com Summary:__toString() which stores $this reference triggers segfault Status: Open Type: Bug Package:Class/Object related Operating System: CentOS PHP Version:5.3.8 Block user comment: N Private report: N New Comment: This bug is not reproducible when php is compiled with enable-debug. It is however reproducible in other PHP versions, such as 5.3.7/5.3.6/5.3.5 Previous Comments: [2012-01-10 16:43:17] daan at react dot com Description: A simple object construction where a __toString() stores $this, will trigger a segfault during garbage collection at the end of the request. Probably related bug: https://bugs.php.net/bug.php?id=60598 Is a distilled version of this bug: https://bugs.php.net/bug.php?id=60457 Test script: --- ?php class Container { public function getObject() { $this-object = new StringableObject(); return $this-object; } // This destructor is required to exist to trigger the segfault public function __destruct() { } } class StringableObject { public function __toString() { $this-test = $this; return ''; } } $container = new Container(); $object = $container-getObject(); // Any kind of function which triggers a 'to string' object conversion // Casting $object with (string) will circumvent the problem echo trim($object); // Another call is required to corrupt heap echo trim('test'); Expected result: test Actual result: -- Segfault gdb backtrace (with commandline PHP with build tag ZEND_DEBUG_OBJECTS) [Thread debugging using libthread_db enabled] Allocated object id #1 Allocated object id #2 Increased refcount of object id #2 Decreased refcount of object id #2 testIncreased refcount of object id #1 Decreased refcount of object id #1 Deallocated object id #1 Program received signal SIGSEGV, Segmentation fault. 0x006d4c69 in gc_zval_possible_root (zv=0x1023e40) at /home/sjon/php- debug/php-5.3.8/Zend/zend_gc.c:143 143GC_ZOBJ_CHECK_POSSIBLE_ROOT(zv); (gdb) bt #0 0x006d4c69 in gc_zval_possible_root (zv=0x1023e40) at /home/sjon/php-debug/php-5.3.8/Zend/zend_gc.c:143 #1 0x006c4ad8 in zend_hash_destroy (ht=0x10266d0) at /home/sjon/php- debug/php-5.3.8/Zend/zend_hash.c:529 #2 0x006d6009 in zend_object_std_dtor (object=0x1023dc8) at /home/sjon/php-debug/php-5.3.8/Zend/zend_objects.c:45 #3 0x006d6029 in zend_objects_free_object_storage (object=0x1023dc8) at /home/sjon/php-debug/php-5.3.8/Zend/zend_objects.c:126 #4 0x006da037 in zend_objects_store_del_ref_by_handle_ex (handle=2, handlers=optimized out) at /home/sjon/php-debug/php- 5.3.8/Zend/zend_objects_API.c:220 #5 0x006da053 in zend_objects_store_del_ref (zobject=0x1022350) at /home/sjon/php-debug/php-5.3.8/Zend/zend_objects_API.c:172 #6 0x006a9571 in _zval_dtor (zvalue=0x1022350) at /home/sjon/php- debug/php-5.3.8/Zend/zend_variables.h:35 #7 _zval_ptr_dtor (zval_ptr=optimized out) at /home/sjon/php-debug/php- 5.3.8/Zend/zend_execute_API.c:447 #8 0x006c3645 in zend_hash_apply_deleter (ht=0xe33188, p=0x1026728) at /home/sjon/php-debug/php-5.3.8/Zend/zend_hash.c:612 #9 0x006c4f81 in zend_hash_reverse_apply (ht=0xe33188, apply_func=0x6a9430 zval_call_destructor) at /home/sjon/php-debug/php- 5.3.8/Zend/zend_hash.c:762 #10 0x006a9921 in shutdown_destructors () at /home/sjon/php-debug/php- 5.3.8/Zend/zend_execute_API.c:226 #11 0x006b7747 in zend_call_destructors () at /home/sjon/php-debug/php- 5.3.8/Zend/zend.c:875 #12 0x006651fd in php_request_shutdown (dummy=optimized out) at /home/sjon/php-debug/php-5.3.8/main/main.c:1594 #13 0x0042d105 in main (argc=2, argv=0x7fffebb8) at /home/sjon/php- debug/php-5.3.8/sapi/cli/php_cli.c:1363 (gdb) frame 2 #2 0x006d6009 in zend_object_std_dtor (object=0x1023dc8) at /home/sjon/php-debug/php-5.3.8/Zend/zend_objects.c:45 45zend_hash_destroy(object-properties); (gdb) print object-ce-name $1 = 0x1025af0 StringableObject (gdb) frame 1 #1 0x006c4ad8 in zend_hash_destroy (ht=0x10266d0) at /home/sjon/php- debug/php-5.3.8/Zend/zend_hash.c:529 529ht-pDestructor(q-pData); (gdb) print_ht ht [0x010266d0] { test\0 = [0x01023e40] (refcount=-1) object Program received signal SIGSEGV, Segmentation fault. 0x006da0a4 in zend_object_store_get_object (zobject=0x1023e40) at /home/sjon/php-debug/php-5.3.8/Zend/zend_objects_API.c:272 272return EG(objects_store).object_buckets[handle
