#30166 [NEW]: dereferencing object in an array -> segfault

[cat at final-frontier dot ath dot cx]

From:             cat at final-frontier dot ath dot cx
Operating system: Gentoo Linux
PHP version:      5.0.1
PHP Bug Type:     Zend Engine 2 problem
Bug description:  dereferencing object in an array -> segfault

Description:
------------
When dereferencing an object-reference in an array, php gets a segfault.

(see reproduce code)

Okay, I know that $object here is out of scope and should be subject to
the GC, but PHP should still not segfault, but report an error or
something like that. This bug makes horde-imp not work anymore on PHP 5 -
the same code seems to have worked on PHP 4 (can't verify that, sorry).


Reproduce code:
---------------
<?php

class testobject
{
        var $test;
}

function return_object()
{
        $object = new testobject;
        $object->test = "lala";
        $array = array( &$object, NULL );

        return $array;
}

$object = return_object();
$object = $object[0]; // segmentation fault on this line

echo "WORKED: " . $object->test . "\n";

?>


Expected result:
----------------
The script prints out "WORKED: lala" or an error that the array-index is
not present (or something like that).

Actual result:
--------------
(empty page, "[Mon Sep 20 12:45:01 2004] [notice] child pid 2075 exit
signal Segmentation fault (11)" in apache-log)

-- 
Edit bug report at http://bugs.php.net/?id=30166&edit=1
-- 
Try a CVS snapshot (php4):   http://bugs.php.net/fix.php?id=30166&r=trysnapshot4
Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=30166&r=trysnapshot50
Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=30166&r=trysnapshot51
Fixed in CVS:                http://bugs.php.net/fix.php?id=30166&r=fixedcvs
Fixed in release:            http://bugs.php.net/fix.php?id=30166&r=alreadyfixed
Need backtrace:              http://bugs.php.net/fix.php?id=30166&r=needtrace
Need Reproduce Script:       http://bugs.php.net/fix.php?id=30166&r=needscript
Try newer version:           http://bugs.php.net/fix.php?id=30166&r=oldversion
Not developer issue:         http://bugs.php.net/fix.php?id=30166&r=support
Expected behavior:           http://bugs.php.net/fix.php?id=30166&r=notwrong
Not enough info:             http://bugs.php.net/fix.php?id=30166&r=notenoughinfo
Submitted twice:             http://bugs.php.net/fix.php?id=30166&r=submittedtwice
register_globals:            http://bugs.php.net/fix.php?id=30166&r=globals
PHP 3 support discontinued:  http://bugs.php.net/fix.php?id=30166&r=php3
Daylight Savings:            http://bugs.php.net/fix.php?id=30166&r=dst
IIS Stability:               http://bugs.php.net/fix.php?id=30166&r=isapi
Install GNU Sed:             http://bugs.php.net/fix.php?id=30166&r=gnused
Floating point limitations:  http://bugs.php.net/fix.php?id=30166&r=float
MySQL Configuration Error:   http://bugs.php.net/fix.php?id=30166&r=mysqlcfg