php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #29437 array_walk_recursive causes segfault
Submitted: 2004-07-29 00:57 UTC Modified: 2004-07-29 02:35 UTC
From: misc at sopic dot com Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 5.0.0 OS: Suse Linux 9.0
Private report: No CVE-ID:
 [2004-07-29 00:57 UTC] misc at sopic dot com
Description:
------------
Execution of the code below causes Apache 2.0.49 (Prefork) to exit with a segfault.

Apache error_log:

[Wed Jul 28 23:25:22 2004] [notice] child pid 30256 exit signal Segmentation fault (11)
[Wed Jul 28 23:25:23 2004] [notice] child pid 30252 exit signal Segmentation fault (11)
[Wed Jul 28 23:25:23 2004] [notice] child pid 32257 exit signal Segmentation fault (11)
[Wed Jul 28 23:25:24 2004] [notice] child pid 32314 exit signal Segmentation fault (11)
[Wed Jul 28 23:25:25 2004] [notice] child pid 32316 exit signal Segmentation fault (11)

'./configure' '--with-apxs2=/usr/local/apache2-php5/bin/apxs' '--with-mysql=/usr/local/mysql' '--with-zlib' '--with-xml' '--with-gd' '--with-ttf=/usr' '--with-jpeg-dir=/usr' '--with-xpm-dir=/usr' '--enable-gd-native-ttf' '--with-mcrypt=/usr' '--enable-calendar' '--enable-bcmath' '--with-dom' '--with-xmlrpc' '--with-gettext' '--with-ftp' '--enable-shared' '--enable-memory-limit' '--with-freetype-dir=/usr' '--with-ldap=/usr' '--disable-short-tags' '--with-dom=/usr'

Reproduce code:
---------------
<?php 

function mysqlEscapeArray (&$array)
{
	if (!is_array($array)) {
		return false;	
	}
	
	function my_escape_function (&$value, $key)
	{
		$value = mysql_escape_string($value);
	}
	
	array_walk_recursive($array, 'my_escape_function');
	
	return true;
}

$foobar = array('test' => array("foo" => "Zack's Laptop"));
mysqlEscapeArray($foobar);

?>

Expected result:
----------------
Array with escaped values

Actual result:
--------------
[New Thread 16384 (LWP 9165)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 9165)]
0x401ab05a in _int_malloc () from /lib/i686/libc.so.6
(gdb) bt
#0  0x401ab05a in _int_malloc () from /lib/i686/libc.so.6
#1  0x401aa06c in malloc () from /lib/i686/libc.so.6
#2  0x403f34e6 in _emalloc (size=256) at /usr/local/src/php-5.0.0/Zend/zend_alloc.c:182
#3  0x40406957 in zend_stack_init (stack=0x404cd2dc) at /usr/local/src/php-5.0.0/Zend/zend_stack.c:28
#4  0x403fd9eb in shutdown_executor () at /usr/local/src/php-5.0.0/Zend/zend_execute_API.c:232
#5  0x40408060 in zend_deactivate () at /usr/local/src/php-5.0.0/Zend/zend.c:819
#6  0x403d0e50 in php_request_shutdown (dummy=0x0) at /usr/local/src/php-5.0.0/main/main.c:1212
#7  0x4043b1da in php_apache_request_dtor (r=0x81ed8b0) at /usr/local/src/php-5.0.0/sapi/apache2handler/sapi_apache2.c:435
#8  0x4043b5fd in php_handler (r=0x81ed8b0) at /usr/local/src/php-5.0.0/sapi/apache2handler/sapi_apache2.c:551
#9  0x0807d83b in ap_run_handler (r=0x81ed8b0) at config.c:152
#10 0x0807ddbe in ap_invoke_handler (r=0x81ed8b0) at config.c:358
#11 0x0806c98b in ap_process_request (r=0x81ed8b0) at http_request.c:246
#12 0x080686ac in ap_process_http_connection (c=0x81e90c0) at http_core.c:250
#13 0x080874db in ap_run_process_connection (c=0x81e90c0) at connection.c:42
#14 0x0807c31d in child_main (child_num_arg=1076259452) at prefork.c:609
#15 0x0807c42d in make_child (s=0x80dbf18, slot=0) at prefork.c:649
#16 0x0807c4f4 in startup_children (number_to_start=5) at prefork.c:721
#17 0x0807cb5d in ap_mpm_run (_pconf=0x80d97e8, plog=0x81118c8, s=0x0) at prefork.c:940
#18 0x08081f7a in main (argc=2, argv=0xbffff594) at main.c:617

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-07-29 02:35 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 17:01:54 2014 UTC