|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2003-09-01 06:47 UTC] sniper@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sat Jul 12 11:01:32 2025 UTC |
Description: ------------ It appears that repeated calls to a str_replace with a complex array as the subject of replacement, causes php to crash. Thanks, Curt Reproduce code: --------------- // Demo 1 class foo { function foo() { reset($GLOBALS); while (list($k, $v) = each($GLOBALS)) { @$GLOB[$k] = $v; } $val = str_replace('$', 'asdf', $GLOB); } } $foo = new foo(); $foo1 = new foo(); $foo2 = new foo(); // Demo 2 // Will issue a bunch of 'php in free(): warning: chunk is already free' // After enough of str_replace's it segfaults while (list($k, $v) = each($GLOBALS)) { @$GLOB[$k] = $v; } $val = str_replace('$', 'asdf', $GLOB); $val = str_replace('$', 'asdf', $GLOB); /* ... repeat till segfault ... */ Actual result: -------------- back trace 1: Program received signal SIGSEGV, Segmentation fault. 0x813dd34 in zend_hash_index_update_or_next_insert (ht=0x81fe2ec, h=0, pData=0xbfbfcb98, nDataSize=4, pDest=0xbfbfcbe0, flag=1) at /usr/home/curt/source/php-4.3.3/Zend/zend_hash.c:387 387 p = ht->arBuckets[nIndex]; (gdb) bt #0 0x813dd34 in zend_hash_index_update_or_next_insert (ht=0x81fe2ec, h=0, pData=0xbfbfcb98, nDataSize=4, pDest=0xbfbfcbe0, flag=1) at /usr/home/curt/source/php-4.3.3/Zend/zend_hash.c:387 #1 0x813c13f in add_get_index_stringl (arg=0x81fe98c, index=0, str=0x81fe2ec "argc", length=4, dest=0xbfbfcbe0, duplicate=0) at /usr/home/curt/source/php-4.3.3/Zend/zend_API.c:917 #2 0x8140af0 in zif_each (ht=1, return_value=0x81fe98c, this_ptr=0x0, return_value_used=1) at /usr/home/curt/source/php-4.3.3/Zend/zend_builtin_functions.c:378 #3 0x814bc5c in execute (op_array=0x822740c) at /usr/home/curt/source/php-4.3.3/Zend/zend_execute.c:1618 #4 0x814bdd6 in execute (op_array=0x820398c) at /usr/home/curt/source/php-4.3.3/Zend/zend_execute.c:1660 #5 0x814bdd6 in execute (op_array=0x820088c) at /usr/home/curt/source/php-4.3.3/Zend/zend_execute.c:1660 #6 0x813a1d6 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/home/curt/source/php-4.3.3/Zend/zend.c:885 #7 0x8112351 in php_execute_script (primary_file=0xbfbff6d8) at /usr/home/curt/source/php-4.3.3/main/main.c:1723 #8 0x815368e in main (argc=2, argv=0xbfbff740) at /usr/home/curt/source/php-4.3.3/sapi/cli/php_cli.c:818 #9 0x8062595 in _start () Backtrace 2: Program received signal SIGSEGV, Segmentation fault. 0x8130075 in zend_do_qm_true (true_value=0x81ff78c, qm_token=0xbfbfd80c, colon_token=0x81bebec) at /usr/home/curt/source/php-4.3.3/Zend/zend_compile.c:2352 2352 CG(active_op_array)->opcodes[qm_token->u.opline_num].op2.u.opline_num = get_next_op_number(CG(active_op_array))+1; /* (gdb) bt #0 0x8130075 in zend_do_qm_true (true_value=0x81ff78c, qm_token=0xbfbfd80c, colon_token=0x81bebec) at /usr/home/curt/source/php-4.3.3/Zend/zend_compile.c:2352 #1 0x8138c36 in _zval_dtor (zvalue=0x81fe8ec) at /usr/home/curt/source/php-4.3.3/Zend/zend_variables.c:51 #2 0x8149401 in execute (op_array=0x820088c) at /usr/home/curt/source/php-4.3.3/Zend/zend_execute.c:470 #3 0x813a1d6 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/home/curt/source/php-4.3.3/Zend/zend.c:885 #4 0x8112351 in php_execute_script (primary_file=0xbfbff6d4) at /usr/home/curt/source/php-4.3.3/main/main.c:1723 #5 0x815368e in main (argc=2, argv=0xbfbff73c) at /usr/home/curt/source/php-4.3.3/sapi/cli/php_cli.c:818 #6 0x8062595 in _start ()