ID: 25289
User updated by: skissane at ics dot mq dot edu dot au
Reported By: skissane at ics dot mq dot edu dot au
Status: Open
Bug Type: Reproducible crash
Operating System: RedHat Linux 9
PHP Version: 4.3.3
New Comment:
Sorry about giving so many testcases (only just learning how to do
this), but I finally have a 20-line reproduce script:
<?
class obj_database { }
class obj_enum { }
class obj_enumvalue { }
$dm = unserialize(file_get_contents("test.dat"));
foreach ($dm->obj_enum as $enum) {
foreach ($enum->obj_enumvalue as $enumvalue) {
}
$i = 0;
foreach ($enum->obj_enumvalue as $enumvalue->name => $enumvalue) {
$out = " " . $enum->prefix . "_" .
$enumvalue->name . " => \"" . $enumvalue->name . "\"";
if ($i++ < count($enum->obj_enumvalue)-1) {
}
}
}
?>
It depends on the test.dat data file I included with my earlier test
cases.
Previous Comments:
------------------------------------------------------------------------
[2003-08-28 11:00:37] skissane at ics dot mq dot edu dot au
Okay, I tried a bit harder, and I have now reduced it down to a single
400 line .php file, plus three associated data files which the .php
file unserializes. This results in a segmentation fault when run from
the command line or Apache.
You can get the latest one from
http://www.iips.mq.edu.au/bugs/testcase3.tgz
------------------------------------------------------------------------
[2003-08-28 10:31:21] skissane at ics dot mq dot edu dot au
I can't work out what exactly is causing it, and so can't come up with
a 20 line test. I have reduced it down to a smaller set of files, at
http://www.iips.mq.edu.au/bugs/testcase.tgz
If you have any suggestions of how I can trim this down to a smaller
test case, I'll try.
------------------------------------------------------------------------
[2003-08-28 10:07:26] [EMAIL PROTECTED]
Please provide a short script (max 20 lines), without any external
dependancies, such as database or includes().
(_one_ script, not dozens)
------------------------------------------------------------------------
[2003-08-28 07:19:19] skissane at ics dot mq dot edu dot au
Description:
------------
PHP segfaults.
Reproduce code:
---------------
Reproduce code can be found at:
http://www.iips.mq.edu.au/bugs/
File datamodel/cms-datamodel-php.php causes crash.
Through trial and error (insertion of "echo" and "exit" statements, I
believe I have isolated the segfault to the function
ObjectGenerator_PHP::_generateEnums() in the file
appgen/ObjectGenerator_PHP.inc, but not 100% sure).
Segfault occurs both on command line php and through Apache.
PHP was compiled myself using: './configure'
'--with-apxs2=/usr/sbin/apxs' '--with-mysql=/usr/' '--without-mssql'
'--with-ldap' '--with-curl=/usr'
Expected result:
----------------
No segfault
Actual result:
--------------
Starting program: /usr/local/bin/php cms-datamodel-php.php
Program received signal SIGSEGV, Segmentation fault.
0x42074760 in _int_free () from /lib/tls/libc.so.6
(gdb) bt
#0 0x42074760 in _int_free () from /lib/tls/libc.so.6
#1 0x42073786 in free () from /lib/tls/libc.so.6
#2 0x08104302 in _efree (ptr=0x82cd0bc) at
/home/skissane/php-4.3.3/Zend/zend_alloc.c:265
#3 0x0810a85a in _zval_ptr_dtor (zval_ptr=0x8312c48) at
zend_execute.h:44
#4 0x08115e70 in zend_hash_destroy (ht=0x832c41c) at
/home/skissane/php-4.3.3/Zend/zend_hash.c:553
#5 0x08110aae in _zval_dtor (zvalue=0xbfffa9e0) at
/home/skissane/php-4.3.3/Zend/zend_variables.c:51
#6 0x0811f611 in execute (op_array=0x81eaf7c) at
/home/skissane/php-4.3.3/Zend/zend_execute.c:1452
#7 0x0811e653 in execute (op_array=0x81eadd4) at
/home/skissane/php-4.3.3/Zend/zend_execute.c:1660
#8 0x0811e653 in execute (op_array=0x81a2004) at
/home/skissane/php-4.3.3/Zend/zend_execute.c:1660
#9 0x08111fd5 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /home/skissane/php-4.3.3/Zend/zend.c:885
#10 0x080ecb87 in php_execute_script (primary_file=0xbfffddc0) at
/home/skissane/php-4.3.3/main/main.c:1723
#11 0x081234bb in main (argc=2, argv=0xbfffde44) at
/home/skissane/php-4.3.3/sapi/cli/php_cli.c:818
#12 0x420156a4 in __libc_start_main () from /lib/tls/libc.so.6
(gdb) frame 6
#6 0x0811f611 in execute (op_array=0x81eaf7c) at
/home/skissane/php-4.3.3/Zend/zend_execute.c:1452
1452
zendi_zval_dtor(EX(Ts)[EX(opline)->op1.u.var].tmp_var);
(gdb)
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=25289&edit=1
