php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #43851 Memory corrution on reuse of assigned value
Submitted: 2008-01-15 08:25 UTC Modified: 2008-01-15 15:03 UTC
From: dmitry at zend dot com Assigned: dmitry (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 5.3CVS-2008-01-15 (CVS) OS: *
Private report: No CVE-ID: None
View Developer Edit
 [2008-01-15 08:25 UTC] dmitry at zend dot com 
Description:
------------
Run the following script with valgrind and USE_ZEND_ALLOC=0.

$ USE_ZEND_ALLOC=0 valgrind sapi/cli/php foo.php  

Reproduce code:
---------------
<?php
foo();
function foo() {
  global $LAST;
  ($LAST = $LAST + 0) * 1;
  echo "ok\n";
}
?>

Expected result:
----------------
ok

Actual result:
--------------
==24239== Conditional jump or move depends on uninitialised value(s)
==24239==    at 0x83ED944: zend_pzval_unlock_func (zend_execute.c:69)
==24239==    by 0x83EFE9A: _get_zval_ptr_var (zend_execute.c:187)
==24239==    by 0x8405823: ZEND_MUL_SPEC_VAR_CONST_HANDLER (zend_vm_execute.h:8581)
==24239==    by 0x83EC05B: execute (zend_vm_execute.h:87)
==24239==    by 0x83EC6B4: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:221)
==24239==    by 0x83ED270: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:309)
==24239==    by 0x83EC05B: execute (zend_vm_execute.h:87)
==24239==    by 0x83C493D: zend_execute_scripts (zend.c:1139)
==24239==    by 0x836B15D: php_execute_script (main.c:2010)
==24239==    by 0x844BEBB: main (php_cli.c:1140)
==24239==
==24239== Conditional jump or move depends on uninitialised value(s)
==24239==    at 0x83ED994: zend_pzval_unlock_func (zend_execute.c:76)
==24239==    by 0x83EFE9A: _get_zval_ptr_var (zend_execute.c:187)
==24239==    by 0x8405823: ZEND_MUL_SPEC_VAR_CONST_HANDLER (zend_vm_execute.h:8581)
==24239==    by 0x83EC05B: execute (zend_vm_execute.h:87)
==24239==    by 0x83EC6B4: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:221)
==24239==    by 0x83ED270: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:309)
==24239==    by 0x83EC05B: execute (zend_vm_execute.h:87)
==24239==    by 0x83C493D: zend_execute_scripts (zend.c:1139)
==24239==    by 0x836B15D: php_execute_script (main.c:2010)
==24239==    by 0x844BEBB: main (php_cli.c:1140)
==24239==
==24239== Conditional jump or move depends on uninitialised value(s)
==24239==    at 0x83ED9A5: zend_pzval_unlock_func (zend_execute.c:76)
==24239==    by 0x83EFE9A: _get_zval_ptr_var (zend_execute.c:187)
==24239==    by 0x8405823: ZEND_MUL_SPEC_VAR_CONST_HANDLER (zend_vm_execute.h:8581)
==24239==    by 0x83EC05B: execute (zend_vm_execute.h:87)
==24239==    by 0x83EC6B4: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:221)
==24239==    by 0x83ED270: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:309)
==24239==    by 0x83EC05B: execute (zend_vm_execute.h:87)
==24239==    by 0x83C493D: zend_execute_scripts (zend.c:1139)
==24239==    by 0x836B15D: php_execute_script (main.c:2010)
==24239==    by 0x844BEBB: main (php_cli.c:1140)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-01-15 15:03 UTC] dmitry@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Mon Jul 28 01:00:02 2025 UTC