|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2020-07-04 18:52 UTC] changochen1 at gmail dot com
Description:
------------
LOG:
---
php: /home/yongheng/php_clean/Zend/zend_types.h:1162: uint32_t zend_gc_delref(zend_refcounted_h *): Assertion `p->refcount > 0' failed.
---
Test script:
---------------
<?
ob_start (
function ( $a ) use ( & $c ) {
$c .= $a ;
}
, 20 ) ;
for ( ;;
ob_start (
function () {
b ;
}
, $d [ $c ] ++ ) )
var_dump ( get_declared_classes () ) ;
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Tue Oct 28 09:00:01 2025 UTC |
Reduced: <?php $key = "foo"; set_error_handler(function () use (&$key) { $key .= "bar"; }); $ary[$key]++; Valgrind: ==1215619== Invalid read of size 4 ==1215619== at 0x9D8AF8: _zend_hash_add_or_update_i (zend_hash.c:736) ==1215619== by 0x9D93A2: zend_hash_add_new (zend_hash.c:911) ==1215619== by 0x9F3AEE: zend_fetch_dimension_address_inner (zend_execute.c:2136) ==1215619== by 0x9F3DA3: zend_fetch_dimension_address (zend_execute.c:2197) ==1215619== by 0x9F4471: zend_fetch_dimension_address_RW (zend_execute.c:2306) ==1215619== by 0xA60543: ZEND_FETCH_DIM_RW_SPEC_CV_CV_HANDLER (zend_vm_execute.h:46151) ==1215619== by 0xA69ED1: execute_ex (zend_vm_execute.h:55890) ==1215619== by 0xA6A297: zend_execute (zend_vm_execute.h:56094) ==1215619== by 0x9C442A: zend_execute_scripts (zend.c:1667) ==1215619== by 0x92BF71: php_execute_script (main.c:2537) ==1215619== by 0xAA9230: do_cli (php_cli.c:955) ==1215619== by 0xAAA328: main (php_cli.c:1353) ==1215619== Address 0x8ebe454 is 4 bytes inside a block of size 32 free'd ==1215619== at 0x483DFAF: realloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1215619== by 0x98B8F2: __zend_realloc (zend_alloc.c:3011) ==1215619== by 0x98A77F: _realloc_custom (zend_alloc.c:2435) ==1215619== by 0x98A8DB: _erealloc (zend_alloc.c:2557) ==1215619== by 0x9B3B4F: zend_string_extend (zend_string.h:224) ==1215619== by 0x9BAE64: concat_function (zend_operators.c:1876) ==1215619== by 0x9F1330: zend_binary_op (zend_execute.c:1293) ==1215619== by 0xA4CE04: ZEND_ASSIGN_OP_SPEC_CV_CONST_HANDLER (zend_vm_execute.h:37663) ==1215619== by 0xA692F1: execute_ex (zend_vm_execute.h:55282) ==1215619== by 0x9ACB1D: zend_call_function (zend_execute_API.c:785) ==1215619== by 0x9AC36A: _call_user_function_ex (zend_execute_API.c:633) ==1215619== by 0x9C32A0: zend_error_impl (zend.c:1365) ==1215619== by 0x9C352E: zend_error_va_list (zend.c:1413) ==1215619== by 0x9C3929: zend_error (zend.c:1485) ==1215619== by 0x9F3219: zend_undefined_index (zend_execute.c:1909) ==1215619== by 0x9F32F0: zend_undefined_index_write (zend_execute.c:1937) ==1215619== by 0x9F3ABC: zend_fetch_dimension_address_inner (zend_execute.c:2131) ==1215619== by 0x9F3DA3: zend_fetch_dimension_address (zend_execute.c:2197) ==1215619== by 0x9F4471: zend_fetch_dimension_address_RW (zend_execute.c:2306) ==1215619== by 0xA60543: ZEND_FETCH_DIM_RW_SPEC_CV_CV_HANDLER (zend_vm_execute.h:46151) ==1215619== by 0xA69ED1: execute_ex (zend_vm_execute.h:55890) ==1215619== by 0xA6A297: zend_execute (zend_vm_execute.h:56094) ==1215619== by 0x9C442A: zend_execute_scripts (zend.c:1667) ==1215619== by 0x92BF71: php_execute_script (main.c:2537) ==1215619== by 0xAA9230: do_cli (php_cli.c:955) ==1215619== by 0xAAA328: main (php_cli.c:1353) ==1215619== Block was alloc'd at ==1215619== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1215619== by 0x98B83F: __zend_malloc (zend_alloc.c:2992) ==1215619== by 0x98A689: _malloc_custom (zend_alloc.c:2417) ==1215619== by 0x98A7D3: _emalloc (zend_alloc.c:2536) ==1215619== by 0x9B39A9: zend_string_alloc (zend_string.h:141) ==1215619== by 0x9BAE7E: concat_function (zend_operators.c:1878) ==1215619== by 0x9F1330: zend_binary_op (zend_execute.c:1293) ==1215619== by 0xA4CE04: ZEND_ASSIGN_OP_SPEC_CV_CONST_HANDLER (zend_vm_execute.h:37663) ==1215619== by 0xA692F1: execute_ex (zend_vm_execute.h:55282) ==1215619== by 0x9ACB1D: zend_call_function (zend_execute_API.c:785) ==1215619== by 0x9AC36A: _call_user_function_ex (zend_execute_API.c:633) ==1215619== by 0x9C32A0: zend_error_impl (zend.c:1365) ==1215619== by 0x9C352E: zend_error_va_list (zend.c:1413) ==1215619== by 0x9C3929: zend_error (zend.c:1485) ==1215619== by 0x9EEC29: zval_undefined_cv (zend_execute.c:269) ==1215619== by 0x9EEC4A: _zval_undefined_op1 (zend_execute.c:276) ==1215619== by 0x9F4322: zend_fetch_dimension_address (zend_execute.c:2272) ==1215619== by 0x9F4471: zend_fetch_dimension_address_RW (zend_execute.c:2306) ==1215619== by 0xA60543: ZEND_FETCH_DIM_RW_SPEC_CV_CV_HANDLER (zend_vm_execute.h:46151) ==1215619== by 0xA69ED1: execute_ex (zend_vm_execute.h:55890) ==1215619== by 0xA6A297: zend_execute (zend_vm_execute.h:56094) ==1215619== by 0x9C442A: zend_execute_scripts (zend.c:1667) ==1215619== by 0x92BF71: php_execute_script (main.c:2537) ==1215619== by 0xAA9230: do_cli (php_cli.c:955) ==1215619== by 0xAAA328: main (php_cli.c:1353)