ID: 41691 Updated by: [EMAIL PROTECTED] Reported By: killgec at gmail dot com -Status: Open +Status: Assigned Bug Type: SPL related Operating System: winXP PHP Version: 5.2.3 -Assigned To: +Assigned To: helly New Comment:
Marcus, please take a look at it. It seems to be easy to fix, but I don't quite understand the code, so I can only guess. The patch should look either like this: http://dev.daylessday.org/diff/bug41691_1.diff or like this: http://dev.daylessday.org/diff/bug41691_2.diff and I tend to think the latter is better. Previous Comments: ------------------------------------------------------------------------ [2007-06-16 11:01:46] judas dot iscariote at gmail dot com Yup, it crashes Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 47885183253760 (LWP 9176)] 0x000000000072c50c in zend_object_store_get_object (zobject=0xc81970) at /home/cristian/php5/Zend/zend_objects_API.c:255 255 return EG(objects_store).object_buckets[handle].bucket.obj.object; (gdb) bt full #0 0x000000000072c50c in zend_object_store_get_object (zobject=0xc81970) at /home/cristian/php5/Zend/zend_objects_API.c:255 handle = 13113824 #1 0x0000000000581522 in spl_array_get_hash_table (intern=0xc80bf0, check_std_props=0) at /home/cristian/php5/ext/spl/spl_array.c:76 other = (spl_array_object *) 0x800000048 #2 0x0000000000584035 in spl_array_rewind (intern=0xc80bf0) at /home/cristian/php5/ext/spl/spl_array.c:829 aht = (HashTable *) 0xc80c08 #3 0x00000000005849b7 in zim_spl_Array_exchangeArray (ht=1, return_value=0xc820c8, return_value_ptr=0x0, this_ptr=0xc7fdf8, return_value_used=0) at /home/cristian/php5/ext/spl/spl_array.c:1063 object = (zval *) 0xc7fdf8 tmp = (zval *) 0x0 array = (zval **) 0xc67a80 intern = (spl_array_object *) 0xc80bf0 #4 0x000000000072ea64 in zend_do_fcall_common_helper_SPEC (execute_data=0x7fff88edf210) at /home/cristian/php5/Zend/zend_vm_execute.h:200 return_reference = 0 '\0' opline = (zend_op *) 0xc814c0 original_return_value = (zval **) 0xc81970 current_scope = (zend_class_entry *) 0x0 current_this = (zval *) 0x0 return_value_used = 0 should_change_scope = 1 '\001' ctor_opline = (zend_op *) 0x111088edefb0 #5 0x000000000072f931 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x7fff88edf210) at /home/cristian/php5/Zend/zend_vm_execute.h:322 No locals. #6 0x000000000072e4ac in execute (op_array=0xc80ab0) at /home/cristian/php5/Zend/zend_vm_execute.h:92 execute_data = {opline = 0xc814c0, function_state = {function_symbol_table = 0xc81bf8, function = 0xc86d98, reserved = {0x63006d4ae9, 0x836ec0, 0xc80bf0, 0x7fff88edf280}}, fbc = 0xc86d98, op_array = 0xc80ab0, object = 0xc7fdf8, Ts = 0x7fff88edf020, CVs = 0x7fff88edf000, original_in_execution = 0 '\0', symbol_table = 0xad7c68, prev_execute_data = 0x0, old_error_reporting = 0x0} #7 0x0000000000704794 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/cristian/php5/Zend/zend.c:1134 ---Type <return> to continue, or q <return> to quit--- files = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fff88edf420, reg_save_area = 0x7fff88edf360}} i = 1 file_handle = (zend_file_handle *) 0x7fff88ee1840 orig_op_array = (zend_op_array *) 0x0 orig_retval_ptr_ptr = (zval **) 0x0 local_retval = (zval *) 0x0 #8 0x00000000006a45aa in php_execute_script (primary_file=0x7fff88ee1840) at /home/cristian/php5/main/main.c:1852 realfile = "/home/cristian/arr.php\000\000g�p\000\000\000\000\000rpl_query_type\000\000�\006\000\000�\177\000\000g�p\000\000\000\000\000rpl_probe\000\203\000\000\000\000\000�\006\000\000\000\000\000\000�\006�\210\017\000\000\000rpl_parse_enabled\000\000\000\000\000\000\000\b{\203\000\000\000\000\000�\006\000\000�\177\000\000g�p\000\000\000\000\000rollback\000{\203\000\000\000\000\000�\006\000\000�\177\000\000g�p\000\000\000\000\000real_query\000\000\000\000\000\000�\006\000\000�\177\000\000"... __orig_bailout = (jmp_buf *) 0x7fff88ee16f0 __bailout = {{__jmpbuf = {47885158587360, -68790275682680777, 0, 140735490693760, 0, 0, -68790275682786761, -68710249578982193}, __mask_was_saved = 0, __saved_mask = { __val = {0, 0, 47885156425589, 1, 0, 140733193389738, 7388775, 47885177639976, 47885158587360, 140735490688352, 47885156447202, 47885181017424, 8496384, 11427264, 7406588, 47885181015904}}}} prepend_file_p = (zend_file_handle *) 0x0 append_file_p = (zend_file_handle *) 0x0 prepend_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0, closer = 0, fteller = 0, interactive = 0}}, free_filename = 0 '\0'} append_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0, closer = 0, fteller = 0, interactive = 0}}, free_filename = 0 '\0'} old_cwd = 0x7fff88edf440 "" retval = 0 #9 0x000000000078b7e6 in main (argc=2, argv=0x7fff88ee1a88) at /home/cristian/php5/sapi/cli/php_cli.c:1151 __orig_bailout = (jmp_buf *) 0x0 __bailout = {{__jmpbuf = {47885158587360, -68790275682676809, 0, 140735490693760, 0, 0, -68790275682680793, -68710249578071107}, __mask_was_saved = 0, __saved_mask = { __val = {47885156409919, 0, 47885183250696, 1, 0, 1, 0, 0, 0, 47885183253760, 47885158590016, 140735490693144, 4294967296, 47885181039472, 140735490693248, 47885181038592}}}} exit_status = 0 ---Type <return> to continue, or q <return> to quit--- c = -1 file_handle = {type = 2 '\002', filename = 0x7fff88ee2fcc "arr.php", opened_path = 0x0, handle = {fd = 13256160, fp = 0xca45e0, stream = {handle = 0xca45e0, reader = 0x71e994 <zend_stream_stdio_reader>, closer = 0x71e9c0 <zend_stream_stdio_closer>, fteller = 0x71e9ea <zend_stream_stdio_fteller>, interactive = 0}}, free_filename = 0 '\0'} behavior = 1 reflection_what = 0x0 orig_optind = 1 orig_optarg = 0x0 arg_free = 0x7fff88ee2fcc "arr.php" arg_excp = (char **) 0x7fff88ee1a90 script_file = 0x7fff88ee2fcc "arr.php" interactive = 0 module_started = 1 request_started = 1 lineno = 1 exec_direct = 0x0 exec_run = 0x0 exec_begin = 0x0 exec_end = 0x0 param_error = 0x0 hide_argv = 0 ini_entries_len = 110 ------------------------------------------------------------------------ [2007-06-14 14:57:08] killgec at gmail dot com Description: ------------ I use a descendant of ArrayObject to have public properties quickly transformed to and back an array. So this object is an ArrayObject initiated with itself. Then Apache hangs when I try to load an array into the props by exchangeArray(). Apache says "child process exited with status 3221225477 -- Restarting." Maybe I'm misusing ArrayObject, but I think it shouldn't hang Apache in any case. (Anyway, is there any howto or sg for ArrayObject beyond the reference?) THX! Reproduce code: --------------- class A extends ArrayObject { public function __construct($dummy, $flags) { parent::__construct($this, $flags); } public $a; public $b; public $c; } $a = new A(null, ArrayObject::ARRAY_AS_PROPS ); $a->exchangeArray(array('a'=>1,'b'=>1,'c'=>1)); Expected result: ---------------- Array loaded or error or exception. Actual result: -------------- Apache restarts. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=41691&edit=1
