[PHP-BUG] Bug #61649 [NEW]: zend gc should not mark persistent hashtable

Fri, 06 Apr 2012 05:18:19 -0700 

From:             laruence
Operating system: 
PHP version:      5.3.10
Package:          Scripting Engine problem
Bug Type:         Bug
Bug description:zend gc should not mark persistent hashtable

Description:
------------
zend gc was introducted in 5.3

thinking of a zval which is a Hashtable allocated by a extension in
persistent, 
and it also has hashtable children in it,

then , if the extension return this to php script:

array_init(return_value);
zend_hash_copy(Z_ARRVAL_P(return_value),
Z_ARRVAL_P(persitent_zval_hashtable), 
***)..

since zval_copy_ctor does shallow copy, so the persistent array return to
the 
php 
script.


then if it happen to be parsed by zval_ptr_dtor, then the persistent array
will 
be 
parsed by gc_zval_possible_root,

ZEND_API void gc_zval_possible_root(zval *zv TSRMLS_DC)
{ 

..................
         
    if (GC_ZVAL_GET_COLOR(zv) != GC_PURPLE) {
        GC_ZVAL_SET_PURPLE(zv);
..................

then the malloc info of the block(not sure before or after) will be
polluted.

then when the extension try to free the block,  a warning will be show
like:

munmap_chunk(): invalid pointer 0x*******




Test script:
---------------
none

Expected result:
----------------
none

Actual result:
--------------
none

-- 
Edit bug report at https://bugs.php.net/bug.php?id=61649&edit=1
-- 
Try a snapshot (PHP 5.4):            
https://bugs.php.net/fix.php?id=61649&r=trysnapshot54
Try a snapshot (PHP 5.3):            
https://bugs.php.net/fix.php?id=61649&r=trysnapshot53
Try a snapshot (trunk):              
https://bugs.php.net/fix.php?id=61649&r=trysnapshottrunk
Fixed in SVN:                        
https://bugs.php.net/fix.php?id=61649&r=fixed
Fixed in SVN and need be documented: 
https://bugs.php.net/fix.php?id=61649&r=needdocs
Fixed in release:                    
https://bugs.php.net/fix.php?id=61649&r=alreadyfixed
Need backtrace:                      
https://bugs.php.net/fix.php?id=61649&r=needtrace
Need Reproduce Script:               
https://bugs.php.net/fix.php?id=61649&r=needscript
Try newer version:                   
https://bugs.php.net/fix.php?id=61649&r=oldversion
Not developer issue:                 
https://bugs.php.net/fix.php?id=61649&r=support
Expected behavior:                   
https://bugs.php.net/fix.php?id=61649&r=notwrong
Not enough info:                     
https://bugs.php.net/fix.php?id=61649&r=notenoughinfo
Submitted twice:                     
https://bugs.php.net/fix.php?id=61649&r=submittedtwice
register_globals:                    
https://bugs.php.net/fix.php?id=61649&r=globals
PHP 4 support discontinued:          
https://bugs.php.net/fix.php?id=61649&r=php4
Daylight Savings:                    https://bugs.php.net/fix.php?id=61649&r=dst
IIS Stability:                       
https://bugs.php.net/fix.php?id=61649&r=isapi
Install GNU Sed:                     
https://bugs.php.net/fix.php?id=61649&r=gnused
Floating point limitations:          
https://bugs.php.net/fix.php?id=61649&r=float
No Zend Extensions:                  
https://bugs.php.net/fix.php?id=61649&r=nozend
MySQL Configuration Error:           
https://bugs.php.net/fix.php?id=61649&r=mysqlcfg

Reply via email to