Public bug reported: Test script -----------
spl_fixed_array.php: <?php for ($i = 0; $i != 10000; ++$i) { fprintf(STDERR, "$i\n"); $array = new SplFixedArray(1); $array->offsetSet(0, array($array)); } ?> Running ------- php spl_fixed_array.php Expected result --------------- The script terminates normally or PHP handles memory limit exhaustion error (depending on configuration). Actual result ------------- 1 2 ... 4997 4998 4999 Segmentation fault Backtrace --------- Program received signal SIGSEGV, Segmentation fault. spl_fixedarray_object_get_properties (obj=0x156fcc8) at /build/buildd/php5-5.3.6/Zend/zend.h:381 381 /build/buildd/php5-5.3.6/Zend/zend.h: No such file or directory. in /build/buildd/php5-5.3.6/Zend/zend.h (gdb) bt #0 spl_fixedarray_object_get_properties (obj=0x156fcc8) at /build/buildd/php5-5.3.6/Zend/zend.h:381 #1 0x00000000006b4563 in zval_scan_black (pz=0x156fcc8) at /build/buildd/php5-5.3.6/Zend/zend_gc.c:285 #2 0x00000000006b47f5 in zval_scan (pz=0x156fcc8) at /build/buildd/php5-5.3.6/Zend/zend_gc.c:453 #3 0x00000000006b4bbe in gc_collect_cycles () at /build/buildd/php5-5.3.6/Zend/zend_gc.c:537 #4 0x00000000006b5244 in gc_zval_possible_root (zv=0x156fcc8) at /build/buildd/php5-5.3.6/Zend/zend_gc.c:166 #5 0x000000000070bfef in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7ebc068) at /build/buildd/php5-5.3.6/Zend/zend_execute.h:318 #6 0x00000000006bd51b in execute (op_array=0x104c3d0) at /build/buildd/php5-5.3.6/Zend/zend_vm_execute.h:107 #7 0x00007ffff4be28b5 in xdebug_execute (op_array=0x104c3d0) at /build/buildd/xdebug-2.1.0/build-php5/xdebug.c:1272 #8 0x0000000000698b70 in zend_execute_scripts (type=0, retval=0x800000000, file_count=3) at /build/buildd/php5-5.3.6/Zend/zend.c:1266 #9 0x0000000000645913 in php_execute_script (primary_file=0x7ffff5c40e56) at /build/buildd/php5-5.3.6/main/main.c:2297 #10 0x000000000042c53e in main (argc=32767, argv=0x7fffffffdf36) at /build/buildd/php5-5.3.6/sapi/cli/php_cli.c:1197 (gdb) p *obj $1 = {value = {lval = 0, dval = 0, str = {val = 0x0, len = 0}, ht = 0x0, obj = {handle = 0, handlers = 0x0}}, refcount__gc = 0, type = 0 '\000', is_ref__gc = 0 '\000'} Version ------- php --version output: PHP 5.3.6-13ubuntu3.6 with Suhosin-Patch (cli) (built: Feb 11 2012 03:26:01) Copyright (c) 1997-2011 The PHP Group Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies with Xdebug v2.1.0, Copyright (c) 2002-2010, by Derick Rethans apt-cache policy php5 output: php5: Installed: (none) Candidate: 5.3.6-13ubuntu3.6 Version table: 5.3.6-13ubuntu3.6 0 500 http://hu.archive.ubuntu.com/ubuntu/ oneiric-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu/ oneiric-security/main amd64 Packages 5.3.6-13ubuntu3.1 0 500 http://hu.archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages lsb_release -rd output: Description: Ubuntu 11.10 Release: 11.10 file /usr/bin/php5 output: /usr/bin/php5: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.15, stripped Reproduction with vanilla PHP ----------------------------- Manually built current stable release of PHP downloaded from http://php.net. The issue seemed to be not reproducable. Version: PHP 5.4.0 (cli) (built: Apr 17 2012 22:23:57) Copyright (c) 1997-2012 The PHP Group Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies ** Affects: php5 (Ubuntu) Importance: Undecided Status: New ** Tags: crash php segfault spl splfixedarray -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/984381 Title: PHP 5.3.6-13ubuntu3.6 with Suhosin-Patch crashes when using SPLFixedArray built-in class To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/984381/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs