php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #29803 Seg fault on count($GLOBALS, COUNT_RECURSIVE);
Submitted: 2004-08-23 22:10 UTC Modified: 2006-01-06 09:13 UTC
Votes:2
Avg. Score:2.0 ± 1.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: jome@php.net Assigned:
Status: Wont fix Package: Scripting Engine problem
PHP Version: 6CVS, 5CVS (2006-01-02) (cvs) OS: *
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: jome@php.net
New email:
PHP Version: OS:

 

 [2004-08-23 22:10 UTC] jome@php.net 
Description:
------------
Crash on count($GLOBALS, COUNT_RECURSIVE);

./configure --disable-all --enable-cli --enable-debug --enable-memory-limit

Reproduce code:
---------------
<?php count($GLOBALS, COUNT_RECURSIVE); ?>

Expected result:
----------------
Something similar to how var_dump() handles var_dump($GLOBALS).

Actual result:
--------------
Segmentation fault

#0  0x08125815 in zend_hash_num_elements (ht=0x818cf30) at /usr/local/src/php5-200408231830/Zend/zend_hash.c:987
987             IS_CONSISTENT(ht);

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-08-24 09:16 UTC] jome@php.net 
Let me know of you need more than this.

(gdb) frame 1
#1  0x0806936a in php_count_recursive (array=0x81910d4, mode=1)
    at /usr/local/src/php5-200408231830/ext/standard/array.c:267
267                             for (zend_hash_internal_pointer_reset_ex(Z_ARRVAL_P(array), &pos);
(gdb) frame 2
#2  0x08069382 in php_count_recursive (array=0x81910d4, mode=1)
    at /usr/local/src/php5-200408231830/ext/standard/array.c:270
270                                     cnt += php_count_recursive(*element, COUNT_RECURSIVE TSRMLS_CC);

  (More frames containing the above here.)

(gdb) frame 174531
#174531 0x0806942b in zif_count (ht=2, return_value=0x81c3d74, this_ptr=0x0,
    return_value_used=0)
    at /usr/local/src/php5-200408231830/ext/standard/array.c:293
293                             RETURN_LONG (php_count_recursive (array, mode TSRMLS_CC));

#174532 0x081420e8 in zend_do_fcall_common_helper (execute_data=0xbfffd590)
    at /usr/local/src/php5-200408231830/Zend/zend_execute.c:2980
2980                            ((zend_internal_function *) EX(function_state).function)->handler(opline->extended_value, EX_T(opline->result.u.var).var.ptr, EX(object), return_value_used TSRMLS_CC);

(gdb) frame 174533
#174533 0x0814274b in zend_do_fcall_handler (execute_data=0xbfffd590)
    at /usr/local/src/php5-200408231830/Zend/zend_execute.c:3114
3114            return zend_do_fcall_common_helper(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU);

#174534 0x0813eabb in execute (op_array=0x81d0524)
    at /usr/local/src/php5-200408231830/Zend/zend_execute.c:1498
1498                    if (EX(opline)->handler(&execute_data TSRMLS_CC)) {

#174535 0x0811defe in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /usr/local/src/php5-200408231830/Zend/zend.c:1052
1052                            zend_execute(EG(active_op_array) TSRMLS_CC);
 [2004-08-24 09:27 UTC] derick@php.net 
So, PHP is allowed to crash here as you're doing something infinite recursive... I have no clue how this should or can be fixed while the function is still useful. Suspending for now.
 [2004-08-24 09:33 UTC] jome@php.net 
Understood. I don't know much about the internals but like I mentioned, it works if you do var_dump($GLOBALS) though (ie PHP doesn't crash).
 [2006-01-06 09:13 UTC] derick@php.net 
I still have no clue, so marking it as "Wont Fix"
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Mon Apr 29 01:01:30 2024 UTC