ID: 35229
Updated by: [EMAIL PROTECTED]
Reported By: segv74 at gmail dot com
-Status: Open
+Status: Feedback
Bug Type: Reproducible crash
Operating System: linux
PHP Version: 5CVS-2005-11-15 (snap)
New Comment:
So increase your stack?
Previous Comments:
------------------------------------------------------------------------
[2005-11-15 17:48:20] segv74 at gmail dot com
Description:
------------
call_user_func() can be creahed when argument_stack in executor_globals
is nearly full and callback function is autoloaded after
call_user_func() is called.
in PHP_FUNCTION(call_user_func),
it saves params from argument_stack, and calls zend_is_callable().
so, if zend_is_callable() calls __autoload() and __autoload() uses
function calls heavily, argument_stack in executor_globals is
realloced(zend_stack.c:173).
in this case, saved params should be rewritten by newly alloced one.
Reproduce code:
---------------
=== test.php ===
<?
function __autoload($class)
{
include 'test1.php';
call_user_func(array('test1', 'use_stack'),
1,2,3,4,5,6,7,8,9,10,
11,12,13,14,15,16,17,18,19,20,
21,22,23,24,25,26,27,28,29,30,
31,32,33,34,35,36,37,38,39,40
);
}
call_user_func(array('test1', 'use_stack'),
1,2,3,4,5,6,7,8,9,10,
11,12,13,14,15,16,17,18,19,20,
21,22,23,24,25,26,27,28,29,30,
31,32,33,34,35,36,37,38,39,40
);
== test1.php ==
<?
class test1
{
function use_stack($a1,$a2,$a3,$a4,$a5,$a6,$a7,$a8,$a9,$a10,
$a11,$a12,$a13,$a14,$a15,$a16,$a17,$a18,$a19,$a20,
$a21,$a22,$a23,$a24,$a25,$a26,$a27,$a28,$a29,$a30,
$a31,$a32,$a33,$a34,$a35,$a36,$a37,$a38,$a39,$a40)
{
echo "OK\n";
}
}
Expected result:
----------------
OK
Actual result:
--------------
OK
Segmentation fault (core dumped)
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=35229&edit=1
