|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2003-02-27 14:42 UTC] mccannwj at pha dot jhu dot edu
Using array_reduce on a nested list causes a segfault.
The following code isolates the problem.
<?php
$a['ANY']['F550M']['HRC']['j6jt01dlq_flt.fits'][] = array("FILE_NUMBER"=>2256,
"INGEST_DATE"=>'2003-01-16');
$a['ANY']['F550M']['HRC']['j6jt01dll_flt.fits'][] = array("FILE_NUMBER"=>2258,
"INGEST_DATE"=>'2003-01-17');
$num = nodeCount($a);
print $num;
function checkNode($v,$var) {
print "<pre>";
print_r($var);
print "</pre>";
if (is_scalar($var)) {
$v += 1;
}
elseif (is_null($var)) {
}
else {
$v += nodeCount($var);
}
return $v;
}
function nodeCount($array) {
$number = 0;
if (is_array($array))
$number = array_reduce($array,"checkNode",0);
return $number;
}
?>
How reproducible:
Always
Steps to Reproduce:
1. Execute code snippet
Actual Results: apache error_log:
[Fri Feb 21 12:52:52 2003] [notice] child pid 5618 exit signal Segmentation
fault (11)
Expected Results: This code should count the scalar nodes in the nested list.
It should print the number 4.
Additional info:
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Mon Mar 10 21:01:30 2025 UTC |
On my debian/ 4.3.2-dev it doesn't segfault. Valgring reports memoery read errors. Here is the script modified : <?php $a['one']['two']['three']['four'][] = array("FILE_NUMBER"=>2256, "INGEST_DATE"=>'2003-01-16'); $a['one']['two']['three']['four'][] = array("FILE_NUMBER"=>2258, "INGEST_DATE"=>'2003-01-17'); $num = nodeCount($a); print $num; function checkNode($v, $var) { var_dump($v, $var); echo str_repeat("-=",30)."\n"; if (is_scalar($var)) { $v += 1; } elseif (is_null($var)) { } else { echo "Recursy down\n"; $v += nodeCount($var); //$v = 2; echo "Recursy up\n"; } echo "checkNode - END\n"; return $v; } function nodeCount($array) { $number = 0; if (is_array($array)) { $number = array_reduce($array, "checkNode" , 0); } return $number; } ?> checkNode calls recursively itself. After getting of the recursy something bad happens at this line : zend_hash_move_forward_ex(Z_ARRVAL_PP(input), &pos); I think this is the line. Unfortunately I cannot help more atm.With memory corruption checking enabled in libc, this test case still fails with 4.3-dev (but passes in 5.0-dev and 5.1-dev): MALLOC_CHECK_=3 gdb --args ./4.3-on-2.0.x/sapi/cli/php -f bug22463.php ... Program received signal SIGSEGV, Segmentation fault. call_user_function_ex (function_table=0x8dc1078, object_pp=0x0, function_name=0x0, retval_ptr_ptr=0xbff693e4, param_count=2, params=0xbff693e8, no_separation=0, symbol_table=0x0) at /local/php/4.3/Zend/zend_execute_API.c:443 443 if (function_name->type==IS_ARRAY) { /* assume array($obj, $name) couple */ (gdb) where #0 call_user_function_ex (function_table=0x8dc1078, object_pp=0x0, function_name=0x0, retval_ptr_ptr=0xbff693e4, param_count=2, params=0xbff693e8, no_separation=0, symbol_table=0x0) at /local/php/4.3/Zend/zend_execute_API.c:443 #1 0x080ad4bd in zif_array_reduce (ht=148960076, return_value=0x8e0982c, this_ptr=0x0, return_value_used=1) at /local/php/4.3/ext/standard/array.c:3258 #2 0x0815019f in execute (op_array=0x8e0f128) at /local/php/4.3/Zend/zend_execute.c:1651 #3 0x0814e1c4 in execute (op_array=0x8e0eef8) at /local/php/4.3/Zend/zend_execute.c:1695 #4 0x081344af in call_user_function_ex (function_table=0x8dc1078, object_pp=0x0, function_name=0x8e092c4, retval_ptr_ptr=0xbff69e74, param_count=2, params=0xbff69e78, no_separation=0, symbol_table=0x0) at /local/php/4.3/Zend/zend_execute_API.c:565 #5 0x080ad4bd in zif_array_reduce (ht=148959852, return_value=0x8e09564, this_ptr=0x0, return_value_used=1) at /local/php/4.3/ext/standard/array.c:3258 #6 0x0815019f in execute (op_array=0x8e0f128) at /local/php/4.3/Zend/zend_execute.c:1651 #7 0x0814e1c4 in execute (op_array=0x8e0eef8) at /local/php/4.3/Zend/zend_execute.c:1695 #8 0x081344af in call_user_function_ex (function_table=0x8dc1078, object_pp=0x0, function_name=0x8e0dfc4, retval_ptr_ptr=0xbff6a904, param_count=2, params=0xbff6a908, no_separation=0, symbol_table=0x0) at /local/php/4.3/Zend/zend_execute_API.c:565 #9 0x080ad4bd in zif_array_reduce (ht=148959676, return_value=0x8e0929c, this_ptr=0x0, return_value_used=1) at /local/php/4.3/ext/standard/array.c:3258 #10 0x0815019f in execute (op_array=0x8e0f128) at /local/php/4.3/Zend/zend_execute.c:1651 #11 0x0814e1c4 in execute (op_array=0x8e0eef8) at /local/php/4.3/Zend/zend_execute.c:1695 #12 0x081344af in call_user_function_ex (function_table=0x8dc1078, object_pp=0x0, function_name=0x8e0dc2c, retval_ptr_ptr=0xbff6b394, param_count=2, params=0xbff6b398, no_separation=0, symbol_table=0x0) at /local/php/4.3/Zend/zend_execute_API.c:565 #13 0x080ad4bd in zif_array_reduce (ht=148914716, return_value=0x8e0df9c, this_ptr=0x0, return_value_used=1) at /local/php/4.3/ext/standard/array.c:3258 #14 0x0815019f in execute (op_array=0x8e0f128) at /local/php/4.3/Zend/zend_execute.c:1651 #15 0x0814e1c4 in execute (op_array=0x8e0eef8) at /local/php/4.3/Zend/zend_execute.c:1695 #16 0x081344af in call_user_function_ex (function_table=0x8dc1078, object_pp=0x0, function_name=0x8e0db8c, retval_ptr_ptr=0xbff6be24, param_count=2, params=0xbff6be28, no_separation=0, symbol_table=0x0) at /local/php/4.3/Zend/zend_execute_API.c:565 #17 0x080ad4bd in zif_array_reduce (ht=148914548, return_value=0x8e0dc04, this_ptr=0x0, return_value_used=1) at /local/php/4.3/ext/standard/array.c:3258 #18 0x0815019f in execute (op_array=0x8e0f128) at /local/php/4.3/Zend/zend_execute.c:1651 #19 0x0814e1c4 in execute (op_array=0x8e0902c) at /local/php/4.3/Zend/zend_execute.c:1695 #20 0x0813d1d9 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /local/php/4.3/Zend/zend.c:926 #21 0x08113642 in php_execute_script (primary_file=0xbff6eb50) at /local/php/4.3/main/main.c:1739 #22 0x0815833b in main (argc=3, argv=0xbff6ec14) at /local/php/4.3/sapi/cli/php_cli.c:825