Under certain cercumstances imap_sort() will cause an apache child process to seg fault.

Script:

    <?php
      $mbox = imap_open('{host.com/imap:143}INBOX', 
                        'login', 'password', OP_READONLY);
      $results = imap_sort($mbox, 0, 0, SE_UID, 'UNSEEN');
      var_dump($results);
      imap_close($mbox);
    ?>

Run against a mailbox with 1 UNSEEN message, produces the correct output:

    array(1) { [0]=> int(953) } 

However running against a mailbox without any UNSEEN messages, apache dies.  Attached is a gdb backtrace:


(gdb) run ./httpd -X -DSSL
Starting program: /usr/local/build/apache-build/apache-1.3.19/src/./httpd ./httpd -X -DSSL

Program received signal SIGSEGV, Segmentation fault.
0x80c0aa7 in php_if_imap_sort (ht=5, return_value=0x83f1234, this_ptr=0x0, return_value_used=1)
    at php_imap.c:2750
2750            for (sl = slst; *sl; sl++) { 
(gdb) bt
#0  0x80c0aa7 in php_if_imap_sort (ht=5, return_value=0x83f1234, this_ptr=0x0, return_value_used=1)
    at php_imap.c:2750
#1  0x8156bdf in execute (op_array=0x840c4cc) at ./zend_execute.c:1494
#2  0x812f25b in zend_execute_scripts (type=8, file_count=3) at zend.c:743
#3  0x80b37eb in php_execute_script (primary_file=0xbffff8b4) at main.c:1194
#4  0x813b97b in apache_php_module_main (r=0x834d98c, display_source_mode=0) at sapi_apache.c:89
#5  0x80b0ef6 in send_php ()
#6  0x80b0f2e in send_parsed_php ()
#7  0x81614a9 in ap_invoke_handler ()
#8  0x81763af in process_request_internal ()
#9  0x817641a in ap_process_request ()
#10 0x816d276 in child_main ()
#11 0x816d451 in make_child ()
#12 0x816d5cc in startup_children ()
#13 0x816dc3c in standalone_main ()
#14 0x816e48c in main ()
#15 0x400d49cb in __libc_start_main (main=0x816e0d4 <main>, argc=4, argv=0xbffffb44, 
    init=0x80818c4 <_init>, fini=0x826dfa4 <_fini>, rtld_fini=0x4000ae60 <_dl_fini>, 
    stack_end=0xbffffb3c) at ../sysdeps/generic/libc-start.c:92


This happens with both https and http as well as imaps and regular imap.

other info: c-client 2000c