ID: 46749 Updated by: [EMAIL PROTECTED] Reported By: robin_fernandes at uk dot ibm dot com -Status: Verified +Status: Closed Bug Type: Reproducible crash Operating System: * PHP Version: 6CVS-2008-12-04 (snap) New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2008-12-04 15:32:13] [EMAIL PROTECTED] I can reproduce it. 1...2... Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1225472304 (LWP 8923)] 0x0846bc91 in gc_remove_zval_from_buffer (zv=0x895149c, tsrm_ls=0x87a9050) at /home/felipe/dev/php6/Zend/zend_gc.h:189 189 root->next->prev = root->prev; (gdb) bt #0 0x0846bc91 in gc_remove_zval_from_buffer (zv=0x895149c, tsrm_ls=0x87a9050) at /home/felipe/dev/php6/Zend/zend_gc.h:189 #1 0x0841beaf in _zval_ptr_dtor (zval_ptr=0xbfcf97e8, __zend_filename=0x878582c "/home/felipe/dev/php6/Zend/zend_execute.c", __zend_lineno=604) at /home/felipe/dev/php6/Zend/zend_execute_API.c:455 #2 0x0849ca24 in zend_assign_to_object (result=0x8951438, object_ptr=0x8951720, property_name=0x8951464, value_op=0x8951498, Ts=0x8984188, opcode=136, tsrm_ls=0x87a9050) at /home/felipe/dev/php6/Zend/zend_execute.c:604 #3 0x0849c652 in ZEND_ASSIGN_OBJ_SPEC_VAR_CONST_HANDLER (execute_data=0x8984134, tsrm_ls=0x87a9050) at /home/felipe/dev/php6/Zend/zend_vm_execute.h:10561 #4 0x08477033 in execute (op_array=0x8950c9c, tsrm_ls=0x87a9050) at /home/felipe/dev/php6/Zend/zend_vm_execute.h:104 #5 0x084372bf in zend_execute_scripts (type=8, tsrm_ls=0x87a9050, retval=0x0, file_count=3) at /home/felipe/dev/php6/Zend/zend.c:1723 #6 0x083935e8 in php_execute_script (primary_file=0xbfcfbc98, tsrm_ls=0x87a9050) at /home/felipe/dev/php6/main/main.c:2216 #7 0x084edc28 in main (argc=2, argv=0xbfcfbe14) at /home/felipe/dev/php6/sapi/cli/php_cli.c:1141 ------------------------------------------------------------------------ [2008-12-04 15:30:47] robin_fernandes at uk dot ibm dot com In fact, the class C above is not necessary to get the crash; here is a shorter reproduce script. Expected and actual output as above. <?php $nonEmptyString = 'hello'; $i=0; while ($i++<10) { echo "$i..."; @$nonEmptyString->prop = 'Will eventually cause crash'; } echo "Done." ?> ------------------------------------------------------------------------ [2008-12-04 15:26:55] robin_fernandes at uk dot ibm dot com Description: ------------ The script below crashes consistently on Windows and Linux on the latest php6 snap. This seems to be specific to HEAD: I could NOT recreate the crash on the latest 5_2 and 5_3 snaps. Reproduce code: --------------- <?php Class C { public $nonEmptyString = 'hello'; } $c = new C; $i=0; while ($i++<10) { echo "$i..."; @$c->nonEmptyString->prop = "Will eventually cause crash"; } echo "Done." ?> Expected result: ---------------- 1...2...3...4...5...6...7...8...9...10...Done. Actual result: -------------- 1...2...[crash] ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=46749&edit=1
