#34310 [NEW]: foreach($arr as $c->d => $x) yields segfault

Tue, 30 Aug 2005 07:14:53 -0700 

From:             devriese at cs dot tcd dot ie
Operating system: SunOS 5.9
PHP version:      5.1.0RC1
PHP Bug Type:     Reproducible crash
Bug description:  foreach($arr as $c->d => $x) yields segfault

Description:
------------
When using an object attribute to store the key in a foreach loop, PHP
crashes with a segmentation error (note that using an object attribute to
store a value does work; see example code). 

Also: this code runs fine in PHP 5.0.3, but crashes with PHP 5.1.0RC1.

Reproduce code:
---------------
<?php
   class C
   {
      var $d;
   }

   $c = new C();

   $arr = array(1 => 'a', 2 => 'b', 3 => 'c');

   // Works fine:
   foreach($arr as $x => $c->d) echo "$c->d\n";

   // Crashes:
   foreach($arr as $c->d => $x) echo "$c->d\n";
?>

Expected result:
----------------
a
b
c
1
2
3


Actual result:
--------------
(in GDB):

a
b
c

Program received signal SIGSEGV, Segmentation fault.
0x003357c0 in zend_pzval_unlock_func (z=0x0, should_free=0xffbfdd7c)
    at /misc/csw/src/php-5.1.0RC1/Zend/zend_execute.c:66
66              if (!--z->refcount) {
(gdb) bt
#0  0x003357c0 in zend_pzval_unlock_func (z=0x0, should_free=0xffbfdd7c)
    at /misc/csw/src/php-5.1.0RC1/Zend/zend_execute.c:66
#1  0x00335774 in _get_zval_ptr_ptr_var (node=0x50b270, Ts=0xffbfde90, 
    should_free=0xffbfdd7c)
    at /misc/csw/src/php-5.1.0RC1/Zend/zend_execute.c:259
#2  0x00335700 in _get_zval_ptr_ptr (node=0x50b270, Ts=0xffbfde90, 
    should_free=0xffbfdd7c, type=1)
    at /misc/csw/src/php-5.1.0RC1/Zend/zend_execute.c:300
#3  0x00337088 in zend_assign_to_variable (result=0x50b258, op1=0x50b270,

    op2=0x50b288, value=0xffbfe028, type=2, Ts=0xffbfde90)
    at /misc/csw/src/php-5.1.0RC1/Zend/zend_execute.c:632
#4  0x0035f62c in ZEND_ASSIGN_SPEC_VAR_TMP_HANDLER
(execute_data=0xffbfe088)
    at zend_vm_execute.h:10210
#5  0x00333b1c in execute (op_array=0x506618) at zend_vm_execute.h:87
#6  0x002f6e1c in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /misc/csw/src/php-5.1.0RC1/Zend/zend.c:1078
#7  0x00286e44 in php_execute_script (primary_file=0xffbfe848)
    at /misc/csw/src/php-5.1.0RC1/main/main.c:1672
#8  0x003a47a0 in main (argc=2, argv=0xffbfe8fc)
    at /misc/csw/src/php-5.1.0RC1/sapi/cgi/cgi_main.c:1574

-- 
Edit bug report at http://bugs.php.net/?id=34310&edit=1
-- 
Try a CVS snapshot (php4):   http://bugs.php.net/fix.php?id=34310&r=trysnapshot4
Try a CVS snapshot (php5.0): 
http://bugs.php.net/fix.php?id=34310&r=trysnapshot50
Try a CVS snapshot (php5.1): 
http://bugs.php.net/fix.php?id=34310&r=trysnapshot51
Fixed in CVS:                http://bugs.php.net/fix.php?id=34310&r=fixedcvs
Fixed in release:            http://bugs.php.net/fix.php?id=34310&r=alreadyfixed
Need backtrace:              http://bugs.php.net/fix.php?id=34310&r=needtrace
Need Reproduce Script:       http://bugs.php.net/fix.php?id=34310&r=needscript
Try newer version:           http://bugs.php.net/fix.php?id=34310&r=oldversion
Not developer issue:         http://bugs.php.net/fix.php?id=34310&r=support
Expected behavior:           http://bugs.php.net/fix.php?id=34310&r=notwrong
Not enough info:             
http://bugs.php.net/fix.php?id=34310&r=notenoughinfo
Submitted twice:             
http://bugs.php.net/fix.php?id=34310&r=submittedtwice
register_globals:            http://bugs.php.net/fix.php?id=34310&r=globals
PHP 3 support discontinued:  http://bugs.php.net/fix.php?id=34310&r=php3
Daylight Savings:            http://bugs.php.net/fix.php?id=34310&r=dst
IIS Stability:               http://bugs.php.net/fix.php?id=34310&r=isapi
Install GNU Sed:             http://bugs.php.net/fix.php?id=34310&r=gnused
Floating point limitations:  http://bugs.php.net/fix.php?id=34310&r=float
No Zend Extensions:          http://bugs.php.net/fix.php?id=34310&r=nozend
MySQL Configuration Error:   http://bugs.php.net/fix.php?id=34310&r=mysqlcfg

Reply via email to