PHP :: Bug #34400 :: array_filter() still crashes with references and objects

Bug #34400	array_filter() still crashes with references and objects
Submitted:	2005-09-07 03:34 UTC	Modified:	2005-09-07 12:44 UTC
From:	andreas dot ettner at freenet dot de	Assigned:
Status:	Not a bug	Package:	Arrays related
PHP Version:	4CVS-2005-09-07 (snap)	OS:	GNU/Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	andreas dot ettner at freenet dot de
New email:
PHP Version:		OS:

New Comment:

[2005-09-07 03:34 UTC] andreas dot ettner at freenet dot de

Description:
------------
PHP crashes with a segmentation fault when executing the provided code. The provided backtrace of a crash was generated with the CGI program of the PHP 4.4.1-dev snapshot built on Sep 06, 2005 18:44 GMT.  It has been configured with

'./configure' '--prefix=/home/eta/data/php4-STABLE-200509061844' '--enable-debug',

and compiled and run on a Debian GNU/Linux system with GCC version 3.3.5 and GNU C Library version 2.3.2.  In this setup PHP crashed on every invocation.

This problem is closely related to bug #34277.  The provided code is a slight variation of the code sample given in the former bug report.


Reproduce code:
---------------
The code is unfortunately a bit long.  It can be found at http://people.freenet.de/aettner/crash-2.txt


Expected result:
----------------
No output (CGI version invoked with -q flag)

Actual result:
--------------
Segmentation fault (core dumped)

Backtrace generated with gdb:

Using host libthread_db library "/lib/libthread_db.so.1".
Core was generated by `php -q crash-2.txt'.
Program terminated with signal 11, Segmentation fault.
#0  0x08168a28 in call_user_function_ex (function_table=0x81efd90, 
    object_pp=0x0, function_name=0x80000020, retval_ptr_ptr=0xbfffca40, 
    param_count=1, params=0xbfffca44, no_separation=0, symbol_table=0x0)
    at /home/eta/data/src-php4-STABLE-200509061844/Zend/zend_execute_API.c:443
443		if (function_name->type==IS_ARRAY) { /* assume array($obj, $name) couple */
#0  0x08168a28 in call_user_function_ex (function_table=0x81efd90, 
    object_pp=0x0, function_name=0x80000020, retval_ptr_ptr=0xbfffca40, 
    param_count=1, params=0xbfffca44, no_separation=0, symbol_table=0x0)
    at /home/eta/data/src-php4-STABLE-200509061844/Zend/zend_execute_API.c:443
#1  0x080b321e in zif_array_filter (ht=2, return_value=0x822268c, 
    this_ptr=0x0, return_value_used=1)
    at /home/eta/data/src-php4-STABLE-200509061844/ext/standard/array.c:3360
#2  0x08186d5b in execute (op_array=0x8225f10)
    at /home/eta/data/src-php4-STABLE-200509061844/Zend/zend_execute.c:1675
#3  0x08186f87 in execute (op_array=0x8227640)
    at /home/eta/data/src-php4-STABLE-200509061844/Zend/zend_execute.c:1719
#4  0x08186f87 in execute (op_array=0x8227790)
    at /home/eta/data/src-php4-STABLE-200509061844/Zend/zend_execute.c:1719
#5  0x08186f87 in execute (op_array=0x82278e0)
    at /home/eta/data/src-php4-STABLE-200509061844/Zend/zend_execute.c:1719
#6  0x08186f87 in execute (op_array=0x8227a30)
    at /home/eta/data/src-php4-STABLE-200509061844/Zend/zend_execute.c:1719
#7  0x08186f87 in execute (op_array=0x821dff4)
    at /home/eta/data/src-php4-STABLE-200509061844/Zend/zend_execute.c:1719
#8  0x08172c78 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/eta/data/src-php4-STABLE-200509061844/Zend/zend.c:938
#9  0x0813c99b in php_execute_script (primary_file=0xbffff9e0)
    at /home/eta/data/src-php4-STABLE-200509061844/main/main.c:1743
#10 0x0818dc24 in main (argc=3, argv=0xbffffa94)
    at /home/eta/data/src-php4-STABLE-200509061844/sapi/cgi/cgi_main.c:1606

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-09-07 12:44 UTC] sniper@php.net

No duplicate reports, please. I reopened the original one.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Jul 12 05:01:33 2025 UTC