ID: 34260 Updated by: [EMAIL PROTECTED] Reported By: etnu at etnu dot org -Status: Open +Status: Verified -Bug Type: Class/Object related +Bug Type: Scripting Engine problem -Operating System: Debian 3.1 (Sarge) +Operating System: * -PHP Version: 5CVS-2005-08-25 (snap) +PHP Version: 5CVS-2005-08-28 New Comment:
Derick, in cases like this with nice and short example script which clearly segfaults (I verified) you can propably come up with the backtrace YOURSELF? Here it is, for all the other lazy asses: (gdb) bt #0 0x5a2a8fcc in ?? () #1 0x083a55f1 in zend_call_function (fci=0xbfffd4a0, fci_cache=0xbfffd4f0) at /usr/src/php/php_5_1/Zend/zend_execute_API.c:885 #2 0x082de40e in zif_array_map (ht=2, return_value=0x89d4064, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /usr/src/php/php_5_1/ext/standard/array.c:4336 #3 0x083d739b in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffd6c0) at zend_vm_execute.h:184 #4 0x083db82f in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbfffd6c0) at zend_vm_execute.h:1586 #5 0x083d707c in execute (op_array=0x89cf624) at zend_vm_execute.h:87 #6 0x083b09f1 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/php/php_5_1/Zend/zend.c:1078 #7 0x0836f107 in php_execute_script (primary_file=0xbffffb00) at /usr/src/php/php_5_1/main/main.c:1675 #8 0x08426636 in main (argc=2, argv=0xbffffbd4) at /usr/src/php/php_5_1/sapi/cli/php_cli.c:1039 The crash happens for the 2nd call. Previous Comments: ------------------------------------------------------------------------ [2005-08-27 01:44:42] etnu at etnu dot org One additional piece of information: The problem appears to actually be in the RETURN value. If I run that script in CLI mode, the results are as follows: ./Test.php I hate meSegmentation fault The example I gave doesn't actually return a value, I know, but the problem occurs either way. The original implementation was simply a function that called mysqli::real_escape_data(). ------------------------------------------------------------------------ [2005-08-27 01:41:56] etnu at etnu dot org Hi, I don't have the extra machine to test this one out on, unfortunately, and I can't seem to get gdb to compile on this particular platform. I can confirm that the code I posted also causes seg faults on xeons (both dual & single) running Sarge 3.1 (these are production boxes, so I can't put the debugger on here to test it), and causes fatal exceptions on windows. All of these tests were conducted running under apache. It also seg faults in CLI mode, though, which lead me to believe that the problem is fundamentally tied to the implementation of __call and / or the callback mechanism rather than any platform-specific issues. Sorry I couldn't provide more details than that. ------------------------------------------------------------------------ [2005-08-26 08:57:29] [EMAIL PROTECTED] Thank you for this bug report. To properly diagnose the problem, we need a backtrace to see what is happening behind the scenes. To find out how to generate a backtrace, please read http://bugs.php.net/bugs-generating-backtrace.php Once you have generated a backtrace, please submit it to this bug report and change the status back to "Open". Thank you for helping us make PHP better. ------------------------------------------------------------------------ [2005-08-25 22:03:06] etnu at etnu dot org Description: ------------ A segfault occurs when using callbacks to functions that get triggered via __call. In the case of what's actually being called, the class is derived from mysqli. I haven't done extensive testing, but I was getting segfaults with both array_map and array_filter. It seems to be a general callback-related issue. Dual Opteron Kernel is SMP + 64bit Configure: ./configure \ --with-pgsql \ --with-xmlrpc \ --with-apxs2=/usr/local/apache2/bin/apxs \ --with-mysql=/usr --with-mysqli=/usr/bin/mysql_config \ --prefix=/usr/local/apache2/php \ --with-config-file-path=/usr/local/apache2/php \ --enable-force-cgi-redirect \ --disable-magic-quotes \ --with-curl \ --with-gd --with-jpeg-dir=/usr/lib --with-png-dir=/usr/lib --with-freetype-dir=/usr/lib --with-zlib-dir=/usr/lib Reproduce code: --------------- <?php class Faulty { function __call($Method,$Args) { switch($Method) { case 'seg': echo "I hate me"; break; } } function NormalMethod($Args) { echo "I heart me"; } } $Faulty = new Faulty(); $Array = array('Some junk','Some other junk'); // This causes a seg fault. $Failure = array_map(array($Faulty,'seg'),$Array); // This does not. $Failure = array_map(array($Faulty,'NormalMethod'),$Array); ?> Expected result: ---------------- Not seg faulting. Actual result: -------------- Segfaulting. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=34260&edit=1