PHP :: Bug #16072 :: compact() causes core dump

Bug #16072	compact() causes core dump
Submitted:	2002-03-14 10:11 UTC	Modified:	2002-06-07 06:45 UTC
From:	ahristov at icygen dot com	Assigned:
Status:	Closed	Package:	Arrays related
PHP Version:	4.0CVS-2002-03-14	OS:	RH 7.1
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2002-03-14 10:11 UTC] ahristov at icygen dot com

<?php
compact($GLOBALS);
?>

Backtrace :

bash-2.04$ gdb ../php core
GNU gdb 5.0rh-5 Red Hat Linux 7.1
Copyright 2001 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
Core was generated by `../php compact.php'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libpam.so.0...done.
Loaded symbols for /lib/libpam.so.0
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
#0  0x400e26fd in __strtol_internal () from /lib/libc.so.6
(gdb) bt
#0  0x400e26fd in __strtol_internal () from /lib/libc.so.6
#1  0x080ce4a5 in zend_hash_find (ht=0x8122a08, arKey=0x8148124 "1", nKeyLength=2, pData=0xbf800088) at /usr/include/stdlib.h:303
#2  0x0805baa2 in php_compact_var (eg_active_symbol_table=0x8122a08, return_value=0x8149504, entry=0x814813c)
    at /usr/samba/users/andy/412dev/php4-200203140300/ext/standard/array.c:1286
#3  0x0805bb31 in php_compact_var (eg_active_symbol_table=0x8122a08, return_value=0x8149504, entry=0x8147bdc)
    at /usr/samba/users/andy/412dev/php4-200203140300/ext/standard/array.c:1305
#4  0x0805bb31 in php_compact_var (eg_active_symbol_table=0x8122a08, return_value=0x8149504, entry=0x8149484)
    at /usr/samba/users/andy/412dev/php4-200203140300/ext/standard/array.c:1305
#5  0x0805bb31 in php_compact_var (eg_active_symbol_table=0x8122a08, return_value=0x8149504, entry=0x8149484)
    at /usr/samba/users/andy/412dev/php4-200203140300/ext/standard/array.c:1305
#6  0x0805bb31 in php_compact_var (eg_active_symbol_table=0x8122a08, return_value=0x8149504, entry=0x8149484)

and so on ... i 've been hitting enter to #58292
but there is more. 
About 10-15 seconds is needed for the script to crash PHP.

Not only $GLOBALS related because
<?php
$a=array(1,array(2));
$a[1][1]=&$a;
compact($a);
?>
also causes core dump - but much faster - second or two.

bash-2.04$ gdb ../php core   
GNU gdb 5.0rh-5 Red Hat Linux 7.1
Copyright 2001 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
Core was generated by `../php compact.php'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libpam.so.0...done.
Loaded symbols for /lib/libpam.so.0
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
#0  0x0805bb11 in php_compact_var (eg_active_symbol_table=0x8122a08, return_value=0x814dd6c, entry=0x814dca4)
    at /usr/samba/users/andy/412dev/php4-200203140300/ext/standard/array.c:1301
1301                    zend_hash_internal_pointer_reset_ex(Z_ARRVAL_P(entry), &pos);
(gdb) bt
#0  0x0805bb11 in php_compact_var (eg_active_symbol_table=0x8122a08, return_value=0x814dd6c, entry=0x814dca4)
    at /usr/samba/users/andy/412dev/php4-200203140300/ext/standard/array.c:1301
#1  0x0805bb31 in php_compact_var (eg_active_symbol_table=0x8122a08, return_value=0x814dd6c, entry=0x814dbdc)
    at /usr/samba/users/andy/412dev/php4-200203140300/ext/standard/array.c:1305
#2  0x0805bb31 in php_compact_var (eg_active_symbol_table=0x8122a08, return_value=0x814dd6c, entry=0x814dca4)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-06-07 06:45 UTC] sander@php.net

Circular references are not supported and won't be anytime soon.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat May 18 10:01:32 2024 UTC