Hi Moriyoshi, Function _php_mb_regex_ereg_replace_exec in php_mbregex.c returns RETVAL_STRINGL((char *)out_buf.c, out_buf.len - 1, 0); //At the end of the function 0 as the 3rd argument to RETVAL_STRINGL Macro does not duplicate the content and sets a retval zval same as out_buf.c.
out_buf.c is allocated using malloc/realloc family not emalloc/erealloc. While zval_ptr_dtor is called on mb_reg_replace's retval, calls efree(which it should not.). Hence in the macro REMOVE_POINTER_FROM_LIST p->pLast->pNext = p->pNext; \ line causes a seg fault.(As p->pLast is null or some strange pointer not within the control of the running program) Patch for 5.0 tree is available here http://puggy.symonds.net/~kameshj/php_mbregex.c.patch With regards Kamesh Jayachandran -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php