Bug #60457 [Opn]: gc_zval_possible_root SIGSEGV
Edit report at https://bugs.php.net/bug.php?id=60457edit=1 ID: 60457 User updated by:Sjon at hortensius dot net Reported by:Sjon at hortensius dot net Summary:gc_zval_possible_root SIGSEGV Status: Open Type: Bug Package:Scripting Engine problem Operating System: Linux PHP Version:5.3.8 Block user comment: N Private report: N New Comment: For anyone interested, this bug is not related to a single class, but we have worked around, and seen this bug occur again, in many different places. I have also been reproducing this in 5.3.6 / 5.3.5 / 5.3.4 and 5.3.3 Previous Comments: [2012-01-04 07:31:07] no at snaxor dot com I may be bumping into this one as well, Similarly, I cannot provide a script to reproduce it since it happens in a project with many classes, but I'll see if I can narrow it down and create one. It is very inconsistent. It will die one the same page but with different data it will be fine. What seems to be sparking it in my case is Smarty, with lots of sub-template files. The content is rendered correctly, but during Smarty's cleanup is when it dies. It is trigger-able via php command line or apache module. gc_disable() doesn't unfortunately have any effect. PHP Version: 5.3.8 on OSX. Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0x003dca9fd2f1 0x000100359618 in gc_zval_possible_root () (gdb) bt #0 0x000100359618 in gc_zval_possible_root () #1 0x00010034a765 in zend_hash_destroy () #2 0x00010035c86c in zend_object_std_dtor () #3 0x00010035c4f8 in zend_objects_free_object_storage () #4 0x00010035faae in zend_objects_store_del_ref_by_handle_ex () #5 0x00010035fb64 in zend_objects_store_del_ref () #6 0x000100334e2d in _zval_ptr_dtor () #7 0x00010034a765 in zend_hash_destroy () #8 0x00010033f1b0 in _zval_dtor_func () #9 0x000100334e2d in _zval_ptr_dtor () #10 0x00010034a765 in zend_hash_destroy () #11 0x00010035c86c in zend_object_std_dtor () #12 0x00010035c4f8 in zend_objects_free_object_storage () #13 0x00010035f6eb in zend_objects_store_free_object_storage () #14 0x000100337750 in shutdown_executor () #15 0x00010033feae in zend_deactivate () #16 0x0001002f08b1 in php_request_shutdown () #17 0x0001003ba366 in main () #18 0x000110ec in start () [2011-12-12 15:58:33] Sjon at hortensius dot net I am afraid not, gc_disable() doesn't solve this segfault unfortunately [2011-12-11 19:41:22] arekm at maven dot pl Isn't this something similar to last comments of #40479 (there is reproduction script there). [2011-12-07 14:05:33] Sjon at hortensius dot net Description: Our application segfaults after completely finishing the request. Unfortunately I cannot provide a script to reproduce this as it occurs in an application consisting of many classes. I have been poking at this with gdb for a while, but can't find the cause for this problem. How can I supply you with the information you need to resolve this? We can 'fix' the problem by die()-ing in the __destruct of the class that seems to cause this Actual result: -- #0 0x005bf0e9 in gc_zval_possible_root (zv=0x1985580) at /usr/src/debug/php-5.3.8/Zend/zend_gc.c:143 #1 0x005aeb28 in zend_hash_destroy (ht=0x1363998) at /usr/src/debug/php-5.3.8/Zend/zend_hash.c:529 #2 0x005c0609 in zend_object_std_dtor (object=0x1363970) at /usr/src/debug/php-5.3.8/Zend/zend_objects.c:45 #3 0x005c0629 in zend_objects_free_object_storage (object=0x1985580) at /usr/src/debug/php-5.3.8/Zend/zend_objects.c:126 #4 0x005c46d6 in zend_objects_store_free_object_storage (objects=0x91bef8) at /usr/src/debug/php-5.3.8/Zend/zend_objects_API.c:92 #5 0x00595757 in shutdown_executor () at /usr/src/debug/php- 5.3.8/Zend/zend_execute_API.c:304 #6 0x005a1fc2 in zend_deactivate () at /usr/src/debug/php- 5.3.8/Zend/zend.c:891 #7 0x0054f2ce in php_request_shutdown (dummy=value optimized out) at /usr/src/debug/php-5.3.8/main/main.c:1640 #8 0x0062b10f in main (argc=3, argv=0x7fffea88) at /usr/src/debug/php-5.3.8/sapi/cli/php_cli.c:1363 (gdb) frame 2 #2 0x005c0609 in zend_object_std_dtor (object=0x1363970) at /usr/src/debug/php-5.3.8/Zend/zend_objects.c:45 45 zend_hash_destroy(object-properties); (gdb) print *object-ce $1 = {type = 2 '\002', name = 0xcdce30 React_Introspection_Controller, name_length = 30, parent = 0xcb3e78, refcount = 1, constants_updated = 1 '\001
