Description:
------------
Hi,
After execution of 5.2.6 phpt's I discovered a seg fault that occurs in array_udiff_assoc on second request (we have a tool that executes each phpt 3 times. all zend extensions were disabled).

Tested with apache module.

To reproduce:
use apache bench on the script from Reproduce code section (this is phpt: ext/standard/tests/array/array_udiff_assoc_basic.phpt) as follows:
ab -c10 -n10000 [script url]

This is reproduced on 5.2.5 as well and was also tested on lampp. Reproduced everywhere.


Reproduce code:
---------------
<?php
/*
* proto array array_udiff_assoc ( array $array1, array $array2 [, array $ ..., callback $data_compare_func] )
* Function is implemented in ext/standard/array.c
*/
class cr {
    private $priv_member;
    function cr($val) {
        $this->priv_member = $val;
    }
    static function comp_func_cr($a, $b) {
        if ($a->priv_member === $b->priv_member) return 0;
        return ($a->priv_member > $b->priv_member) ? 1 : -1;
    }
}
$a = array("0.1" => new cr(9), "0.5" => new cr(12), 0 => new cr(23), 1 => new cr(4), 2 => new cr(-15),);
$b = array("0.2" => new cr(9), "0.5" => new cr(22), 0 => new cr(3), 1 => new cr(4), 2 => new cr(-15),);
$result = array_udiff_assoc($a, $b, array("cr", "comp_func_cr"));
var_dump($result);
?>

Expected result:
----------------
array\(3\) \{
  \["0\.1"\]\=\>
  object\(cr\)#[0-9]+ \(1\) \{
    \["priv_member\:private"\]\=\>
    int\(9\)
  \}
  \["0\.5"\]\=\>
  object\(cr\)#[0-9]+ \(1\) \{
    \["priv_member\:private"\]\=\>
    int\(12\)
  \}
  \[0\]\=\>
  object\(cr\)#[0-9]+ \(1\) \{
    \["priv_member\:private"\]\=\>
    int\(23\)
  \}
\}

Actual result:
--------------
Fatal error: Non-static method (null)::1() cannot be called statically in
/var/www/php-5.2.6/ext/standard/tests/array/array_udiff_assoc_basic.php on line 18.
************************************************************************
gdb output:
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1216059728 (LWP 29528)]
0xb7c0d583 in strlen () from /lib/tls/i686/cmov/libc.so.6
(gdb) bt
0 0xb7c0d583 in strlen () from /lib/tls/i686/cmov/libc.so.6
1 0xb74da70a in vspprintf (pbuf=0xbfd49e28, max_len=1024, format=<value optimized out>, ap=0xbfd49ed8 "") at /php-5.2.6/main/spprintf.c:550
2 0xb74d7b7a in php_error_cb (type=1, error_filename=0x8360540 "/var/www/tests/1.php", error_lineno=18,
    format=0xb779af4c "Non-static method %s::%s() cannot be called statically", args=0xbfd49ed8 "") at /php-5.2.6/main/main.c:799
3 0xb751d257 in zend_error (type=1, format=0xb779af4c "Non-static method %s::%s() cannot be called statically") at /php-5.2.6/Zend/zend.c:976
4 0xb7510b0f in zend_call_function (fci=0xbfd49fdc, fci_cache=0xb781f810) at /php-5.2.6/Zend/zend_execute_API.c:991
5 0xb74620f7 in zval_user_compare (a=0x836459c, b=0x8364b2c) at /php-5.2.6/ext/standard/array.c:2943
6 0xb745dadb in php_array_diff_key (ht=<value optimized out>, return_value=0x83605f4, return_value_ptr=<value optimized out>, this_ptr=0x0,
    return_value_used=1, data_compare_type=1) at /php-5.2.6/ext/standard/array.c:3509
7 0xb754d98f in zend_do_fcall_common_helper_SPEC (execute_data=0xbfd4a4cc) at /php-5.2.6/Zend/zend_vm_execute.h:200
8 0xb753cff8 in execute (op_array=0x83602f4) at /php-5.2.6/Zend/zend_vm_execute.h:92
9 0xb751bfe3 in zend_execute_scripts (type=8, retval=<value optimized out>, file_count=3) at /php-5.2.6/Zend/zend.c:1134
10 0xb74d5312 in php_execute_script (primary_file=0xbfd4c788) at /php-5.2.6/main/main.c:2005
11 0xb75a36ab in php_handler (r=0x839ffa8) at /php-5.2.6/sapi/apache2handler/sapi_apache2.c:629
12 0x08079259 in ap_run_handler ()
13 0x0807c5b7 in ap_invoke_handler ()
14 0x08089998 in ap_process_request ()
15 0x08086c9b in ?? ()
16 0x0839ffa8 in ?? ()
17 0x00000004 in ?? ()
18 0x0839ffa8 in ?? ()
19 0x00000000 in ?? ()