From: rodolfo at rodsoft dot org
Operating system: linux 2.6.6
PHP version: 5.0.0RC2
PHP Bug Type: Reproducible crash
Bug description: array_udiff dumps core
Description:
------------
If you run the following script with your web browser and reload the page
a couple of times, php dumps core. My apache version is 2.0.49 with libphp
dynamically linked.
Strangely enough, if you change the array index inside the create_function
to something bogus, like "d", array_udiff returns an empty array (without
issuing an error). The second time the script is called, as usual, php
dumps core. With the correct array index, the output is ok the first time.
But dumps core the second time is called.
Reproduce code:
---------------
<?
$p1[] = array('a'=>1, 'b'=>'apple');
$p1[] = array('a'=>2, 'b'=>'orange');
$p1[] = array('a'=>3, 'b'=>'banana');
$p2[] = array('a'=>3, 'b'=>'banana');
$p2[] = array('a'=>4, 'b'=>'raspberry');
echo "<pre>";
print_r(array_udiff($p1, $p2,create_function('$a,$b',
'return $a["a"]-$b["a"];')));
echo "</pre>";
?>
Expected result:
----------------
Array
(
[0] => Array
(
[a] => 1
[b] => apple
)
[1] => Array
(
[a] => 2
[b] => orange
)
)
no matter how many times we run the script
Actual result:
--------------
The correct result in the first time the script is run, and the following
core dump backtrace the second time:
#0 0x00000001 in ?? ()
#1 0x4072bc0a in zend_call_function () from /usr/lib/apache/libphp5.so
#2 0x4067dd81 in array_user_compare () from /usr/lib/apache/libphp5.so
#3 0x407458c9 in zend_qsort() from /usr/lib/apache/libphp5.so
#4 0x40684a19 in php_array_diff () from /usr/lib/apache/libphp5.so
#5 0x00000003 in ?? ()
#6 0x00000004 in ?? ()
#7 0x4067dcf0 in zif_rsort() from /usr/lib/apache/libphp5.so
Previous frame inner to this frame (corrupt stack?)
--
Edit bug report at http://bugs.php.net/?id=28743&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=28743&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=28743&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=28743&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=28743&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=28743&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=28743&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=28743&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=28743&r=support
Expected behavior: http://bugs.php.net/fix.php?id=28743&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=28743&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=28743&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=28743&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=28743&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=28743&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=28743&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=28743&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=28743&r=float
