Hello,
I'm experiencing very weird segfaults (and cannot reproduce them with a
small script) in PHP4 (to be exact: PHP4.3.8) - a backtrace is attached.
Now the weird thing is:
#0 0x080e3ff3 in php_char_to_str (str=0x0, len=1515870810, from=34 '"',
to=0x85d5f54 """", to_len=2,
result=0x860104c) at
/root/php-src/php-4.3.8/ext/standard/string.c:2529
2529 if (*source == from) {
The place where this comes from is an escaping routine (userland PHP)
for SQL queries, where $sql= '"'.str_replace('"', '""', $arg).'"' is
executed (hence the above arguments).
From scanning string.c, I could not figure out how its "str" argument
could ever be NULL. php_char_to_str() is called from
php_str_replace_in_subject() (search is not IS_ARRAY, so this:
if (Z_STRLEN_P(search) == 1) {
php_char_to_str(Z_STRVAL_PP(subject),
Z_STRLEN_PP(subject),
Z_STRVAL_P(search)[0],
Z_STRVAL_P(replace),
Z_STRLEN_P(replace),
result);
is what is being executed. Before that,
convert_to_string_ex(subject);
Z_TYPE_P(result) = IS_STRING;
is called. How could this result in "subject" being NULL?
Maybe someone has an idea or has experienced this behaviour before. I'll
try to find a simple reproduce script ASAP.
- Timm