To properly diagnose this bug, we need a backtrace to see what is
happening behind the scenes. To find out how to generate a backtrace,
please read http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open".

Here it is :

bash-2.04$ ../php pop.php
Segmentation fault (core dumped)
bash-2.04$ gdb ../php core
GNU gdb 5.0rh-5 Red Hat Linux 7.1
Copyright 2001 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
Core was generated by `../php pop.php'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libpam.so.0...done.
Loaded symbols for /lib/libpam.so.0
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
#0  0x40130e49 in free () from /lib/libc.so.6
(gdb) bt
#0  0x40130e49 in free () from /lib/libc.so.6
#1  0x080bdfd8 in _efree (ptr=0x8122a08) at /usr/samba/users/andy/412dev/php4-200203140300/Zend/zend_alloc.c:246
#2  0x0805c528 in _phpi_pop (ht=1, return_value=0x81494b4, this_ptr=0x0, return_value_used=0, off_the_end=1)
    at /usr/samba/users/andy/412dev/php4-200203140300/ext/standard/array.c:1642
#3  0x0805c551 in zif_array_pop (ht=1, return_value=0x81494b4, this_ptr=0x0, return_value_used=0)
    at /usr/samba/users/andy/412dev/php4-200203140300/ext/standard/array.c:1652
#4  0x080d5ec7 in execute (op_array=0x8149614) at /usr/samba/users/andy/412dev/php4-200203140300/Zend/zend_execute.c:1598
#5  0x080ca71a in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/samba/users/andy/412dev/php4-200203140300/Zend/zend.c:810
#6  0x080b03c1 in php_execute_script (primary_file=0xbffffb00) at /usr/samba/users/andy/412dev/php4-200203140300/main/main.c:1381
#7  0x080dae24 in main (argc=2, argv=0xbffffba4) at /usr/samba/users/andy/412dev/php4-200203140300/sapi/cgi/cgi_main.c:1011
#8  0x400cd237 in __libc_start_main () from /lib/libc.so.6
(gdb)

May someone change the status of this bug from Feedback to Open. I forgot the password.

Thank you for taking the time to report a problem with PHP.
Unfortunately your are not using a current version of PHP -- 
the problem might already be fixed. Please download a new
PHP version from http://www.php.net/downloads.php

If you are able to reproduce the bug with one of the latest
versions of PHP, please change the PHP version on this bug report
to the version you tested and change the status back to "Open".
Again, thank you for your continued support of PHP.

Did it myself on my Linux-box with the CLI:

#0  0x404a598f in memcpy () from /lib/libc.so.6
#1  0x081c3122 in _mem_block_check (ptr=0x8261dac, silent=0, __zend_filename=0x8213360 "/usr/local/src/php4/ext/standard/array.c", 
    __zend_lineno=1692, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/local/src/php4/Zend/zend_alloc.c:623
#2  0x081c30e5 in _mem_block_check (ptr=0x8261dac, silent=1, __zend_filename=0x8213360 "/usr/local/src/php4/ext/standard/array.c", 
    __zend_lineno=1692, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/local/src/php4/Zend/zend_alloc.c:615
#3  0x081c23cc in _efree (ptr=0x8261dac, __zend_filename=0x8213360 "/usr/local/src/php4/ext/standard/array.c", __zend_lineno=1692, 
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/local/src/php4/Zend/zend_alloc.c:213
#4  0x08118a9f in _phpi_pop (ht=1, return_value=0x82ab6fc, this_ptr=0x0, return_value_used=0, off_the_end=1)
    at /usr/local/src/php4/ext/standard/array.c:1692
#5  0x08118ad0 in zif_array_pop (ht=1, return_value=0x82ab6fc, this_ptr=0x0, return_value_used=0)
    at /usr/local/src/php4/ext/standard/array.c:1702
#6  0x081e77c9 in execute (op_array=0x82ac25c) at /usr/local/src/php4/Zend/zend_execute.c:1587
#7  0x081d6000 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/src/php4/Zend/zend.c:810
#8  0x081a2e06 in php_execute_script (primary_file=0xbffffa80) at /usr/local/src/php4/main/main.c:1388
#9  0x081ed87e in main (argc=2, argv=0xbffffb24) at /usr/local/src/php4/sapi/cli/php_cli.c:674
#10 0x404411c4 in __libc_start_main () from /lib/libc.so.6

Verfied this with 4.3.0-dev on Compaq Tru64 / Alpha (CLI) and PHP 4.2.0 on Solaris 7 / Sparc (Apache)

This bug has been fixed in CVS. You can grab a snapshot of the
CVS version at http://snaps.php.net/. In case this was a documentation 
problem, the fix will show up soon at http://www.php.net/manual/.
In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites.
Thank you for the report, and for helping us make PHP better.