PHP :: Bug #34400 :: array_filter() still crashes with references and objects

Bug #34400	array_filter() still crashes with references and objects
Submitted:	2005-09-07 03:34 UTC	Modified:	2005-09-07 12:44 UTC
From:	andreas dot ettner at freenet dot de	Assigned:
Status:	Not a bug	Package:	Arrays related
PHP Version:	4CVS-2005-09-07 (snap)	OS:	GNU/Linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2005-09-07 03:34 UTC] andreas dot ettner at freenet dot de

Description:
------------
PHP crashes with a segmentation fault when executing the provided code. The provided backtrace of a crash was generated with the CGI program of the PHP 4.4.1-dev snapshot built on Sep 06, 2005 18:44 GMT.  It has been configured with

'./configure' '--prefix=/home/eta/data/php4-STABLE-200509061844' '--enable-debug',

and compiled and run on a Debian GNU/Linux system with GCC version 3.3.5 and GNU C Library version 2.3.2.  In this setup PHP crashed on every invocation.

This problem is closely related to bug #34277.  The provided code is a slight variation of the code sample given in the former bug report.


Reproduce code:
---------------
The code is unfortunately a bit long.  It can be found at http://people.freenet.de/aettner/crash-2.txt


Expected result:
----------------
No output (CGI version invoked with -q flag)

Actual result:
--------------
Segmentation fault (core dumped)

Backtrace generated with gdb:

Using host libthread_db library "/lib/libthread_db.so.1".
Core was generated by `php -q crash-2.txt'.
Program terminated with signal 11, Segmentation fault.
#0  0x08168a28 in call_user_function_ex (function_table=0x81efd90, 
    object_pp=0x0, function_name=0x80000020, retval_ptr_ptr=0xbfffca40, 
    param_count=1, params=0xbfffca44, no_separation=0, symbol_table=0x0)
    at /home/eta/data/src-php4-STABLE-200509061844/Zend/zend_execute_API.c:443
443		if (function_name->type==IS_ARRAY) { /* assume array($obj, $name) couple */
#0  0x08168a28 in call_user_function_ex (function_table=0x81efd90, 
    object_pp=0x0, function_name=0x80000020, retval_ptr_ptr=0xbfffca40, 
    param_count=1, params=0xbfffca44, no_separation=0, symbol_table=0x0)
    at /home/eta/data/src-php4-STABLE-200509061844/Zend/zend_execute_API.c:443
#1  0x080b321e in zif_array_filter (ht=2, return_value=0x822268c, 
    this_ptr=0x0, return_value_used=1)
    at /home/eta/data/src-php4-STABLE-200509061844/ext/standard/array.c:3360
#2  0x08186d5b in execute (op_array=0x8225f10)
    at /home/eta/data/src-php4-STABLE-200509061844/Zend/zend_execute.c:1675
#3  0x08186f87 in execute (op_array=0x8227640)
    at /home/eta/data/src-php4-STABLE-200509061844/Zend/zend_execute.c:1719
#4  0x08186f87 in execute (op_array=0x8227790)
    at /home/eta/data/src-php4-STABLE-200509061844/Zend/zend_execute.c:1719
#5  0x08186f87 in execute (op_array=0x82278e0)
    at /home/eta/data/src-php4-STABLE-200509061844/Zend/zend_execute.c:1719
#6  0x08186f87 in execute (op_array=0x8227a30)
    at /home/eta/data/src-php4-STABLE-200509061844/Zend/zend_execute.c:1719
#7  0x08186f87 in execute (op_array=0x821dff4)
    at /home/eta/data/src-php4-STABLE-200509061844/Zend/zend_execute.c:1719
#8  0x08172c78 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/eta/data/src-php4-STABLE-200509061844/Zend/zend.c:938
#9  0x0813c99b in php_execute_script (primary_file=0xbffff9e0)
    at /home/eta/data/src-php4-STABLE-200509061844/main/main.c:1743
#10 0x0818dc24 in main (argc=3, argv=0xbffffa94)
    at /home/eta/data/src-php4-STABLE-200509061844/sapi/cgi/cgi_main.c:1606

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-09-07 12:44 UTC] sniper@php.net

No duplicate reports, please. I reopened the original one.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Mon May 20 01:01:32 2024 UTC