Grave PHP bug segfaults drupal sites

I just hit a grave bug, while performance testing a customers drupal site - the apache segfaulted each and every time, after a few 100 requests at the most. The setup had long been plagued by random segmentation faults / complaints about canary problems from suhosin, which wasn't reproducible (or we hadn't spent the time to try), but this time it died consistently.

This was ofcourse considered bad news - but fortunately it gave us (system administrators and PHP devs) a chance to try and find a solution. The setup was running Ubuntu 8.04 LTS - and I found that the issue was resolved when running PHP-5.2.13 (haven't tested 5.3.x yet).

The PHP devs was looking for what triggered it in this extreme, and two hard working guys (one a girl actually ;)  managed to find it - so I figured I'd share it, so everyone not running php-5.2.13 and using an opcode cache (xcache, apc etc.) could perhaps find some help.

The problem is appearently that if you declare something with an array with a string in it in the function definition - it can trigger this bug. f.ex. (from Drupal 6 core):

function theme_links($links, $attributes = array('class' => 'links')) {

Others already found it actually - and PHP marked as a bogus bug (yeah right :) -

0 comments on Grave PHP bug segfaults drupal sites