Hello,
I'm experiencing very weird segfaults (and cannot reproduce them with a
small script) in PHP4 (to be exact: PHP4.3.8) - a backtrace is attached.
Now the weird thing is:
#0 0x080e3ff3 in php_char_to_str (str=0x0, len=1515870810, from=34 '"',
to=0x85d5f54 "\"\"", to_len=2,
result=0x860104c) at
/root/php-src/php-4.3.8/ext/standard/string.c:2529
2529 if (*source == from) {
The place where this comes from is an escaping routine (userland PHP)
for SQL queries, where $sql= '"'.str_replace('"', '""', $arg).'"' is
executed (hence the above arguments).
>From scanning string.c, I could not figure out how its "str" argument
could ever be NULL. php_char_to_str() is called from
php_str_replace_in_subject() (search is not IS_ARRAY, so this:
if (Z_STRLEN_P(search) == 1) {
php_char_to_str(Z_STRVAL_PP(subject),
Z_STRLEN_PP(subject),
Z_STRVAL_P(search)[0],
Z_STRVAL_P(replace),
Z_STRLEN_P(replace),
result);
is what is being executed. Before that,
convert_to_string_ex(subject);
Z_TYPE_P(result) = IS_STRING;
is called. How could this result in "subject" being NULL?
Maybe someone has an idea or has experienced this behaviour before. I'll
try to find a simple reproduce script ASAP.
- Timm
#0 0x080e3ff3 in php_char_to_str (str=0x0, len=1515870810, from=34 '"', to=0x85d5f54
"\"\"", to_len=2,
result=0x860104c) at /root/php-src/php-4.3.8/ext/standard/string.c:2529
2529 if (*source == from) {
(gdb) bt
#0 0x080e3ff3 in php_char_to_str (str=0x0, len=1515870810, from=34 '"', to=0x85d5f54
"\"\"", to_len=2,
result=0x860104c) at /root/php-src/php-4.3.8/ext/standard/string.c:2529
#1 0x080e4711 in php_str_replace_in_subject (search=0x85f6c74, replace=0x85f7d3c,
subject=0x8504494,
result=0x860104c) at /root/php-src/php-4.3.8/ext/standard/string.c:2681
#2 0x080e4e6b in zif_str_replace (ht=3, return_value=0x860104c, this_ptr=0x0,
return_value_used=1)
at /root/php-src/php-4.3.8/ext/standard/string.c:2758
#3 0x08153943 in execute (op_array=0x845f154) at
/root/php-src/php-4.3.8/Zend/zend_execute.c:1635
#4 0x08153b41 in execute (op_array=0x8450b1c) at
/root/php-src/php-4.3.8/Zend/zend_execute.c:1679
#5 0x08153b41 in execute (op_array=0x8424c9c) at
/root/php-src/php-4.3.8/Zend/zend_execute.c:1679
#6 0x08153b41 in execute (op_array=0x8520e6c) at
/root/php-src/php-4.3.8/Zend/zend_execute.c:1679
#7 0x08153b41 in execute (op_array=0x852844c) at
/root/php-src/php-4.3.8/Zend/zend_execute.c:1679
#8 0x08153b41 in execute (op_array=0x8524c54) at
/root/php-src/php-4.3.8/Zend/zend_execute.c:1679
#9 0x08153b41 in execute (op_array=0x84faf7c) at
/root/php-src/php-4.3.8/Zend/zend_execute.c:1679
#10 0x08153b41 in execute (op_array=0x84fb004) at
/root/php-src/php-4.3.8/Zend/zend_execute.c:1679
#11 0x08153b41 in execute (op_array=0x8203b84) at
/root/php-src/php-4.3.8/Zend/zend_execute.c:1679
#12 0x08142a79 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /root/php-src/php-4.3.8/Zend/zend.c:891
#13 0x0810f863 in php_execute_script (primary_file=0xbffffaa0) at
/root/php-src/php-4.3.8/main/main.c:1734
#14 0x08159a5b in main (argc=6, argv=0xbffffb24) at
/root/php-src/php-4.3.8/sapi/cli/php_cli.c:822
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
