|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #29929 array_walk_recursive unusable in mod_php
Submitted: 2004-09-01 10:25 UTC Modified: 2010-12-20 10:26 UTC
Avg. Score:4.6 ± 0.5
Reproduced:8 of 8 (100.0%)
Same Version:5 (62.5%)
Same OS:1 (12.5%)
From: jr at terragate dot net Assigned: jani (profile)
Status: Closed Package: Arrays related
PHP Version: 5.0.1 OS: Gentoo Linux 1.4
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: jr at terragate dot net
New email:
PHP Version: OS:


 [2004-09-01 10:25 UTC] jr at terragate dot net
An Apache child (1.3.x and 2.0.x prefork) crashes if a call to array_walk_recursive has been made in a previous request.

For this reason this bug isn't reproduceable with php-cgi nor  php-cli.

To reliably reproduce this bug run apache (with mod_php) in single process mode (-X) to be sure that the same process will serve the two requests and request the given page twice (or any other php page as second request). 

PHP configure:

'./configure' '--prefix=/usr' '--host=i686-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--with-apxs=/usr/sbin/apxs' '--with-config-file-path=/etc/php/apache1-php5' '--without-pear' '--disable-bcmath' '--without-bz2' '--disable-calendar' '--without-jpeg-dir' '--without-cpdflib' '--disable-ctype' '--without-curl' '--without-curlwrappers' '--disable-dbase' '--disable-dio' '--disable-exif' '--without-fam' '--without-fbsql' '--without-fdftk' '--disable-filepro' '--disable-ftp' '--with-gettext' '--without-gmp' '--without-hwapi' '--without-iconv' '--without-informix' '--without-ingres' '--without-interbase' '--enable-mbstring' '--with-mcrypt' '--without-openssl-dir' '--without-mcve' '--disable-memory-limit' '--without-mhash' '--without-mime-magic' '--without-ming' '--without-mnogosearch' '--without-msql' '--without-mssql' '--with-ncurses' '--without-oci8' '--without-oracle' '--with-openssl' '--without-ovrimos' '--enable-pcntl' '--without-pfpro' '--without-pgsql' '--with-pspell' '--without-recode' '--disable-simplexml' '--disable-shmop' '--without-snmp' '--disable-soap' '--disable-sockets' '--disable-spl' '--without-sybase' '--without-sybase-ct' '--disable-sysvmsg' '--disable-sysvsem' '--disable-sysvshm' '--without-tidy' '--disable-tokenizer' '--disable-wddx' '--without-xsl' '--without-xmlrpc' '--disable-yp' '--with-zlib' '--without-cdb' '--with-db4' '--without-dbm' '--without-flatfile' '--with-gdbm' '--without-inifile' '--without-qdbm' '--with-freetype-dir=/usr' '--with-t1lib=/usr' '--enable-gd-jis-conf' '--enable-gd-native-ttf' '--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--with-tiff-dir=/usr' '--without-xpm-dir' '--with-gd' '--with-ldap' '--without-ldap-sasl' '--with-mysql' '--with-mysql-sock=/var/run/mysqld/mysqld.sock' '--without-mm' '--without-msession' '--without-sqlite' '--enable-dba' '--with-readline' '--without-libedit'

Reproduce code:

function process_value($key, $value)
  // nothing done here

$nested_array = array('foo' => array('bar' => 'baz'));

array_walk_recursive($nested_array, 'process_value');


Expected result:
No Segmentation fault

Actual result:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 15154)]
0x00000006 in ?? ()
(gdb) bt
#0  0x00000006 in ?? ()
#1  0x4062404f in zend_call_function (fci=0xbfffcd60, fci_cache=0x4083458c)
    at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/Zend/zend_execute_API.c:853
#2  0x4056dfa0 in php_array_walk (target_hash=0x81724ac, userdata=0x0, recursive=1)
    at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/ext/standard/array.c:1045
#3  0x4056de86 in php_array_walk (target_hash=0x81725fc, userdata=0x0, recursive=1)
    at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/ext/standard/array.c:1019
#4  0x4056e3f7 in zif_array_walk_recursive (ht=2, return_value=0x81725b4, this_ptr=0x0,
    return_value_used=0) at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/ext/standard/array.c:1135
#5  0x40651739 in execute_internal (execute_data_ptr=0xbfffd030, return_value_used=0)
    at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/Zend/zend_execute.c:1347
#6  0x4083f0ba in apd_execute_internal (execute_data_ptr=0x6, return_value_used=6)
    at /tmp/tmphGEKR6/apd-1.0/php_apd.c:538
#7  0x406552f1 in zend_do_fcall_common_helper (execute_data=0xbfffd030, opline=0x8176acc,
    op_array=0x81723b4) at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/Zend/zend_execute.c:2710
#8  0x406559ad in zend_do_fcall_handler (execute_data=0xbfffd030, opline=0x8176acc, op_array=0x81723b4)
    at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/Zend/zend_execute.c:2840
#9  0x406518da in execute (op_array=0x81723b4)
    at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/Zend/zend_execute.c:1400
#10 0x4083f01a in apd_execute (op_array=0x81723b4) at /tmp/tmphGEKR6/apd-1.0/php_apd.c:518
#11 0x4062f5ac in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/Zend/zend.c:1061
#12 0x405eaf14 in php_execute_script (primary_file=0xbffff3e0)
    at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/main/main.c:1627
#13 0x4065d18e in apache_php_module_main (r=0x8161d28, display_source_mode=0)
    at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/sapi/apache/sapi_apache.c:54
#14 0x4065e123 in send_php (r=0x8161d28, display_source_mode=0,
    filename=0x8163e30 "/var/www/localhost/htdocs/crash.php")
    at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/sapi/apache/mod_php5.c:622
#15 0x4065e1a8 in send_parsed_php (r=0x8161d28)
    at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/sapi/apache/mod_php5.c:637
#16 0x0805595a in ap_invoke_handler (r=0x8161d28) at http_config.c:475
#17 0x0806c403 in process_request_internal (r=0x8161d28) at http_request.c:1289
#18 0x0806c460 in ap_process_request (r=0x8161d28) at http_request.c:1305
#19 0x08062ccb in child_main (child_num_arg=0) at http_main.c:4873
#20 0x08062e9a in make_child (s=0x80990b0, slot=0, now=1094026044) at http_main.c:4997
#21 0x08063023 in startup_children (number_to_start=4) at http_main.c:5079
#22 0x08063738 in standalone_main (argc=2, argv=0xbffff894) at http_main.c:5401
#23 0x08063ffe in main (argc=2, argv=0xbffff894) at http_main.c:5758


Pull Requests


AllCommentsChangesGit/SVN commitsRelated reports
 [2004-09-25 23:52 UTC] stv at seznam dot cz
Same problem with apache 1.3.31 with php 5.0.1 or 5.0.2 as module on Win2000.

 [2004-12-13 15:33 UTC] jeremias at terragate dot net
IMHO this bug is serious and should block 5.0.3 
May anyone confirm this bug please.
 [2004-12-17 15:23 UTC] no at email dot com
I can confirm it. Running PHP 5.0.2 and Apache 2.0.x
 [2005-01-13 01:10 UTC]
Please try using this CVS snapshot:
For Windows:

I can't reproduce it with current CVS snapshot.
 [2005-01-17 15:48 UTC] jr at terragate dot net
Seems to be fixed with todays snapshot

Thanks for the hint
 [2010-12-20 10:26 UTC]
-Package: Tidy +Package: Arrays related -Assigned To: +Assigned To: jani
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Sep 28 23:01:27 2024 UTC