Home  |  Linux  | Mysql  | PHP  | XML
Date:Tue Jun 30 21:34:30 2009
Subject:#48668 [Ver->Asn]: foreach with array will coredump php
ID: 48668
Updated by: jani@php.net
Reported By: dmda at yandex dot ru
-Status: Verified
+Status: Assigned
Bug Type: Reproducible crash
Operating System: Solaris
PHP Version: 5.3.0RC4
Assigned To: dsp

Previous Comments:

[2009-06-26 15:42:15] dsp@php.net

It looks like this is a memalign issue. PHP 5.3.0 is now build with
flags to avoid the crash. I assign the bug to me to provide a proper
for the issue for 5.3.1


[2009-06-24 12:21:10] johannes@php.net

When using --enable-dbug the code works, without --enable-debug the
code fails, maybe that's the reason why I didn't see this before.

uname -a
SunOS techra46 5.8 Generic_117350-54 sun4u sparc SUNW,Sun-Fire-V210

The issue seems to be independent from the compiler but in some way
system dependent, another similar box worked for me.


[2009-06-24 06:49:42] dmda at yandex dot ru

to me it looks like bogus pointer appeared in the heap's cache first,
then it was returned by the allocator, called by ALLOC_ZVAL(). I see no
other reasons for the tmp pointer to have this strange value.


[2009-06-24 00:32:54] scottmac@php.net

Don't think its endian specific, PPC chip works.

Will test with another sparc box shortly.


[2009-06-23 22:16:22] dmda at yandex dot ru

$uname -a
SunOS qu1 5.8 Generic_108528-11 sun4u sparc
$ sapi/cli/php ./1.php
Bus Error (core dumped)
$gdb --core core sapi/cli/php
Core was generated by `./php 1.php'.
Program terminated with signal 10, Bus error.
5371 INIT_PZVAL_COPY(tmp, array_ptr);
(gdb) bt
#1 0x002d92a0 in execute (op_array=0x70bd90)
#2 0x002b8d48 in zend_execute_scripts (type=8, retval=0x0,
at /export/home/jvlad/php/php5.3-200906221030/Zend/zend.c:1188
#3 0x00266444 in php_execute_script (primary_file=0xffbefbf0)
at /export/home/jvlad/php/php5.3-200906221030/main/main.c:2196
#4 0x003447d4 in main (argc=2, argv=0xffbefcac)
(gdb) p array_ptr
$1 = (zval *) 0x861d14
(gdb) p *array_ptr
$2 = {value = {lval = 7458416, dval = 1.5848218932638939e-306, str =
{val =
0x71ce70 "",
len = 0}, ht = 0x71ce70, obj = {handle = 7458416, handlers =
refcount__gc = 0,
type = 4 '\004', is_ref__gc = 0 '\0'}
(gdb) p tmp
Cannot access memory at address 0xfffffff0
(gdb) dump_bt executor_globals.current_execute_data
[0x00861cc0] ???

Reproduce code:
$cat 1.php
foreach (array("SPL", "Reflection", "Phar") as $ext) {
if (!extension_loaded($ext)) {
echo "$argv[0] requires PHP extension $ext.\n";


Edit this bug report at http://bugs.php.net/?id=48668&edit=1

Navigate in group php.bugs at sever news.php.net
Previous Next

© No Copyright
You are free to use Anything, but please consult your advocate before doing so as this website
also list content from other sources which may be copyrighted.