Bug #60457 [Opn]: gc_zval_possible_root SIGSEGV
Edit report at https://bugs.php.net/bug.php?id=60457edit=1 ID: 60457 User updated by:Sjon at hortensius dot net Reported by:Sjon at hortensius dot net Summary:gc_zval_possible_root SIGSEGV Status: Open Type: Bug Package:Scripting Engine problem Operating System: Linux PHP Version:5.3.8 Block user comment: N Private report: N New Comment: I am afraid not, gc_disable() doesn't solve this segfault unfortunately Previous Comments: [2011-12-11 19:41:22] arekm at maven dot pl Isn't this something similar to last comments of #40479 (there is reproduction script there). [2011-12-07 14:05:33] Sjon at hortensius dot net Description: Our application segfaults after completely finishing the request. Unfortunately I cannot provide a script to reproduce this as it occurs in an application consisting of many classes. I have been poking at this with gdb for a while, but can't find the cause for this problem. How can I supply you with the information you need to resolve this? We can 'fix' the problem by die()-ing in the __destruct of the class that seems to cause this Actual result: -- #0 0x005bf0e9 in gc_zval_possible_root (zv=0x1985580) at /usr/src/debug/php-5.3.8/Zend/zend_gc.c:143 #1 0x005aeb28 in zend_hash_destroy (ht=0x1363998) at /usr/src/debug/php-5.3.8/Zend/zend_hash.c:529 #2 0x005c0609 in zend_object_std_dtor (object=0x1363970) at /usr/src/debug/php-5.3.8/Zend/zend_objects.c:45 #3 0x005c0629 in zend_objects_free_object_storage (object=0x1985580) at /usr/src/debug/php-5.3.8/Zend/zend_objects.c:126 #4 0x005c46d6 in zend_objects_store_free_object_storage (objects=0x91bef8) at /usr/src/debug/php-5.3.8/Zend/zend_objects_API.c:92 #5 0x00595757 in shutdown_executor () at /usr/src/debug/php- 5.3.8/Zend/zend_execute_API.c:304 #6 0x005a1fc2 in zend_deactivate () at /usr/src/debug/php- 5.3.8/Zend/zend.c:891 #7 0x0054f2ce in php_request_shutdown (dummy=value optimized out) at /usr/src/debug/php-5.3.8/main/main.c:1640 #8 0x0062b10f in main (argc=3, argv=0x7fffea88) at /usr/src/debug/php-5.3.8/sapi/cli/php_cli.c:1363 (gdb) frame 2 #2 0x005c0609 in zend_object_std_dtor (object=0x1363970) at /usr/src/debug/php-5.3.8/Zend/zend_objects.c:45 45 zend_hash_destroy(object-properties); (gdb) print *object-ce $1 = {type = 2 '\002', name = 0xcdce30 React_Introspection_Controller, name_length = 30, parent = 0xcb3e78, refcount = 1, constants_updated = 1 '\001', ce_flags = 0, function_table = {nTableSize = 32, nTableMask = 31, nNumOfElements = 27, nNextFreeElement = 0, pInternalPointer = 0xcde7b0, pListHead = 0xcde7b0, pListTail = 0xce9d10, arBuckets = 0xce8fa8, pDestructor = 0x599450 zend_function_dtor, persistent = 0 '\000', nApplyCount = 0 '\000', bApplyProtection = 0 '\000'}, default_properties = {nTableSize = 8, nTableMask = 7, nNumOfElements = 5, nNextFreeElement = 0, pInternalPointer = 0xce74c8, pListHead = 0xce74c8, pListTail = 0xce7660, arBuckets = 0xcdcf50, pDestructor = 0x595420 _zval_ptr_dtor, persistent = 0 '\000', nApplyCount = 0 '\000', bApplyProtection = 0 '\000'}, properties_info = { nTableSize = 8, nTableMask = 7, nNumOfElements = 5, nNextFreeElement = 0, pInternalPointer = 0xce76c8, pListHead = 0xce76c8, pListTail = 0xce7850, arBuckets = 0xcde670, pDestructor = 0x586190 zend_destroy_property_info, persistent = 0 '\000', nApplyCount = 0 '\000', bApplyProtection = 0 '\000'}, default_static_members = {nTableSize = 8, nTableMask = 7, nNumOfElements = 0, nNextFreeElement = 0, pInternalPointer = 0x0, pListHead = 0x0, pListTail = 0x0, arBuckets = 0xcde6c0, pDestructor = 0x595420 _zval_ptr_dtor, persistent = 0 '\000', nApplyCount = 0 '\000', bApplyProtection = 0 '\000'}, static_members = 0x0, constants_table = {nTableSize = 8, nTableMask = 7, nNumOfElements = 0, nNextFreeElement = 0, pInternalPointer = 0x0, pListHead = 0x0, pListTail = 0x0, arBuckets = 0xcde710, pDestructor = 0x595420 _zval_ptr_dtor, persistent = 0 '\000', nApplyCount = 0 '\000', bApplyProtection = 0 '\000'}, builtin_functions = 0x0, constructor = 0xca2160, destructor = 0x0, clone = 0x0, __get = 0x0, __set = 0x0, __unset = 0x0, __isset = 0x0, __call = 0x0, __callstatic = 0x0, __tostring = 0x0, serialize_func = 0x0, unserialize_func = 0x0, iterator_funcs = {funcs = 0x0, zf_new_iterator = 0x0, zf_valid = 0x0, zf_current = 0x0, zf_key = 0x0, zf_next = 0x0, zf_rewind = 0x0}, create_object = 0, get_iterator = 0, interface_gets_implemented = 0, get_static_method = 0, serialize = 0, unserialize = 0, interfaces = 0xcde368, num_interfaces = 1, filename = 0xcde018 [...]/Introspection
[PHP-BUG] Bug #60457 [NEW]: gc_zval_possible_root SIGSEGV
From: Operating system: Linux PHP version: 5.3.8 Package: Scripting Engine problem Bug Type: Bug Bug description:gc_zval_possible_root SIGSEGV Description: Our application segfaults after completely finishing the request. Unfortunately I cannot provide a script to reproduce this as it occurs in an application consisting of many classes. I have been poking at this with gdb for a while, but can't find the cause for this problem. How can I supply you with the information you need to resolve this? We can 'fix' the problem by die()-ing in the __destruct of the class that seems to cause this Actual result: -- #0 0x005bf0e9 in gc_zval_possible_root (zv=0x1985580) at /usr/src/debug/php-5.3.8/Zend/zend_gc.c:143 #1 0x005aeb28 in zend_hash_destroy (ht=0x1363998) at /usr/src/debug/php-5.3.8/Zend/zend_hash.c:529 #2 0x005c0609 in zend_object_std_dtor (object=0x1363970) at /usr/src/debug/php-5.3.8/Zend/zend_objects.c:45 #3 0x005c0629 in zend_objects_free_object_storage (object=0x1985580) at /usr/src/debug/php-5.3.8/Zend/zend_objects.c:126 #4 0x005c46d6 in zend_objects_store_free_object_storage (objects=0x91bef8) at /usr/src/debug/php-5.3.8/Zend/zend_objects_API.c:92 #5 0x00595757 in shutdown_executor () at /usr/src/debug/php- 5.3.8/Zend/zend_execute_API.c:304 #6 0x005a1fc2 in zend_deactivate () at /usr/src/debug/php- 5.3.8/Zend/zend.c:891 #7 0x0054f2ce in php_request_shutdown (dummy=value optimized out) at /usr/src/debug/php-5.3.8/main/main.c:1640 #8 0x0062b10f in main (argc=3, argv=0x7fffea88) at /usr/src/debug/php-5.3.8/sapi/cli/php_cli.c:1363 (gdb) frame 2 #2 0x005c0609 in zend_object_std_dtor (object=0x1363970) at /usr/src/debug/php-5.3.8/Zend/zend_objects.c:45 45 zend_hash_destroy(object-properties); (gdb) print *object-ce $1 = {type = 2 '\002', name = 0xcdce30 React_Introspection_Controller, name_length = 30, parent = 0xcb3e78, refcount = 1, constants_updated = 1 '\001', ce_flags = 0, function_table = {nTableSize = 32, nTableMask = 31, nNumOfElements = 27, nNextFreeElement = 0, pInternalPointer = 0xcde7b0, pListHead = 0xcde7b0, pListTail = 0xce9d10, arBuckets = 0xce8fa8, pDestructor = 0x599450 zend_function_dtor, persistent = 0 '\000', nApplyCount = 0 '\000', bApplyProtection = 0 '\000'}, default_properties = {nTableSize = 8, nTableMask = 7, nNumOfElements = 5, nNextFreeElement = 0, pInternalPointer = 0xce74c8, pListHead = 0xce74c8, pListTail = 0xce7660, arBuckets = 0xcdcf50, pDestructor = 0x595420 _zval_ptr_dtor, persistent = 0 '\000', nApplyCount = 0 '\000', bApplyProtection = 0 '\000'}, properties_info = { nTableSize = 8, nTableMask = 7, nNumOfElements = 5, nNextFreeElement = 0, pInternalPointer = 0xce76c8, pListHead = 0xce76c8, pListTail = 0xce7850, arBuckets = 0xcde670, pDestructor = 0x586190 zend_destroy_property_info, persistent = 0 '\000', nApplyCount = 0 '\000', bApplyProtection = 0 '\000'}, default_static_members = {nTableSize = 8, nTableMask = 7, nNumOfElements = 0, nNextFreeElement = 0, pInternalPointer = 0x0, pListHead = 0x0, pListTail = 0x0, arBuckets = 0xcde6c0, pDestructor = 0x595420 _zval_ptr_dtor, persistent = 0 '\000', nApplyCount = 0 '\000', bApplyProtection = 0 '\000'}, static_members = 0x0, constants_table = {nTableSize = 8, nTableMask = 7, nNumOfElements = 0, nNextFreeElement = 0, pInternalPointer = 0x0, pListHead = 0x0, pListTail = 0x0, arBuckets = 0xcde710, pDestructor = 0x595420 _zval_ptr_dtor, persistent = 0 '\000', nApplyCount = 0 '\000', bApplyProtection = 0 '\000'}, builtin_functions = 0x0, constructor = 0xca2160, destructor = 0x0, clone = 0x0, __get = 0x0, __set = 0x0, __unset = 0x0, __isset = 0x0, __call = 0x0, __callstatic = 0x0, __tostring = 0x0, serialize_func = 0x0, unserialize_func = 0x0, iterator_funcs = {funcs = 0x0, zf_new_iterator = 0x0, zf_valid = 0x0, zf_current = 0x0, zf_key = 0x0, zf_next = 0x0, zf_rewind = 0x0}, create_object = 0, get_iterator = 0, interface_gets_implemented = 0, get_static_method = 0, serialize = 0, unserialize = 0, interfaces = 0xcde368, num_interfaces = 1, filename = 0xcde018 [...]/Introspection/Controller.php, line_start = 2, line_end = 82, doc_comment = 0x0, doc_comment_len = 0, module = 0x0} -- Edit bug report at https://bugs.php.net/bug.php?id=60457edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=60457r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=60457r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=60457r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=60457r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=60457r=needdocs Fixed in release:
[PHP-BUG] Bug #55223 [NEW]: isset triggers fatal error when accessing object as array
From: Operating system: Archlinux PHP version: 5.3.6 Package: Arrays related Bug Type: Bug Bug description:isset triggers fatal error when accessing object as array Description: This worked for quite a long time, but stopped working recently, I suspect due to #53971 being fixed. I think isset should never trigger any error Test script: --- $x = new stdClass; $x-a = 'b'; var_dump(isset($x['a'])); Expected result: false Actual result: -- PHP Fatal error: Cannot use object of type stdClass as array in php shell code on line 1 -- Edit bug report at https://bugs.php.net/bug.php?id=55223edit=1 -- Try a snapshot (PHP 5.2): https://bugs.php.net/fix.php?id=55223r=trysnapshot52 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=55223r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=55223r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=55223r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=55223r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=55223r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=55223r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=55223r=needscript Try newer version: https://bugs.php.net/fix.php?id=55223r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=55223r=support Expected behavior: https://bugs.php.net/fix.php?id=55223r=notwrong Not enough info: https://bugs.php.net/fix.php?id=55223r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=55223r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=55223r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=55223r=php4 Daylight Savings:https://bugs.php.net/fix.php?id=55223r=dst IIS Stability: https://bugs.php.net/fix.php?id=55223r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=55223r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=55223r=float No Zend Extensions: https://bugs.php.net/fix.php?id=55223r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=55223r=mysqlcfg Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=55223r=trysnapshot54
#46945 [NEW]: overwriting containing variable via extract segfaults in _zend_is_inconsistent
