From: pumuckel at metropolis dot de
Operating system: Linux
PHP version: 5CVS-2006-03-07 (snap)
PHP Bug Type: Scripting Engine problem
Bug description: __get and foreach / Segfaults
Description:
------------
Hello,
we currently monitor segmentation faults on all of our production and
development servers running php 5.0.5 and 5.1.2 which leads to a complete
application failure.
We traced down the problem to be associated with a foreach loop over an
array return by __get method within a class.
The segmentation fault occurs randomly either while shutting down php
module (while cleaning up memory) or just within the application after the
foreach loop.
Using the current snapshot the problem can be reproduced visually (without
segfaults) as follows: See Reproduce code
I think the foreach within the X function in conjunction with the $bar
variable is freeing $t->errors array, which in fact is wrong behaviour.
Using $bar var as input for the foreach makes the application working,
too.
Note that this small application does not segfault, but when executing
some (a lot) just before and after that code sniplet it almost always
leads to a crash here.
Who is able to look at that and provide a patch?
Thank you,
Mike
Reproduce code:
---------------
<?
class Foo {
private $data = array("errors" => array(1, 2, 3));
function __get($x) {
return $this->data[$x];
}
}
$t = new Foo();
var_dump($t);
function X(Foo $t) { // when using the foreach within a function the
error gets triggered
// following 2 lines have to be enabled to see the bug.
$bar = $t->errors; // not using this line makes the script working.
foreach($t->errors as $foo); // not using this line also makes the
script working.
}
X($t);
var_dump($t);
?>
Expected result:
----------------
object(Foo)#4 (1) {
["data:private"]=>
array(1) {
["errors"]=>
array(3) {
[0]=>
int(1)
[1]=>
int(2)
[2]=>
int(3)
}
}
}
object(Foo)#4 (1) {
["data:private"]=>
array(1) {
["errors"]=>
array(3) {
[0]=>
int(1)
[1]=>
int(2)
[2]=>
int(3)
}
}
}
Actual result:
--------------
object(Foo)#4 (1) {
["data:private"]=>
array(1) {
["errors"]=>
array(3) {
[0]=>
int(1)
[1]=>
int(2)
[2]=>
int(3)
}
}
}
object(Foo)#4 (1) {
["data:private"]=>
array(1) {
["errors"]=>
NULL
}
}
--
Edit bug report at http://bugs.php.net/?id=36647&edit=1
--
Try a CVS snapshot (PHP 4.4):
http://bugs.php.net/fix.php?id=36647&r=trysnapshot44
Try a CVS snapshot (PHP 5.1):
http://bugs.php.net/fix.php?id=36647&r=trysnapshot51
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=36647&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=36647&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=36647&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=36647&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=36647&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=36647&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=36647&r=support
Expected behavior: http://bugs.php.net/fix.php?id=36647&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=36647&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=36647&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=36647&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=36647&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=36647&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=36647&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=36647&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=36647&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=36647&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=36647&r=mysqlcfg
