I ran into this with simplexml but am able to reproduce with userland classes.
The segfault only occurs when the property in question does not exist, no __get and
__set methods implemented (if either is implemented then no segfault), and is not
being called off the initial object in the foreach.
i.e. - $obj->valid()->invalid will segfault while $obj->invalid doesnt.
class Test implements Iterator {
function c() {
return new Test();
}
/* No need to implement functionality - never gets here */
public function rewind() {}
public function key() {}
public function current() {}
public function next() {}
public function hasMore() {}
}
$obj = new Test();
/*
foreach ($obj->c() as $value) { - works correctly with functions implemented
foreach ($obj->a as $value) { - correctly issues Invalid argument supplied for
foreach()
*/
foreach ($obj->c()->a as $value) { // Segafults
print "Test\n";
}
0x08298238 in zend_pzval_unlock_func (z=0x5a5a5a5a)
at /home/rrichards/php5/Zend/zend_execute.c:65
65 z->refcount--;
(gdb) bt
#0 0x08298238 in zend_pzval_unlock_func (z=0x5a5a5a5a)
at /home/rrichards/php5/Zend/zend_execute.c:65
#1 0x082984dd in _get_zval_ptr_ptr (node=0x4047ea2c, Ts=0xbfffb860)
at /home/rrichards/php5/Zend/zend_execute.c:142
#2 0x08295c59 in zend_fe_reset_handler (execute_data=0xbfffba90,
opline=0x4047ea14, op_array=0x4047e3c0)
at /home/rrichards/php5/Zend/zend_execute.c:3630
#3 0x0828f7f4 in execute (op_array=0x4047e3c0)
at /home/rrichards/php5/Zend/zend_execute.c:1339
#4 0x0826d4d1 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /home/rrichards/php5/Zend/zend.c:1052
#5 0x0822a364 in php_execute_script (primary_file=0xbfffde90)
at /home/rrichards/php5/main/main.c:1647
#6 0x0829c7ee in main (argc=2, argv=0xbfffdf24)
at /home/rrichards/php5/sapi/cli/php_cli.c:941
#7 0x42015704 in __libc_start_main () from /lib/tls/libc.so.6
Rob