From: sjon at hortensius dot net Operating system: Linux PHP version: 5.2.8 PHP Bug Type: Reproducible crash Bug description: overwriting containing variable via extract segfaults in _zend_is_inconsistent Description: The supplied code shouldn't crash Reproduce code: --- $x = array('x' = 9); extract($x); Actual result: -- #0 0x08279691 in _zend_is_inconsistent (ht=0x9, file=0x850ada4 /tmp/php/src/php-5.2.8/Zend/zend_hash.c, line=1277) at /tmp/php/src/php-5.2.8/Zend/zend_hash.c:54 #1 0x0827c8c0 in zend_hash_move_forward_ex (ht=0x9, pos=0xbfabdc68) at /tmp/php/src/php-5.2.8/Zend/zend_hash.c:1277 #2 0x0817d0e9 in zif_extract (ht=1, return_value=0x95da738, return_value_ptr=0x0, this_ptr=0x0, return_value_used=0) at /tmp/php/src/php-5.2.8/ext/standard/array.c:1491 #3 0x08294a64 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfabde78) at /tmp/php/src/php-5.2.8/Zend/zend_vm_execute.h:200 #4 0x0829a367 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbfabde78) at /tmp/php/src/php-5.2.8/Zend/zend_vm_execute.h:1729 #5 0x082945e4 in execute (op_array=0x95da104) at /tmp/php/src/php-5.2.8/Zend/zend_vm_execute.h:92 #6 0x0826f70c in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /tmp/php/src/php-5.2.8/Zend/zend.c:1215 #7 0x0821c793 in php_execute_script (primary_file=0xbfac0204) at /tmp/php/src/php-5.2.8/main/main.c:2044 #8 0x082ee8b6 in main (argc=2, argv=0xbfac0364) at /tmp/php/src/php-5.2.8/sapi/cli/php_cli.c:1139 -- Edit bug report at http://bugs.php.net/?id=46945edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=46945r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=46945r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=46945r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=46945r=fixedcvs Fixed in CVS and need be documented: http://bugs.php.net/fix.php?id=46945r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=46945r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=46945r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=46945r=needscript Try newer version: http://bugs.php.net/fix.php?id=46945r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=46945r=support Expected behavior: http://bugs.php.net/fix.php?id=46945r=notwrong Not enough info: http://bugs.php.net/fix.php?id=46945r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=46945r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=46945r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=46945r=php4 Daylight Savings:http://bugs.php.net/fix.php?id=46945r=dst IIS Stability: http://bugs.php.net/fix.php?id=46945r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=46945r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=46945r=float No Zend Extensions: http://bugs.php.net/fix.php?id=46945r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=46945r=mysqlcfg
#41835 [NEW]: PCRE Update request
From: Sjon at hortensius dot net Operating system: PHP version: 5.2.3 PHP Bug Type: Feature/Change Request Bug description: PCRE Update request Description: The latest version of the PCRE library is 7.2 which fixes a bug I frequently experience problems with. However, PHP 5.2.3 is still shipped with PCRE library 7.0. Could this please be updated? -- Edit bug report at http://bugs.php.net/?id=41835edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=41835r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=41835r=trysnapshot52 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=41835r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=41835r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=41835r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=41835r=needtrace Need Reproduce Script:http://bugs.php.net/fix.php?id=41835r=needscript Try newer version:http://bugs.php.net/fix.php?id=41835r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=41835r=support Expected behavior:http://bugs.php.net/fix.php?id=41835r=notwrong Not enough info: http://bugs.php.net/fix.php?id=41835r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=41835r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=41835r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=41835r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=41835r=dst IIS Stability:http://bugs.php.net/fix.php?id=41835r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=41835r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=41835r=float No Zend Extensions: http://bugs.php.net/fix.php?id=41835r=nozend MySQL Configuration Error:http://bugs.php.net/fix.php?id=41835r=mysqlcfg
