php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #16072 compact() causes core dump
Submitted: 2002-03-14 10:11 UTC Modified: 2002-06-07 06:45 UTC
From: ahristov at icygen dot com Assigned:
Status: Closed Package: Arrays related
PHP Version: 4.0CVS-2002-03-14 OS: RH 7.1
Private report: No CVE-ID: None
View Developer Edit
 [2002-03-14 10:11 UTC] ahristov at icygen dot com 
<?php
compact($GLOBALS);
?>

Backtrace :

bash-2.04$ gdb ../php core
GNU gdb 5.0rh-5 Red Hat Linux 7.1
Copyright 2001 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
Core was generated by `../php compact.php'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libpam.so.0...done.
Loaded symbols for /lib/libpam.so.0
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
#0  0x400e26fd in __strtol_internal () from /lib/libc.so.6
(gdb) bt
#0  0x400e26fd in __strtol_internal () from /lib/libc.so.6
#1  0x080ce4a5 in zend_hash_find (ht=0x8122a08, arKey=0x8148124 "1", nKeyLength=2, pData=0xbf800088) at /usr/include/stdlib.h:303
#2  0x0805baa2 in php_compact_var (eg_active_symbol_table=0x8122a08, return_value=0x8149504, entry=0x814813c)
    at /usr/samba/users/andy/412dev/php4-200203140300/ext/standard/array.c:1286
#3  0x0805bb31 in php_compact_var (eg_active_symbol_table=0x8122a08, return_value=0x8149504, entry=0x8147bdc)
    at /usr/samba/users/andy/412dev/php4-200203140300/ext/standard/array.c:1305
#4  0x0805bb31 in php_compact_var (eg_active_symbol_table=0x8122a08, return_value=0x8149504, entry=0x8149484)
    at /usr/samba/users/andy/412dev/php4-200203140300/ext/standard/array.c:1305
#5  0x0805bb31 in php_compact_var (eg_active_symbol_table=0x8122a08, return_value=0x8149504, entry=0x8149484)
    at /usr/samba/users/andy/412dev/php4-200203140300/ext/standard/array.c:1305
#6  0x0805bb31 in php_compact_var (eg_active_symbol_table=0x8122a08, return_value=0x8149504, entry=0x8149484)

and so on ... i 've been hitting enter to #58292
but there is more. 
About 10-15 seconds is needed for the script to crash PHP.

Not only $GLOBALS related because
<?php
$a=array(1,array(2));
$a[1][1]=&$a;
compact($a);
?>
also causes core dump - but much faster - second or two.

bash-2.04$ gdb ../php core   
GNU gdb 5.0rh-5 Red Hat Linux 7.1
Copyright 2001 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
Core was generated by `../php compact.php'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libpam.so.0...done.
Loaded symbols for /lib/libpam.so.0
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
#0  0x0805bb11 in php_compact_var (eg_active_symbol_table=0x8122a08, return_value=0x814dd6c, entry=0x814dca4)
    at /usr/samba/users/andy/412dev/php4-200203140300/ext/standard/array.c:1301
1301                    zend_hash_internal_pointer_reset_ex(Z_ARRVAL_P(entry), &pos);
(gdb) bt
#0  0x0805bb11 in php_compact_var (eg_active_symbol_table=0x8122a08, return_value=0x814dd6c, entry=0x814dca4)
    at /usr/samba/users/andy/412dev/php4-200203140300/ext/standard/array.c:1301
#1  0x0805bb31 in php_compact_var (eg_active_symbol_table=0x8122a08, return_value=0x814dd6c, entry=0x814dbdc)
    at /usr/samba/users/andy/412dev/php4-200203140300/ext/standard/array.c:1305
#2  0x0805bb31 in php_compact_var (eg_active_symbol_table=0x8122a08, return_value=0x814dd6c, entry=0x814dca4)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-06-07 06:45 UTC] sander@php.net 
Circular references are not supported and won't be anytime soon.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Oct 30 19:00:01 2025 UTC