PHP 5.3.3-1ubuntu9.3 with Suhosin-Patch crashes (segfault) when using big SplFixedArray

Binary package hint: php5

Test script:
--------------

test.php:
<?php

$data = new SplFixedArray(100000);
for ($i = 0; $i < 100000; ++$i)
{
 fprintf(STDERR, "$i\n");
 $data->offsetSet($i, array(1, 2));
}

?>

Running:
-----------

php test.php

Expected result:
--------------------

Either an error message due to memory limit or the script is executed successfully.

Actual result:
-----------------
When the array (used inside the for loop) is empty, an error message is displayed stating: zend_mm_heap corrupted.
When the array contains at least two elements, PHP crashes.

Backtrace:
--------------

Program received signal SIGSEGV, Segmentation fault.
gc_remove_zval_from_buffer (zv=0x107ca70) at /build/buildd/php5-
5.3.3/Zend/zend_gc.h:189
189 /build/buildd/php5-5.3.3/Zend/zend_gc.h: No such file or directory.
 in /build/buildd/php5-5.3.3/Zend/zend_gc.h
(gdb) bt
#0 gc_remove_zval_from_buffer (zv=0x107ca70) at /build/buildd/php5-
5.3.3/Zend/zend_gc.h:189
#1 0x000000000068c575 in _zval_ptr_dtor (zval_ptr=0x16e7218) at
/build/buildd/php5-5.3.3/Zend/zend_execute_API.c:442
#2 0x00000000006a6547 in _zend_hash_index_update_or_next_insert (ht=0x1005000,
h=682, pData=0x7fff00000008, nDataSize=0,
    pDest=0x0, flag=0) at /build/buildd/php5-5.3.3/Zend/zend_hash.c:572
#3 0x00000000005b51a2 in spl_fixedarray_object_get_properties (obj=0x107ca70)
    at /build/buildd/php5-5.3.3/ext/spl/spl_fixedarray.c:158
#4 0x00000000006b6a1b in gc_collect_cycles () at /build/buildd/php5-
5.3.3/Zend/zend_gc.c:395
#5 0x00000000006b70e4 in gc_zval_possible_root (zv=0x107ca70) at
/build/buildd/php5-5.3.3/Zend/zend_gc.c:166
#6 0x00000000006e95a1 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fffffffb9e8)
    at /build/buildd/php5-5.3.3/Zend/zend_execute.h:318
#7 0x00000000006c0e90 in execute (op_array=0x1003de0) at /build/buildd/php5-
5.3.3/Zend/zend_vm_execute.h:107
#8 0x000000000069885d in zend_execute_scripts (type=4470331,
retval=0x7fffffffbb00, file_count=3)
    at /build/buildd/php5-5.3.3/Zend/zend.c:1266
#9 0x00000000006441a8 in php_execute_script (primary_file=0x7ffff580c300) at
/build/buildd/php5-5.3.3/main/main.c:2288
#10 0x0000000000729f26 in main (argc=-7384, argv=0x0) at /build/buildd/php5-
5.3.3/sapi/cli/php_cli.c:1196

PHP version
-----------------

php --version output:

PHP 5.3.3-1ubuntu9.3 with Suhosin-Patch (cli) (built: Jan 12 2011 16:07:38)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies

apt-cache policy php5 output:

php5:
  Installed: (none)
  Candidate: 5.3.3-1ubuntu9.3
  Version table:
     5.3.3-1ubuntu9.3 0
        500 http://hu.archive.ubuntu.com/ubuntu/ maverick-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu/ maverick-security/main amd64 Packages
     5.3.3-1ubuntu9 0
        500 http://hu.archive.ubuntu.com/ubuntu/ maverick/main amd64 Packages

lsb_release -rd output:

Description: Ubuntu 10.10
Release: 10.10

file /usr/bin/php5 output
/usr/bin/php5: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.15, stripped

Reproduction with vanilla PHP:
---------------------------------------

Downloaded PHP snapshot from snaps.php.net (php5.3-201102261530), built it manually (the only option specified for configure script was --prefix). The test script run was successful, no errors and segfaults.

~/tmp/memory/php-vanilla$ ./bin/php --version
PHP 5.3.6RC2-dev (cli) (built: Feb 26 2011 18:09:10)
Copyright (c) 1997-2011 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies