Hello, I'm experiencing very weird segfaults (and cannot reproduce them with a small script) in PHP4 (to be exact: PHP4.3.8) - a backtrace is attached.
Now the weird thing is: #0 0x080e3ff3 in php_char_to_str (str=0x0, len=1515870810, from=34 '"', to=0x85d5f54 "\"\"", to_len=2, result=0x860104c) at /root/php-src/php-4.3.8/ext/standard/string.c:2529 2529 if (*source == from) { The place where this comes from is an escaping routine (userland PHP) for SQL queries, where $sql= '"'.str_replace('"', '""', $arg).'"' is executed (hence the above arguments). >From scanning string.c, I could not figure out how its "str" argument could ever be NULL. php_char_to_str() is called from php_str_replace_in_subject() (search is not IS_ARRAY, so this: if (Z_STRLEN_P(search) == 1) { php_char_to_str(Z_STRVAL_PP(subject), Z_STRLEN_PP(subject), Z_STRVAL_P(search)[0], Z_STRVAL_P(replace), Z_STRLEN_P(replace), result); is what is being executed. Before that, convert_to_string_ex(subject); Z_TYPE_P(result) = IS_STRING; is called. How could this result in "subject" being NULL? Maybe someone has an idea or has experienced this behaviour before. I'll try to find a simple reproduce script ASAP. - Timm
#0 0x080e3ff3 in php_char_to_str (str=0x0, len=1515870810, from=34 '"', to=0x85d5f54 "\"\"", to_len=2, result=0x860104c) at /root/php-src/php-4.3.8/ext/standard/string.c:2529 2529 if (*source == from) { (gdb) bt #0 0x080e3ff3 in php_char_to_str (str=0x0, len=1515870810, from=34 '"', to=0x85d5f54 "\"\"", to_len=2, result=0x860104c) at /root/php-src/php-4.3.8/ext/standard/string.c:2529 #1 0x080e4711 in php_str_replace_in_subject (search=0x85f6c74, replace=0x85f7d3c, subject=0x8504494, result=0x860104c) at /root/php-src/php-4.3.8/ext/standard/string.c:2681 #2 0x080e4e6b in zif_str_replace (ht=3, return_value=0x860104c, this_ptr=0x0, return_value_used=1) at /root/php-src/php-4.3.8/ext/standard/string.c:2758 #3 0x08153943 in execute (op_array=0x845f154) at /root/php-src/php-4.3.8/Zend/zend_execute.c:1635 #4 0x08153b41 in execute (op_array=0x8450b1c) at /root/php-src/php-4.3.8/Zend/zend_execute.c:1679 #5 0x08153b41 in execute (op_array=0x8424c9c) at /root/php-src/php-4.3.8/Zend/zend_execute.c:1679 #6 0x08153b41 in execute (op_array=0x8520e6c) at /root/php-src/php-4.3.8/Zend/zend_execute.c:1679 #7 0x08153b41 in execute (op_array=0x852844c) at /root/php-src/php-4.3.8/Zend/zend_execute.c:1679 #8 0x08153b41 in execute (op_array=0x8524c54) at /root/php-src/php-4.3.8/Zend/zend_execute.c:1679 #9 0x08153b41 in execute (op_array=0x84faf7c) at /root/php-src/php-4.3.8/Zend/zend_execute.c:1679 #10 0x08153b41 in execute (op_array=0x84fb004) at /root/php-src/php-4.3.8/Zend/zend_execute.c:1679 #11 0x08153b41 in execute (op_array=0x8203b84) at /root/php-src/php-4.3.8/Zend/zend_execute.c:1679 #12 0x08142a79 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/php-src/php-4.3.8/Zend/zend.c:891 #13 0x0810f863 in php_execute_script (primary_file=0xbffffaa0) at /root/php-src/php-4.3.8/main/main.c:1734 #14 0x08159a5b in main (argc=6, argv=0xbffffb24) at /root/php-src/php-4.3.8/sapi/cli/php_cli.c:822
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php