Edit report at https://bugs.php.net/bug.php?id=52719&edit=1
ID: 52719
Updated by: ni...@php.net
Reported by: apouch at woozworld dot com
Summary: array_walk_recursive crashes if third param of the
function is by reference
-Status: Feedback
+Status: Re-Opened
Type: Bug
Package: Arrays related
Operating System: Linux
PHP Version: 5.3.3
Block user comment: N
Private report: N
New Comment:
I added a patch that fixes the issue.
Now the function works on the userdata as zval* instead of zval**. This fixes
the
issue because zend_call_func changes the zval** for a by-ref var and thus
zval_ptr_dtor() is called on a different zval than Z_ADDREF_PP() was called on.
Previous Comments:
------------------------------------------------------------------------
[2012-01-27 13:06:42] ni...@php.net
The following patch has been added/updated:
Patch Name: array_walk_recursive.patch
Revision: 1327669602
URL:
https://bugs.php.net/patch-display.php?bug=52719&patch=array_walk_recursive.patch&revision=1327669602
------------------------------------------------------------------------
[2011-12-23 11:42:08] nikita dot ppv at googlemail dot com
This issue was caused by
http://svn.php.net/viewvc?view=revision&revision=300371 which was commited as a
fix for https://bugs.php.net/bug.php?id=51552.
Basically for a recursive array walk the zval will be zval_ptr_dtor'd
prematurely and multiple times (every time it leaves one recursive array_walk
call). This leads to the memory corruption and in some cases to a segfault.
I'm not exactly sure what purpose that change served, at least the respective
phpt test runs cleanly if I revert the changeset.
------------------------------------------------------------------------
[2011-12-21 16:16:47] ni...@php.net
Another test case: http://codepad.viper-7.com/Mw3DhS. You can observe the
memory corruption in the values that are output. Also you can simply toggle the
crash be removing the 'alpha' elements: http://codepad.viper-7.com/luVZw5 will
crash.
By the way, I could not reproduce the crash on a debug build (I get only leaks
there, too).
------------------------------------------------------------------------
[2010-12-13 13:19:19] php at oxanvanleeuwen dot nl
This is still a problem with PHP 5.3.4. Strange is that it segfaults after the
call to array_walk_recursive; running is printed.
See this test script, which segfaults:
<?php
$array = array("hello", array("bye"));
$flat = array();
array_walk_recursive($array, function (&$value, $key, &$flat) {
$flat[] = $value;
}, $flat);
echo "Running";
------------------------------------------------------------------------
[2010-08-30 19:36:24] johan...@php.net
Please try using this snapshot:
http://snaps.php.net/php5.3-latest.tar.gz
For Windows:
http://windows.php.net/snapshots/
I get no crash but a memleak which is handled gracefully with current SVN.
No crash[Mon Aug 30 19:33:37 2010] Script: '-'
/home/johannes/src/php/php-src/branches/PHP_5_3/Zend/zend_execute_API.c(888) :
Freeing 0x00DEB060 (32 bytes), script=-
=== Total 1 memory leaks detected ===
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=52719
--
Edit this bug report at https://bugs.php.net/bug.php?id=52719&edit=1
