ID: 34260
Updated by: [EMAIL PROTECTED]
Reported By: etnu at etnu dot org
-Status: Open
+Status: Verified
-Bug Type: Class/Object related
+Bug Type: Scripting Engine problem
-Operating System: Debian 3.1 (Sarge)
+Operating System: *
-PHP Version: 5CVS-2005-08-25 (snap)
+PHP Version: 5CVS-2005-08-28
New Comment:
Derick, in cases like this with nice and short example script which
clearly segfaults (I verified) you can propably come up with the
backtrace YOURSELF?
Here it is, for all the other lazy asses:
(gdb) bt
#0 0x5a2a8fcc in ?? ()
#1 0x083a55f1 in zend_call_function (fci=0xbfffd4a0,
fci_cache=0xbfffd4f0)
at /usr/src/php/php_5_1/Zend/zend_execute_API.c:885
#2 0x082de40e in zif_array_map (ht=2, return_value=0x89d4064,
return_value_ptr=0x0, this_ptr=0x0,
return_value_used=1) at
/usr/src/php/php_5_1/ext/standard/array.c:4336
#3 0x083d739b in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfffd6c0) at zend_vm_execute.h:184
#4 0x083db82f in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0xbfffd6c0) at zend_vm_execute.h:1586
#5 0x083d707c in execute (op_array=0x89cf624) at zend_vm_execute.h:87
#6 0x083b09f1 in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
at /usr/src/php/php_5_1/Zend/zend.c:1078
#7 0x0836f107 in php_execute_script (primary_file=0xbffffb00) at
/usr/src/php/php_5_1/main/main.c:1675
#8 0x08426636 in main (argc=2, argv=0xbffffbd4) at
/usr/src/php/php_5_1/sapi/cli/php_cli.c:1039
The crash happens for the 2nd call.
Previous Comments:
------------------------------------------------------------------------
[2005-08-27 01:44:42] etnu at etnu dot org
One additional piece of information:
The problem appears to actually be in the RETURN value. If I run that
script in CLI mode, the results are as follows:
./Test.php
I hate meSegmentation fault
The example I gave doesn't actually return a value, I know, but the
problem occurs either way. The original implementation was simply a
function that called mysqli::real_escape_data().
------------------------------------------------------------------------
[2005-08-27 01:41:56] etnu at etnu dot org
Hi,
I don't have the extra machine to test this one out on, unfortunately,
and I can't seem to get gdb to compile on this particular platform. I
can confirm that the code I posted also causes seg faults on xeons
(both dual & single) running Sarge 3.1 (these are production boxes, so
I can't put the debugger on here to test it), and causes fatal
exceptions on windows. All of these tests were conducted running under
apache.
It also seg faults in CLI mode, though, which lead me to believe that
the problem is fundamentally tied to the implementation of __call and /
or the callback mechanism rather than any platform-specific issues.
Sorry I couldn't provide more details than that.
------------------------------------------------------------------------
[2005-08-26 08:57:29] [EMAIL PROTECTED]
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php
Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.
------------------------------------------------------------------------
[2005-08-25 22:03:06] etnu at etnu dot org
Description:
------------
A segfault occurs when using callbacks to functions that get triggered
via __call.
In the case of what's actually being called, the class is derived from
mysqli.
I haven't done extensive testing, but I was getting segfaults with both
array_map and array_filter. It seems to be a general callback-related
issue.
Dual Opteron
Kernel is SMP + 64bit
Configure:
./configure \
--with-pgsql \
--with-xmlrpc \
--with-apxs2=/usr/local/apache2/bin/apxs \
--with-mysql=/usr --with-mysqli=/usr/bin/mysql_config \
--prefix=/usr/local/apache2/php \
--with-config-file-path=/usr/local/apache2/php \
--enable-force-cgi-redirect \
--disable-magic-quotes \
--with-curl \
--with-gd --with-jpeg-dir=/usr/lib --with-png-dir=/usr/lib
--with-freetype-dir=/usr/lib --with-zlib-dir=/usr/lib
Reproduce code:
---------------
<?php
class Faulty
{
function __call($Method,$Args)
{
switch($Method)
{
case 'seg':
echo "I hate me";
break;
}
}
function NormalMethod($Args)
{
echo "I heart me";
}
}
$Faulty = new Faulty();
$Array = array('Some junk','Some other junk');
// This causes a seg fault.
$Failure = array_map(array($Faulty,'seg'),$Array);
// This does not.
$Failure = array_map(array($Faulty,'NormalMethod'),$Array);
?>
Expected result:
----------------
Not seg faulting.
Actual result:
--------------
Segfaulting.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=34260&edit=1
