#48668 [NEW]: foreach with array will coredump php

[dmda at yandex dot ru]

From:             dmda at yandex dot ru
Operating system: solaris 8
PHP version:      5.3.0RC4
PHP Bug Type:     Reproducible crash
Bug description:  foreach with array will coredump php

Description:
------------
$uname -a
SunOS qu1 5.8 Generic_108528-11 sun4u sparc SUNW,UltraSPARC-IIi-cEngine
$ sapi/cli/php ./1.php
Bus Error (core dumped)
$gdb --core core sapi/cli/php
....
Core was generated by `./php 1.php'.
Program terminated with signal 10, Bus error.
#0  0x002e7d80 in ZEND_FE_RESET_SPEC_TMP_HANDLER (execute_data=0x861cc0)
    at 
/export/home/jvlad/php/php5.3-200906221030/Zend/zend_vm_execute.h:5371
5371                            INIT_PZVAL_COPY(tmp, array_ptr);
(gdb) bt
#0  0x002e7d80 in ZEND_FE_RESET_SPEC_TMP_HANDLER (execute_data=0x861cc0)
    at 
/export/home/jvlad/php/php5.3-200906221030/Zend/zend_vm_execute.h:5371
#1  0x002d92a0 in execute (op_array=0x70bd90)
    at
/export/home/jvlad/php/php5.3-200906221030/Zend/zend_vm_execute.h:104
#2  0x002b8d48 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /export/home/jvlad/php/php5.3-200906221030/Zend/zend.c:1188
#3  0x00266444 in php_execute_script (primary_file=0xffbefbf0)
    at /export/home/jvlad/php/php5.3-200906221030/main/main.c:2196
#4  0x003447d4 in main (argc=2, argv=0xffbefcac)
    at /export/home/jvlad/php/php5.3-200906221030/sapi/cli/php_cli.c:1188
(gdb) p array_ptr
$1 = (zval *) 0x861d14
(gdb) p *array_ptr
$2 = {value = {lval = 7458416, dval = 1.5848218932638939e-306, str = {val
= 
0x71ce70 "",
      len = 0}, ht = 0x71ce70, obj = {handle = 7458416, handlers = 0x0}},

refcount__gc = 0,
  type = 4 '\004', is_ref__gc = 0 '\0'}
(gdb) p tmp
Cannot access memory at address 0xfffffff0
(gdb) dump_bt executor_globals.current_execute_data
[0x00861cc0] ???
/export/home/jvlad/php/php5.3-200906221030/sapi/cli/1.php:2



Reproduce code:
---------------
$cat 1.php
<?php
foreach (array("SPL", "Reflection", "Phar") as $ext) {
    if (!extension_loaded($ext)) {
        echo "$argv[0] requires PHP extension $ext.\n";
        exit(1);
    }
}
?> 



-- 
Edit bug report at http://bugs.php.net/?id=48668&edit=1
-- 
Try a CVS snapshot (PHP 5.2):        
http://bugs.php.net/fix.php?id=48668&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):        
http://bugs.php.net/fix.php?id=48668&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):        
http://bugs.php.net/fix.php?id=48668&r=trysnapshot60
Fixed in CVS:                        
http://bugs.php.net/fix.php?id=48668&r=fixedcvs
Fixed in CVS and need be documented: 
http://bugs.php.net/fix.php?id=48668&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=48668&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=48668&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=48668&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=48668&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=48668&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=48668&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=48668&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=48668&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=48668&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=48668&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=48668&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=48668&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=48668&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=48668&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=48668&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=48668&r=mysqlcfg