php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #56804 segfault: SPL and ArrayAccess
Submitted: 2006-01-26 16:39 UTC Modified: 2006-02-24 10:47 UTC
From: pecl at cainlevy dot net Assigned: rasmus (profile)
Status: Closed Package: APC (PECL)
PHP Version: 5.1.1 OS: Debian Sarge
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: pecl at cainlevy dot net
New email:
PHP Version: OS:

 

 [2006-01-26 16:39 UTC] pecl at cainlevy dot net 
Description:
------------
PHP: 5.1.2 from dotdeb.org (this isn't an option in the <select>)
Apache: 1.3.33
APC: 3.0.8
OS: Debian Sarge

Whenever I load my sample page for the second time (after caching), Apache segfaults. The problem appears to be related to the instanceof operator and/or the ArrayAccess interface.

The problem only appears when I instantiate sg2, which must extend sg2 and must be included from a separate file. Then when using the ArrayAccess interface on the resulting sg2 object, Apache segfaults.

Reproduce code:
---------------
file: page.html
--------------------
<?
class sg1 implements ArrayAccess
{
  protected $row = array();

  public function __construct($row)
  {
    $this->row = $row;
  }

  public function offsetUnset($index) {}
  public function offsetExists($index) {}
  public function offsetSet($index, $value) {}
  public function offsetGet($index)
  {
    return $this->row[$index];
  }
}
require_once 'sg2.php';

$sg2 = new sg2(array('title' => 'foobar'));
$title = $sg2['title'];
?>

file: sg2.php
--------------------
<?
class sg2 extends sg1 {}
?>

Expected result:
----------------
The page should finish loading every time.

Actual result:
--------------
On the second load (after the page is cached) Apache segfaults. GDB backtrace as follows:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 32216)]
0x407446f0 in instanceof_function_ex () from /usr/lib/apache/1.3/libphp5.so
(gdb) bt
#0  0x407446f0 in instanceof_function_ex () from /usr/lib/apache/1.3/libphp5.so
#1  0x4074478c in instanceof_function () from /usr/lib/apache/1.3/libphp5.so
#2  0x40744748 in instanceof_function_ex () from /usr/lib/apache/1.3/libphp5.so
#3  0x4075ef1e in zend_std_read_dimension ()
   from /usr/lib/apache/1.3/libphp5.so
#4  0x40762053 in zend_get_compiled_variable_value ()
   from /usr/lib/apache/1.3/libphp5.so
#5  0x407a4f2f in execute () from /usr/lib/apache/1.3/libphp5.so
#6  0x407626f8 in execute () from /usr/lib/apache/1.3/libphp5.so
#7  0x4074791a in zend_execute_scripts () from /usr/lib/apache/1.3/libphp5.so
#8  0x40708aef in php_execute_script () from /usr/lib/apache/1.3/libphp5.so
#9  0x407c524e in apache_php_module_main () from /usr/lib/apache/1.3/libphp5.so
#10 0x407c5e6c in apache_php_module_main () from /usr/lib/apache/1.3/libphp5.so
#11 0x407c6021 in apache_php_module_main () from /usr/lib/apache/1.3/libphp5.so
#12 0x080553c3 in ap_invoke_handler ()
#13 0x08068465 in ap_some_auth_required ()
#14 0x08068614 in ap_process_request ()
#15 0x08060bd2 in ap_child_terminate ()
#16 0x08060e9a in ap_child_terminate ()
#17 0x08060f10 in ap_child_terminate ()
#18 0x08061a9a in ap_child_terminate ()
#19 0x08061ff8 in main ()

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-02-24 10:47 UTC] rasmus@php.net 
This should be fixed in CVS now.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Jul 03 00:01:35 2025 UTC