Edit report at https://bugs.php.net/bug.php?id=61649&edit=1
ID: 61649 Patch added by: larue...@php.net Reported by: larue...@php.net Summary: zend gc should not mark persistent hashtable Status: Open Type: Bug Package: Scripting Engine problem PHP Version: 5.3.10 Block user comment: N Private report: N New Comment: The following patch has been added/updated: Patch Name: bug61649.patch Revision: 1333714735 URL: https://bugs.php.net/patch-display.php?bug=61649&patch=bug61649.patch&revision=1333714735 Previous Comments: ------------------------------------------------------------------------ [2012-04-06 12:17:59] larue...@php.net Description: ------------ zend gc was introducted in 5.3 thinking of a zval which is a Hashtable allocated by a extension in persistent, and it also has hashtable children in it, then , if the extension return this to php script: array_init(return_value); zend_hash_copy(Z_ARRVAL_P(return_value), Z_ARRVAL_P(persitent_zval_hashtable), ***).. since zval_copy_ctor does shallow copy, so the persistent array return to the php script. then if it happen to be parsed by zval_ptr_dtor, then the persistent array will be parsed by gc_zval_possible_root, ZEND_API void gc_zval_possible_root(zval *zv TSRMLS_DC) { .................. if (GC_ZVAL_GET_COLOR(zv) != GC_PURPLE) { GC_ZVAL_SET_PURPLE(zv); .................. then the malloc info of the block(not sure before or after) will be polluted. then when the extension try to free the block, a warning will be show like: munmap_chunk(): invalid pointer 0x******* Test script: --------------- none Expected result: ---------------- none Actual result: -------------- none ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=61649&edit=1
