php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #29929 array_walk_recursive unusable in mod_php
Submitted: 2004-09-01 10:25 UTC Modified: 2010-12-20 10:26 UTC
Votes:8
Avg. Score:4.6 ± 0.5
Reproduced:8 of 8 (100.0%)
Same Version:5 (62.5%)
Same OS:1 (12.5%)
From: jr at terragate dot net Assigned: jani (profile)
Status: Closed Package: Arrays related
PHP Version: 5.0.1 OS: Gentoo Linux 1.4
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: jr at terragate dot net
New email:
PHP Version: OS:

 

 [2004-09-01 10:25 UTC] jr at terragate dot net 
Description:
------------
An Apache child (1.3.x and 2.0.x prefork) crashes if a call to array_walk_recursive has been made in a previous request.

For this reason this bug isn't reproduceable with php-cgi nor  php-cli.

To reliably reproduce this bug run apache (with mod_php) in single process mode (-X) to be sure that the same process will serve the two requests and request the given page twice (or any other php page as second request). 

PHP configure:

'./configure' '--prefix=/usr' '--host=i686-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--with-apxs=/usr/sbin/apxs' '--with-config-file-path=/etc/php/apache1-php5' '--without-pear' '--disable-bcmath' '--without-bz2' '--disable-calendar' '--without-jpeg-dir' '--without-cpdflib' '--disable-ctype' '--without-curl' '--without-curlwrappers' '--disable-dbase' '--disable-dio' '--disable-exif' '--without-fam' '--without-fbsql' '--without-fdftk' '--disable-filepro' '--disable-ftp' '--with-gettext' '--without-gmp' '--without-hwapi' '--without-iconv' '--without-informix' '--without-ingres' '--without-interbase' '--enable-mbstring' '--with-mcrypt' '--without-openssl-dir' '--without-mcve' '--disable-memory-limit' '--without-mhash' '--without-mime-magic' '--without-ming' '--without-mnogosearch' '--without-msql' '--without-mssql' '--with-ncurses' '--without-oci8' '--without-oracle' '--with-openssl' '--without-ovrimos' '--enable-pcntl' '--without-pfpro' '--without-pgsql' '--with-pspell' '--without-recode' '--disable-simplexml' '--disable-shmop' '--without-snmp' '--disable-soap' '--disable-sockets' '--disable-spl' '--without-sybase' '--without-sybase-ct' '--disable-sysvmsg' '--disable-sysvsem' '--disable-sysvshm' '--without-tidy' '--disable-tokenizer' '--disable-wddx' '--without-xsl' '--without-xmlrpc' '--disable-yp' '--with-zlib' '--without-cdb' '--with-db4' '--without-dbm' '--without-flatfile' '--with-gdbm' '--without-inifile' '--without-qdbm' '--with-freetype-dir=/usr' '--with-t1lib=/usr' '--enable-gd-jis-conf' '--enable-gd-native-ttf' '--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--with-tiff-dir=/usr' '--without-xpm-dir' '--with-gd' '--with-ldap' '--without-ldap-sasl' '--with-mysql' '--with-mysql-sock=/var/run/mysqld/mysqld.sock' '--without-mm' '--without-msession' '--without-sqlite' '--enable-dba' '--with-readline' '--without-libedit'

Reproduce code:
---------------
<?php

function process_value($key, $value)
{
  // nothing done here
}

$nested_array = array('foo' => array('bar' => 'baz'));

array_walk_recursive($nested_array, 'process_value');

