php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #16068 array_shft() core dump. problem similart to #16063
Submitted: 2002-03-14 09:35 UTC Modified: 2002-08-08 10:53 UTC
From: ahristov at icygen dot com Assigned: rodif_bl (profile)
Status: Closed Package: Arrays related
PHP Version: 4.3.0-dev OS: RH 7.3
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2002-03-14 09:35 UTC] ahristov at icygen dot com 
<?php
array_shift($GLOBALS);
?>
A second or two runtime and then core dump.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-03-14 09:37 UTC] derick@php.net 
To properly diagnose this bug, we need a backtrace to see what is
happening behind the scenes. To find out how to generate a backtrace,
please read http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open".
 [2002-03-14 09:53 UTC] ahristov at icygen dot com 
Here it is:

bash-2.04$ gdb ../php core 
GNU gdb 5.0rh-5 Red Hat Linux 7.1
Copyright 2001 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
Core was generated by `../php shift.php'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libpam.so.0...done.
Loaded symbols for /lib/libpam.so.0
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
L
 [2002-03-14 09:53 UTC] ahristov at icygen dot com 
Here it is:

bash-2.04$ gdb ../php core 
GNU gdb 5.0rh-5 Red Hat Linux 7.1
Copyright 2001 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
Core was generated by `../php shift.php'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libpam.so.0...done.
Loaded symbols for /lib/libpam.so.0
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
#0  0x40130e49 in free () from /lib/libc.so.6
(gdb) bt
#0  0x40130e49 in free () from /lib/libc.so.6
#1  0x080bdfd8 in _efree (ptr=0x8122a08) at /usr/samba/users/andy/412dev/php4-200203140300/Zend/zend_alloc.c:246
#2  0x0805c528 in _phpi_pop (ht=1, return_value=0x81494c4, this_ptr=0x0, return_value_used=0, off_the_end=0)
    at /usr/samba/users/andy/412dev/php4-200203140300/ext/standard/array.c:1642
#3  0x0805c56d in zif_array_shift (ht=1, return_value=0x81494c4, this_ptr=0x0, return_value_used=0)
    at /usr/samba/users/andy/412dev/php4-200203140300/ext/standard/array.c:1661
#4  0x080d5ec7 in execute (op_array=0x8149624) at /usr/samba/users/andy/412dev/php4-200203140300/Zend/zend_execute.c:1598
#5  0x080ca71a in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/samba/users/andy/412dev/php4-200203140300/Zend/zend.c:810
#6  0x080b03c1 in php_execute_script (primary_file=0xbffffb00) at /usr/samba/users/andy/412dev/php4-200203140300/main/main.c:1381
#7  0x080dae24 in main (argc=2, argv=0xbffffba4) at /usr/samba/users/andy/412dev/php4-200203140300/sapi/cgi/cgi_main.c:1011
#8  0x400cd237 in __libc_start_main () from /lib/libc.so.6
(gdb)
 [2002-03-19 04:31 UTC] ahristov at icygen dot com 
Changing from Feedback to Open
 [2002-07-03 21:44 UTC] eru@php.net 
Confirmed.

#0  0x404a598f in memcpy () from /lib/libc.so.6
#1  0x081c3122 in _mem_block_check (ptr=0x8261dac, silent=0, __zend_filename=0x8213360 "/usr/local/src/php4/ext/standard/array.c", 
    __zend_lineno=1692, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/local/src/php4/Zend/zend_alloc.c:623
#2  0x081c30e5 in _mem_block_check (ptr=0x8261dac, silent=1, __zend_filename=0x8213360 "/usr/local/src/php4/ext/standard/array.c", 
    __zend_lineno=1692, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/local/src/php4/Zend/zend_alloc.c:615
#3  0x081c23cc in _efree (ptr=0x8261dac, __zend_filename=0x8213360 "/usr/local/src/php4/ext/standard/array.c", __zend_lineno=1692, 
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/local/src/php4/Zend/zend_alloc.c:213
#4  0x08118a9f in _phpi_pop (ht=1, return_value=0x82ab6fc, this_ptr=0x0, return_value_used=0, off_the_end=0)
    at /usr/local/src/php4/ext/standard/array.c:1692
#5  0x08118af4 in zif_array_shift (ht=1, return_value=0x82ab6fc, this_ptr=0x0, return_value_used=0)
    at /usr/local/src/php4/ext/standard/array.c:1711
#6  0x081e77c9 in execute (op_array=0x82ac25c) at /usr/local/src/php4/Zend/zend_execute.c:1587
#7  0x081d6000 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/src/php4/Zend/zend.c:810
#8  0x081a2e06 in php_execute_script (primary_file=0xbffffa80) at /usr/local/src/php4/main/main.c:1388
#9  0x081ed87e in main (argc=2, argv=0xbffffb24) at /usr/local/src/php4/sapi/cli/php_cli.c:674
#10 0x404411c4 in __libc_start_main () from /lib/libc.so.6
 [2002-07-29 09:26 UTC] nohn@php.net 
Verified this on Compaq Tru64/Alpha (CLI, 4.3.0-dev) and Solaris 7/Sparc (Apache, 4.2.0)
 [2002-07-30 19:28 UTC] rodif_bl@php.net 
This bug has been fixed in CVS. You can grab a snapshot of the
CVS version at http://snaps.php.net/. In case this was a documentation 
problem, the fix will show up soon at http://www.php.net/manual/.
In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites.
Thank you for the report, and for helping us make PHP better.
 [2002-07-31 09:58 UTC] sniper@php.net 
But unfortunately the fix for this problem broke the original behaviour of array_shift()...
 [2002-08-08 10:53 UTC] kalowsky@php.net 
This bug has been fixed in CVS. You can grab a snapshot of the
CVS version at http://snaps.php.net/. In case this was a documentation 
problem, the fix will show up soon at http://www.php.net/manual/.
In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites.
Thank you for the report, and for helping us make PHP better.

The fix was fixed. :)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun May 19 12:01:30 2024 UTC