ID: 12776
Updated by: rasmus
Reported By: [EMAIL PROTECTED]
Old Status: Closed
Status: Open
Bug Type: Reproducible crash
Operating System: Linux
PHP Version: 4.0.6
New Comment:
Oops, never mind, it is not fixed in CVS. It just morphed slightly.
Previous Comments:
------------------------------------------------------------------------
[2001-08-16 17:18:35] [EMAIL PROTECTED]
Looks like it is fixed in CVS
------------------------------------------------------------------------
[2001-08-15 19:07:20] [EMAIL PROTECTED]
In both PHP 4.0.2, 4.0.6 and 4.0.7RC1:
The following code crashes PHP:
<?php
function test($val,$key)
{
global $globalArray;
$globalArray[]=$key; // this will end up crashing
// $globalArray[]=(string)$key; // this will end up OK
print "val: $val; key: $key\n"; flush();
}
$arr=array('k'=>'v');
array_walk($arr,'test');
// This will crash:
print "First value: ".$globalArray[0];
// This will not crash, but give the wrong
// result, and the final "done" will never be
// printed:
// print "First value: "; print $globalArray[0];
print "\nDone\n";
?>
It doesn't matter if the code is run from PHP as an Apache module or command-line PHP.
Operating systems tested: RH Linux 6.1, RH Linux Rawhide (i.e. cutting-edge Red Hat
developer-version).
A GDB back-trace on the latter, using command-line PHP:
GNU gdb 5.0rh-5 Red Hat Linux 7.1
Copyright 2001 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
Core was generated by `/home/troels/local-php/bin/php simple.php'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libpam.so.0...done.
Loaded symbols for /lib/libpam.so.0
Reading symbols from /lib/i686/libm.so.6...done.
Loaded symbols for /lib/i686/libm.so.6
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/i686/libc.so.6...done.
Loaded symbols for /lib/i686/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
#0 0x400de721 in __kill () from /lib/i686/libc.so.6
(gdb) bt
#0 0x400de721 in __kill () from /lib/i686/libc.so.6
#1 0x080a4976 in _emalloc (size=1515870824, __zend_filename=0x80f349d
"zend_operators.c",
__zend_lineno=1043, __zend_orig_filename=0x0, __zend_orig_lineno=0) at
zend_alloc.c:173
#2 0x080b039e in concat_function (result=0xbfffe324, op1=0x813853c, op2=0xbfffe210)
at zend_operators.c:1043
#3 0x080cd63b in execute (op_array=0x81340e4) at ./zend_execute.c:1105
#4 0x080b37fe in zend_execute_scripts (type=8, file_count=3) at zend.c:806
#5 0x0805b0c4 in php_execute_script (primary_file=0xbffff760) at main.c:1308
#6 0x0805911e in main (argc=2, argv=0xbffff804) at cgi_main.c:737
#7 0x400cc6b7 in __libc_start_main (main=0x80588d0 <main>, argc=2, ubp_av=0xbffff804,
init=0x80576a4 <_init>, fini=0x80d52f0 <_fini>, rtld_fini=0x4000db64 <_dl_fini>,
stack_end=0xbffff7fc) at ../sysdeps/generic/libc-start.c:129(gdb)
The above back-trace was created from a core-file generated by PHP 4.0.7RC1. The
"config.nice" from the build:
#! /bin/sh
#
# Created by configure
'./configure' \
'--prefix=/home/troels/local-php' \
'--without-mysql' \
'--disable-xml' \
'--disable-session' \
'--enable-debug' \
'--without-pcre-regex' \
"$@"
------------------------------------------------------------------------
Edit this bug report at http://bugs.php.net/?id=12776&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