?>

Expected result:
----------------
No Segmentation fault

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 15154)]
0x00000006 in ?? ()
(gdb) bt
#0  0x00000006 in ?? ()
#1  0x4062404f in zend_call_function (fci=0xbfffcd60, fci_cache=0x4083458c)
    at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/Zend/zend_execute_API.c:853
#2  0x4056dfa0 in php_array_walk (target_hash=0x81724ac, userdata=0x0, recursive=1)
    at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/ext/standard/array.c:1045
#3  0x4056de86 in php_array_walk (target_hash=0x81725fc, userdata=0x0, recursive=1)
    at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/ext/standard/array.c:1019
#4  0x4056e3f7 in zif_array_walk_recursive (ht=2, return_value=0x81725b4, this_ptr=0x0,
    return_value_used=0) at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/ext/standard/array.c:1135
#5  0x40651739 in execute_internal (execute_data_ptr=0xbfffd030, return_value_used=0)
    at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/Zend/zend_execute.c:1347
#6  0x4083f0ba in apd_execute_internal (execute_data_ptr=0x6, return_value_used=6)
    at /tmp/tmphGEKR6/apd-1.0/php_apd.c:538
#7  0x406552f1 in zend_do_fcall_common_helper (execute_data=0xbfffd030, opline=0x8176acc,
    op_array=0x81723b4) at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/Zend/zend_execute.c:2710
#8  0x406559ad in zend_do_fcall_handler (execute_data=0xbfffd030, opline=0x8176acc, op_array=0x81723b4)
    at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/Zend/zend_execute.c:2840
#9  0x406518da in execute (op_array=0x81723b4)
    at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/Zend/zend_execute.c:1400
#10 0x4083f01a in apd_execute (op_array=0x81723b4) at /tmp/tmphGEKR6/apd-1.0/php_apd.c:518
#11 0x4062f5ac in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/Zend/zend.c:1061
#12 0x405eaf14 in php_execute_script (primary_file=0xbffff3e0)
    at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/main/main.c:1627
#13 0x4065d18e in apache_php_module_main (r=0x8161d28, display_source_mode=0)
    at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/sapi/apache/sapi_apache.c:54
#14 0x4065e123 in send_php (r=0x8161d28, display_source_mode=0,
    filename=0x8163e30 "/var/www/localhost/htdocs/crash.php")
    at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/sapi/apache/mod_php5.c:622
#15 0x4065e1a8 in send_parsed_php (r=0x8161d28)
    at /var/tmp/portage/mod_php-5.0.1/work/php-5.0.1/sapi/apache/mod_php5.c:637
#16 0x0805595a in ap_invoke_handler (r=0x8161d28) at http_config.c:475
#17 0x0806c403 in process_request_internal (r=0x8161d28) at http_request.c:1289
#18 0x0806c460 in ap_process_request (r=0x8161d28) at http_request.c:1305
#19 0x08062ccb in child_main (child_num_arg=0) at http_main.c:4873
#20 0x08062e9a in make_child (s=0x80990b0, slot=0, now=1094026044) at http_main.c:4997
#21 0x08063023 in startup_children (number_to_start=4) at http_main.c:5079
#22 0x08063738 in standalone_main (argc=2, argv=0xbffff894) at http_main.c:5401
#23 0x08063ffe in main (argc=2, argv=0xbffff894) at http_main.c:5758

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-09-25 23:52 UTC] stv at seznam dot cz 
Same problem with apache 1.3.31 with php 5.0.1 or 5.0.2 as module on Win2000.

Vasek
 [2004-12-13 15:33 UTC] jeremias at terragate dot net 
IMHO this bug is serious and should block 5.0.3 
 
May anyone confirm this bug please.
 [2004-12-17 15:23 UTC] no at email dot com 
I can confirm it. Running PHP 5.0.2 and Apache 2.0.x
 [2005-01-13 01:10 UTC] tony2001@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.0-win32-latest.zip

I can't reproduce it with current CVS snapshot.
 [2005-01-17 15:48 UTC] jr at terragate dot net 
Seems to be fixed with todays snapshot

Thanks for the hint
 [2010-12-20 10:26 UTC] jani@php.net
-Package: Tidy +Package: Arrays related -Assigned To: +Assigned To: jani
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Jul 03 15:01:34 2025 UTC