From: [EMAIL PROTECTED]
Operating system: SuSE7.0
PHP version: 4.0.6
PHP Bug Type: Scripting Engine problem
Bug description: SEPARATE_ZVAL_TO_MAKE_IS_REF doesn't like 0x0
function &erm($key) {
return @$arr[$key];
}
$foo = erm('foo');
$bar = erm('bar');
(gdb) run bug3.php
Starting program: /usr/local/bin/php bug3.php
Program received signal SIGSEGV, Segmentation fault.
0x80a29e9 in execute (op_array=0x81d3348) at ./zend_execute.c:1592
1592 SEPARATE_ZVAL_TO_MAKE_IS_REF(retval_ptr_ptr);
(gdb) p retval_ptr_ptr
$1 = (zval **) 0x0
(gdb) bt
#0 0x80a29e9 in execute (op_array=0x81d3348) at ./zend_execute.c:1592
#1 0x80a26a8 in execute (op_array=0x81cdf5c) at ./zend_execute.c:1544
#2 0x8097234 in zend_execute_scripts (type=8, file_count=3) at
zend.c:752
#3 0x8065b4f in php_execute_script (primary_file=0xbffff694) at
main.c:1206
#4 0x8061173 in main (argc=2, argv=0xbffff724) at cgi_main.c:718
(gdb) list
1587 (opline->op1.op_type != IS_CONST) &&
1588 (opline->op1.op_type != IS_TMP_VAR)) {
1589
1590 retval_ptr_ptr = get_zval_ptr_ptr(&opline->op1, Ts, BP_VAR_W);
1591
1592 SEPARATE_ZVAL_TO_MAKE_IS_REF(retval_ptr_ptr);
1593
1594 (*retval_ptr_ptr)->refcount++;
1595 (*EG(return_value_ptr_ptr)) = (*retval_ptr_ptr);
1596 } else {
notice that the second call [ erm('bar')] actually trigger the segfault.
patch: I dunno, Zeev somebody? :)
--
Edit bug report at: http://bugs.php.net/?id=11970&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
