php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #13093 A garbage collection error with an array
Submitted: 2001-09-01 20:33 UTC Modified: 2002-01-27 05:19 UTC
From: pinhole at inebraska dot com Assigned:
Status: No Feedback Package: Reproducible crash
PHP Version: 4.0.6 OS: Linux RedHat 7.0
Private report: No CVE-ID: None
 [2001-09-01 20:33 UTC] pinhole at inebraska dot com
<?
  $token['not'] = '?';
  $token['or'] = 'V';
  $token['and'] = '^';
  $token['xor'] = 'x';

  $statement = "A^BVC";

  function parse($statement)
  {
    global $token;
    for($i = 0; $i < strlen($statement); $i++)
    {
      $c = substr($statement, $i, 1);
      if($c == $token['and'] || $c == $token['or'] || $c == $token['xor'])
      {
        if(!$a) echo "Error: $c requires 2 arguments<br>\n";
        else if($a && $b)
        {
          $a[$o][a] = $a;
          $a[$o][b] = $b;
          unset($b);
        }
        $o = $c;
      }
      else
      {
        if($o)
          $b .= $c;
        else
          $a .= $c;
      }
    }
    if($a && $o && $b)
    {
      $ret[$o][a] = $a;
      $ret[$o][b] = $b;
    }
    else
    {
      echo "Error: missing statement<br>\n";
    }
    return $ret;
  }

  function aview($var)
  {
    while(list($key, $val) = each($var))
    {
      echo $key;
      if(is_array($val))
        aview($val);
      else
        echo $val;      
    }
  }

  $parse_tree = parse($statement);

//  aview($parse_tree);
?>

My machine is compiled with:
./configure --with-mysql=/usr/local --with-gd
The php binary is copied to /bin

It also has php built as a shared apache module
(--with-apxs=/www/bin/apxs)

It crashes on both.

I ftp'd the file to 2 of our production servers.  One has php/apache installed from RPM's the other is built from source.

It crashes with or without the aview function. If you put an
echo "hello";
at the very end, it crashes after printing hello.

here is the gdb backtrace:

#0  chunk_free (ar_ptr=0x40202d40, p=0x8173a30) at malloc.c:3049
#1  0x4016df9a in __libc_free (mem=0x8173a38) at malloc.c:3023
#2  0x80c51c9 in _efree (ptr=0x8173a44) at zend_alloc.c:232
#3  0x80c55e8 in shutdown_memory_manager (silent=0, clean_cache=0)
    at zend_alloc.c:437
#4  0x805e8a9 in php_request_shutdown (dummy=0x0) at main.c:667
#5  0x805d9fa in main (argc=2, argv=0xbffffb94) at cgi_main.c:751

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-01-06 07:41 UTC] sander@php.net
Does this problem still occur with 4.1.1 and/or the latest CVS?
If so, can you track down the problem to a shorter script?
 [2002-01-27 05:19 UTC] sander@php.net
No feedback.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Dec 04 00:01:32 2024 UTC