ID: 25338
Updated by: [EMAIL PROTECTED]
Reported By: phpbug at zirzow dot dyndns dot org
-Status: Open
+Status: Bogus
Bug Type: Reproducible crash
Operating System: FreeBSD 4.7-RELEASE
PHP Version: 4.3.3
New Comment:
Yes, this is normal. Don't try accessing GLOBALS like that.
Previous Comments:
------------------------------------------------------------------------
[2003-09-01 04:48:11] phpbug at zirzow dot dyndns dot org
Description:
------------
It appears that repeated calls to a str_replace with a complex array as
the subject of replacement, causes php to crash.
Thanks,
Curt
Reproduce code:
---------------
// Demo 1
class foo {
function foo() {
reset($GLOBALS);
while (list($k, $v) = each($GLOBALS)) {
@$GLOB[$k] = $v;
}
$val = str_replace('$', 'asdf', $GLOB);
}
}
$foo = new foo();
$foo1 = new foo();
$foo2 = new foo();
// Demo 2
// Will issue a bunch of 'php in free(): warning: chunk is already
free'
// After enough of str_replace's it segfaults
while (list($k, $v) = each($GLOBALS)) {
@$GLOB[$k] = $v;
}
$val = str_replace('$', 'asdf', $GLOB);
$val = str_replace('$', 'asdf', $GLOB);
/* ... repeat till segfault ... */
Actual result:
--------------
back trace 1:
Program received signal SIGSEGV, Segmentation fault.
0x813dd34 in zend_hash_index_update_or_next_insert (ht=0x81fe2ec, h=0,
pData=0xbfbfcb98, nDataSize=4, pDest=0xbfbfcbe0, flag=1)
at /usr/home/curt/source/php-4.3.3/Zend/zend_hash.c:387
387 p = ht->arBuckets[nIndex];
(gdb) bt
#0 0x813dd34 in zend_hash_index_update_or_next_insert (ht=0x81fe2ec,
h=0, pData=0xbfbfcb98, nDataSize=4, pDest=0xbfbfcbe0, flag=1)
at /usr/home/curt/source/php-4.3.3/Zend/zend_hash.c:387
#1 0x813c13f in add_get_index_stringl (arg=0x81fe98c, index=0,
str=0x81fe2ec "argc", length=4, dest=0xbfbfcbe0, duplicate=0)
at /usr/home/curt/source/php-4.3.3/Zend/zend_API.c:917
#2 0x8140af0 in zif_each (ht=1, return_value=0x81fe98c, this_ptr=0x0,
return_value_used=1)
at
/usr/home/curt/source/php-4.3.3/Zend/zend_builtin_functions.c:378
#3 0x814bc5c in execute (op_array=0x822740c) at
/usr/home/curt/source/php-4.3.3/Zend/zend_execute.c:1618
#4 0x814bdd6 in execute (op_array=0x820398c) at
/usr/home/curt/source/php-4.3.3/Zend/zend_execute.c:1660
#5 0x814bdd6 in execute (op_array=0x820088c) at
/usr/home/curt/source/php-4.3.3/Zend/zend_execute.c:1660
#6 0x813a1d6 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /usr/home/curt/source/php-4.3.3/Zend/zend.c:885
#7 0x8112351 in php_execute_script (primary_file=0xbfbff6d8) at
/usr/home/curt/source/php-4.3.3/main/main.c:1723
#8 0x815368e in main (argc=2, argv=0xbfbff740) at
/usr/home/curt/source/php-4.3.3/sapi/cli/php_cli.c:818
#9 0x8062595 in _start ()
Backtrace 2:
Program received signal SIGSEGV, Segmentation fault.
0x8130075 in zend_do_qm_true (true_value=0x81ff78c,
qm_token=0xbfbfd80c, colon_token=0x81bebec)
at /usr/home/curt/source/php-4.3.3/Zend/zend_compile.c:2352
2352
CG(active_op_array)->opcodes[qm_token->u.opline_num].op2.u.opline_num =
get_next_op_number(CG(active_op_array))+1; /*
(gdb) bt
#0 0x8130075 in zend_do_qm_true (true_value=0x81ff78c,
qm_token=0xbfbfd80c, colon_token=0x81bebec)
at /usr/home/curt/source/php-4.3.3/Zend/zend_compile.c:2352
#1 0x8138c36 in _zval_dtor (zvalue=0x81fe8ec) at
/usr/home/curt/source/php-4.3.3/Zend/zend_variables.c:51
#2 0x8149401 in execute (op_array=0x820088c) at
/usr/home/curt/source/php-4.3.3/Zend/zend_execute.c:470
#3 0x813a1d6 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /usr/home/curt/source/php-4.3.3/Zend/zend.c:885
#4 0x8112351 in php_execute_script (primary_file=0xbfbff6d4) at
/usr/home/curt/source/php-4.3.3/main/main.c:1723
#5 0x815368e in main (argc=2, argv=0xbfbff73c) at
/usr/home/curt/source/php-4.3.3/sapi/cli/php_cli.c:818
#6 0x8062595 in _start ()
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=25338&edit=1