#41835 [Csd]: PCRE Update request
ID: 41835 User updated by: Sjon at hortensius dot net Reported By: Sjon at hortensius dot net Status: Closed Bug Type:Feature/Change Request PHP Version: 5.2.3 New Comment: Of course I wouldn't expect 5.2.3 to be updated; but if 5.2.4 contains it I am more then happy Previous Comments: [2007-06-28 08:25:54] [EMAIL PROTECTED] We can't go back to the future and change already released 5.2.3, but 5.2.4-CVS already contains PCRE 7.2 [2007-06-28 08:06:27] Sjon at hortensius dot net Description: The latest version of the PCRE library is 7.2 which fixes a bug I frequently experience problems with. However, PHP 5.2.3 is still shipped with PCRE library 7.0. Could this please be updated? -- Edit this bug report at http://bugs.php.net/?id=41835edit=1
#41788 [NEW]: preg_replace_callback returns NULL instead of input or error
From: Sjon at hortensius dot net Operating system: linux 2.6.21.5 PHP version: 5.2.3 PHP Bug Type: Regexps related Bug description: preg_replace_callback returns NULL instead of input or error Description: The preg_replace_callback manual-entry says: If matches are found, the new subject will be returned, otherwise subject will be returned unchanged. However; I have a testcase where no input is returned; and my callback isn't called either. This seems to be caused by a required pcre.backtrack_limit of 1000 Shouldn't PHP return the input or an error giving some pointers about this limit being reached? Reproduce code: --- ?PHP $input = '{?value==input.value}'; $regexp = '~\{\?(?:\(?!?.+(==)?.+\)?)+\}{\1\/}~sU'; var_dump(preg_replace_callback($regexp, 'callback', $input)); function callback(){ die('called'); } Expected result: I expect an error to be raised when pcre.backtrack_limit is reached Actual result: -- NULL is var_dumped -- Edit bug report at http://bugs.php.net/?id=41788edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=41788r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=41788r=trysnapshot52 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=41788r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=41788r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=41788r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=41788r=needtrace Need Reproduce Script:http://bugs.php.net/fix.php?id=41788r=needscript Try newer version:http://bugs.php.net/fix.php?id=41788r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=41788r=support Expected behavior:http://bugs.php.net/fix.php?id=41788r=notwrong Not enough info: http://bugs.php.net/fix.php?id=41788r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=41788r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=41788r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=41788r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=41788r=dst IIS Stability:http://bugs.php.net/fix.php?id=41788r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=41788r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=41788r=float No Zend Extensions: http://bugs.php.net/fix.php?id=41788r=nozend MySQL Configuration Error:http://bugs.php.net/fix.php?id=41788r=mysqlcfg
#41306 [NEW]: PHP Segfaults on certain regexp
