php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #24658 class hints with array_walk() causing crash
Submitted: 2003-07-15 01:09 UTC Modified: 2003-08-04 03:46 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: eric at cosky dot com Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 5CVS-20030718 OS: irrelevant
Private report: No CVE-ID: None
View Developer Edit
 [2003-07-15 01:09 UTC] eric at cosky dot com 
Description:
------------
The following code crashes my install of PHP from July 13, 2003. Removing the class hint in BoomWalker eliminates the crash.

Reproduce code:
---------------
class SomeClass {}
class CrashClass {
	function Boom()
	{
		$a = array( 0,1,2 );
		array_walk(&$a, "BoomWalker", &$this);
	}
}
function BoomWalker(SomeClass &$arrayItem, &$key, &$crashObj) {}
$c = new CrashClass;
$c->Boom();


Expected result:
----------------
Nothing.

Actual result:
--------------
System alert for PHP crashing.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-07-18 00:08 UTC] sniper@php.net 
Backtrace:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (runnable)]
0x817b4fc in zend_assign_to_variable_reference (result=0x4029dee0, variable_ptr_ptr=0x4029a940, 
    value_ptr_ptr=0x4028f9d8, Ts=0x0) at /usr/src/web/php/php5/Zend/zend_execute.c:238
238                     T(result->u.var).var.ptr_ptr = variable_ptr_ptr;
(gdb) bt
#0  0x817b4fc in zend_assign_to_variable_reference (result=0x4029dee0, variable_ptr_ptr=0x4029a940, 
    value_ptr_ptr=0x4028f9d8, Ts=0x0) at /usr/src/web/php/php5/Zend/zend_execute.c:238
#1  0x8197be9 in zend_recv_handler (execute_data=0xbfffccec, op_array=0x8244858)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2988
#2  0x817e77e in execute (op_array=0x8244858) at /usr/src/web/php/php5/Zend/zend_execute.c:1194
#3  0x815c0f1 in fast_call_user_function (function_table=0x81e9c78, object_pp=0x0, function_name=0x4029cec4, 
    retval_ptr_ptr=0xbfffce44, param_count=3, params=0xbfffce5c, no_separation=0, symbol_table=0x0, 
    function_pointer=0x81e516c) at /usr/src/web/php/php5/Zend/zend_execute_API.c:693
#4  0x80cc434 in php_array_walk (target_hash=0x4029cd1c, userdata=0x4028f9cc, recursive=0)
    at /usr/src/web/php/php5/ext/standard/array.c:990
#5  0x80cc5ff in zif_array_walk (ht=3, return_value=0x4029cf24, this_ptr=0x0, return_value_used=0)
    at /usr/src/web/php/php5/ext/standard/array.c:1045
#6  0x8195cdf in zend_do_fcall_common_helper (execute_data=0xbfffd03c, op_array=0x4029dc84)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2634
#7  0x8196384 in zend_do_fcall_handler (execute_data=0xbfffd03c, op_array=0x4029dc84)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2763
#8  0x817e77e in execute (op_array=0x4029dc84) at /usr/src/web/php/php5/Zend/zend_execute.c:1194
#9  0x8195dd1 in zend_do_fcall_common_helper (execute_data=0xbfffd28c, op_array=0x4029a8b4)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2661
#10 0x8196128 in zend_do_fcall_by_name_handler (execute_data=0xbfffd28c, op_array=0x4029a8b4)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2732
#11 0x817e77e in execute (op_array=0x4029a8b4) at /usr/src/web/php/php5/Zend/zend_execute.c:1194
#12 0x816589f in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/web/php/php5/Zend/zend.c:1017
#13 0x8133255 in php_execute_script (primary_file=0xbffff628) at /usr/src/web/php/php5/main/main.c:1695
#14 0x81a1614 in main (argc=2, argv=0xbffff694) at /usr/src/web/php/php5/sapi/cli/php_cli.c:910
#15 0x401b19cb in __libc_start_main (main=0x81a099c <main>, argc=2, argv=0xbffff694, init=0x806a744 <_init>, 
    fini=0x81a1fe4 <_fini>, rtld_fini=0x4000aea0 <_dl_fini>, stack_end=0xbffff68c)
    at ../sysdeps/generic/libc-start.c:92
 [2003-08-04 03:46 UTC] zeev@php.net 
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Feb 16 14:01:31 2025 UTC