ID: 32394
Updated by: [EMAIL PROTECTED]
Reported By: guth at fiifo dot u-psud dot fr
-Status: Open
+Status: Verified
Bug Type: SPL related
Operating System: Linux
-PHP Version: 5.0.3
+PHP Version: 5CVS-2005-03-21
New Comment:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1079353056 (LWP 31492)]
0x0829c122 in zend_hash_get_current_key_type_ex (ht=0x85c6234,
pos=0x85deaac) at /usr/src/dev/php-src/Zend/zend_hash.c:1083
1083 if (p->nKeyLength) {
(gdb) bt
#0 0x0829c122 in zend_hash_get_current_key_type_ex (ht=0x85c6234,
pos=0x85deaac) at /usr/src/dev/php-src/Zend/zend_hash.c:1083
#1 0x081b9320 in spl_array_next (intern=0x85dea9c) at
/usr/src/dev/php-src/ext/spl/spl_array.c:583
#2 0x081b96bc in spl_array_it_move_forward (iter=0x85dd124) at
/usr/src/dev/php-src/ext/spl/spl_array.c:671
#3 0x082ca35c in ZEND_FE_FETCH_SPEC_VAR_HANDLER
(execute_data=0xbfffcca0) at zend_vm_execute.h:7616
#4 0x082b7f3a in execute (op_array=0x85d8d9c) at zend_vm_execute.h:78
#5 0x08293a90 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /usr/src/dev/php-src/Zend/zend.c:1059
#6 0x08251382 in php_execute_script (primary_file=0xbffff0d0) at
/usr/src/dev/php-src/main/main.c:1640
#7 0x083072cc in main (argc=2, argv=0xbffff1a4) at
/usr/src/dev/php-src/sapi/cli/php_cli.c:951
(gdb) p p
$1 = (Bucket *) 0x5a5a5a5a
(gdb) f 1
#1 0x081b9320 in spl_array_next (intern=0x85dea9c) at
/usr/src/dev/php-src/ext/spl/spl_array.c:583
583 return
zend_hash_has_more_elements_ex(aht, &intern->pos);
(gdb) p intern->pos
$3 = 0x5a5a5a5a
(gdb) f 2
#2 0x081b96bc in spl_array_it_move_forward (iter=0x85dd124) at
/usr/src/dev/php-src/ext/spl/spl_array.c:671
671 spl_array_next(object TSRMLS_CC);
(gdb) p *object
$5 = {std = {ce = 0x8561758, properties = 0x85d8e5c, in_get = 0, in_set
= 0}, array = 0x85c61f4, pos = 0x5a5a5a5a, is_ref = 0, fptr_offset_get =
0x0, fptr_offset_set = 0x0,
fptr_offset_has = 0x0, fptr_offset_del = 0x0}
Previous Comments:
------------------------------------------------------------------------
[2005-03-21 13:29:39] guth at fiifo dot u-psud dot fr
Description:
------------
Look at the following code :)
Reproduce code:
---------------
<?php
$object = new ArrayIterator;
$object->append(new stdClass);
foreach($object as $key => $value) {
$object->offsetUnset($key);
}
exit((string)mt_rand(0, 1000));
?>
Expected result:
----------------
No crash.
Actual result:
--------------
#0 0x404195df in zend_hash_get_current_key_type_ex (ht=0x817a6ec,
pos=0x815556c)
at /usr/src/php5-STABLE-200502101130/Zend/zend_hash.c:1083
#1 0x402ffe1b in spl_array_next (intern=0x815555c) at
/usr/src/php5-STABLE-200502101130/ext/spl/spl_array.c:498
#2 0x403001b7 in spl_array_it_move_forward (iter=0x817f6ec) at
/usr/src/php5-STABLE-200502101130/ext/spl/spl_array.c:586
#3 0x4043d6e0 in zend_fe_fetch_handler (execute_data=0xbfffcc10,
opline=0x817ef44, op_array=0x817a57c)
at /usr/src/php5-STABLE-200502101130/Zend/zend_execute.c:3847
#4 0x40435156 in execute (op_array=0x817a57c) at
/usr/src/php5-STABLE-200502101130/Zend/zend_execute.c:1406
#5 0x404113c0 in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
at /usr/src/php5-STABLE-200502101130/Zend/zend.c:1068
#6 0x403d0c7e in php_execute_script (primary_file=0xbfffef80) at
/usr/src/php5-STABLE-200502101130/main/main.c:1630
#7 0x4043ec7e in apache_php_module_main (r=0x817100c,
display_source_mode=0)
at /usr/src/php5-STABLE-200502101130/sapi/apache/sapi_apache.c:54
#8 0x4043f901 in send_php (r=0x817100c, display_source_mode=0,
filename=0x8171b14 "/anticorps/www/test.php")
at /usr/src/php5-STABLE-200502101130/sapi/apache/mod_php5.c:622
#9 0x4043f968 in send_parsed_php (r=0x817100c) at
/usr/src/php5-STABLE-200502101130/sapi/apache/mod_php5.c:637
#10 0x08071e88 in ap_invoke_handler ()
#11 0x08086f10 in process_request_internal ()
#12 0x08086f6f in ap_process_request ()
#13 0x0807df91 in child_main ()
#14 0x0807e19c in make_child ()
#15 0x0807e300 in startup_children ()
#16 0x0807e9bf in standalone_main ()
#17 0x0807f1d7 in main ()
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=32394&edit=1
