PHP :: Bug #18930 :: foreach() causes httpd child to segfault

Bug #18930

foreach() causes httpd child to segfault

Submitted:

2002-08-15 19:30 UTC

Modified:

2002-10-24 15:39 UTC

Votes:	1
Avg. Score:	4.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

tolli at tol dot li

Assigned:

Status:

Closed

Package:

Scripting Engine problem

PHP Version:

4.2.2

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

[2002-08-15 19:30 UTC] tolli at tol dot li

Trying to assign key and value to the same 
variable with foreach leads to a segmentation 
fault of the httpd child processing the request 
(using apxs): 
 
foreach ($arr as $s => $s) 
 
./configure --with-apxs=/var/apache/bin/apxs  
--with-pgsql=/usr/include/pgsql --without-mysql  
--with-gd  
 
Apache 1.3.26 compiled with loadable modules 
support. 
 
  
Apache error log shows:  
[Thu Aug 15 23:20:02 2002] [notice] child pid  
1918 exit signal Segmentation fault (11)  
[Thu Aug 15 23:20:02 2002] [notice] child pid  
1910 exit signal Segmentation fault (11)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-08-15 19:51 UTC] kalowsky@php.net

Unable to reproduce on OSX, or FreeBSD 4.6.  Check your local install agian please.

[2002-08-15 19:55 UTC] kalowsky@php.net

re-opening, seems I checked the wrong logfile on FreeBSD.  It does occur there as well.

[2002-08-15 21:36 UTC] rasmus@php.net

Unable to reproduce here.  Could you provide the shortest possible script that reproduces this?

[2002-08-15 21:37 UTC] rasmus@php.net

Oh, my script was:

  $a = array(1,2,3);
  foreach($a as $s=>$s);

tested with current CVS.

[2002-08-15 21:47 UTC] kalowsky@php.net

Crashes here on OSX and FreeBSD with latest CVS.

Try using the $_SERVER variables as your array.

[2002-08-17 00:12 UTC] kalowsky@php.net

marking as open

[2002-08-19 09:59 UTC] nohn@php.net

Could NOT reproduce on SuSE 7.3/Apache 1.3.26/PHP 4.2.2

Configure:

'./configure' '--prefix=/usr/share' '--datadir=/usr/share/php' '--bindir=/usr/bin' '--libdir=/usr/share' '--with-config-file-path=/etc' '--with-exec-dir=/usr/lib/php/bin' '--with-mysql=/usr/local/mysql-3.23.49a' '--with-gd=yes' '--enable-gd-native-ttf' '--enable-gd-imgstrttf' '--with-tiff-dir=/usr' '--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--with-xpm-dir=/usr/X11R6' '--with-ldap=yes' '--with-zlib=yes' '--with-bz2' '--with-gmp' '--with-xml' '--with-ttf' '--with-mcal=/usr' '--with-imap=yes' '--with-ftp' '--with-mcrypt' '--with-gettext' '--with-mm' '--enable-versioning' '--enable-trans-sid' '--enable-inline-optimization' '--enable-track-vars' '--enable-magic-quotes' '--enable-safe-mode' '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-shmop' '--enable-ftp' '--enable-wddx' '--with-imap-ssl' '--with-mnogosearch=/usr/local/mnogosearch' '--with-pgsql=/usr' '--enable-memory-limit=yes' '--with-apxs=/usr/sbin/apxs' '--with-ming=/usr' '--with-pdflib=/usr/local'

Could also not verify with latest php 4.3-dev on that same machine (CLI Build)

[2002-08-19 10:03 UTC] nohn@php.net

Could neither reproduce with with php4-latest and php4-latest-stable (CLI) on CompaqTru64/Alpha

[2002-08-19 10:16 UTC] ilia at prohost dot org

Linux 2.4.19 PHP 4.3.0-dev (20020819)

php -r ' foreach($_SERVER as $s => $s ); '

Resulted in:

/home/rei/php4/Zend/zend_hash.c(1056) :  Freeing 0x0827AAB4 (6 bytes), script=-
Last leak repeated 47 times
/home/rei/php4/Zend/zend_execute.c(2310) :  Freeing 0x0827AA74 (12 bytes), script=-
Last leak repeated 47 times

No segmentation fault, however a whole bunch of memory leaks.

[2002-08-19 10:31 UTC] nohn@php.net

http://nohn.net/lalafarm/php_foreach_strace.txt

[2002-10-24 15:39 UTC] iliaa@php.net

This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

The crash is gone. The remaining memory leaks are the result of a recursive reference to the $s variable.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Nov 29 23:00:01 2025 UTC