From: Sjon at hortensius dot net Operating system: Linux 2.6.20 PHP version: 4.4.7 PHP Bug Type: PCRE related Bug description: PHP Segfaults on certain regexp Description: Although other regexps work fine; this one crashes since 4.4.7 is installed Reproduce code: --- ?PHP $x = new x(); class x { function y($matches){ echo 'no problem!'; } function x(){ preg_replace_callback('~\{([a-zA-Z\-_]{0,50})@([a-zA-Z_\d]{1,50})\}((?:(?:\{[a-zA-Z.\-_\d]{1,50}\}|[^\{\}]*)(\{,\})?)*)\{\1/\}~sU', array($this, 'y'), '[EMAIL PROTECTED]/}'); } } ? Expected result: I would expect the x::y function to be ran by preg_replace_callback Actual result: -- [Sun May 06 20:47:49 2007] [notice] child pid 26044 exit signal Segmentation fault (11) -- Edit bug report at http://bugs.php.net/?id=41306edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=41306r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=41306r=trysnapshot52 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=41306r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=41306r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=41306r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=41306r=needtrace Need Reproduce Script:http://bugs.php.net/fix.php?id=41306r=needscript Try newer version:http://bugs.php.net/fix.php?id=41306r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=41306r=support Expected behavior:http://bugs.php.net/fix.php?id=41306r=notwrong Not enough info: http://bugs.php.net/fix.php?id=41306r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=41306r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=41306r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=41306r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=41306r=dst IIS Stability:http://bugs.php.net/fix.php?id=41306r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=41306r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=41306r=float No Zend Extensions: http://bugs.php.net/fix.php?id=41306r=nozend MySQL Configuration Error:http://bugs.php.net/fix.php?id=41306r=mysqlcfg
#41306 [Opn]: preg_replace_callback segfaults on certain regexp
ID: 41306 User updated by: Sjon at hortensius dot net -Summary: PHP Segfaults on certain regexp Reported By: Sjon at hortensius dot net Status: Open Bug Type: PCRE related Operating System: Linux 2.6.20 PHP Version: 4.4.7 New Comment: The backtrace is _very_ long. Here is the first part: Program received signal SIGSEGV, Segmentation fault. match (eptr=0x82a3b47 argument{/}, ecode=0x82a37a5 O, offset_top=6, md=0xbfeac6ac, ims=4, eptrb=0x0, flags=0, rdepth=11366) at /root/packages/php/src/php-4.4.7/ext/pcre/pcrelib/pcre_exec.c:372 372 /root/packages/php/src/php-4.4.7/ext/pcre/pcrelib/pcre_exec.c: No such file or directory. in /root/packages/php/src/php-4.4.7/ext/pcre/pcrelib/pcre_exec.c (gdb) bt #0 match (eptr=0x82a3b47 argument{/}, ecode=0x82a37a5 O, offset_top=6, md=0xbfeac6ac, ims=4, eptrb=0x0, flags=0, rdepth=11366) at /root/packages/php/src/php-4.4.7/ext/pcre/pcrelib/pcre_exec.c:372 #1 0x0807e197 in match (eptr=0x82a3b47 argument{/}, ecode=value optimized out, offset_top=6, md=0xbfeac6ac, ims=4, eptrb=0x0, flags=0, rdepth=11365) at /root/packages/php/src/php-4.4.7/ext/pcre/pcrelib/pcre_exec.c:1187 #2 0x0807a5e0 in match (eptr=value optimized out, ecode=value optimized out, offset_top=value optimized out, md=0xbfeac6ac, ims=4, eptrb=0x0, flags=value optimized out, rdepth=11364) at /root/packages/php/src/php-4.4.7/ext/pcre/pcrelib/pcre_exec.c:1082 #3 0x0807e560 in match (eptr=value optimized out, ecode=value optimized out, offset_top=value optimized out, md=0xbfeac6ac, ims=4, eptrb=0x0, flags=value optimized out, rdepth=11363) at /root/packages/php/src/php-4.4.7/ext/pcre/pcrelib/pcre_exec.c:1740 Previous Comments: [2007-05-06 19:12:58] Sjon at hortensius dot net Description: Although other regexps work fine; this one crashes since 4.4.7 is installed Reproduce code: --- ?PHP $x = new x(); class x { function y($matches){ echo 'no problem!'; } function x(){ preg_replace_callback('~\{([a-zA-Z\-_]{0,50})@([a-zA-Z_\d]{1,50})\}((?:(?:\{[a-zA-Z.\-_\d]{1,50}\}|[^\{\}]*)(\{,\})?)*)\{\1/\}~sU', array($this, 'y'), '[EMAIL PROTECTED]/}'); } } ? Expected result: I would expect the x::y function to be ran by preg_replace_callback Actual result: -- [Sun May 06 20:47:49 2007] [notice] child pid 26044 exit signal Segmentation fault (11) -- Edit this bug report at http://bugs.php.net/?id=41306edit=1