php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #29116 Zend constant warning uses memory after free
Submitted: 2004-07-13 14:17 UTC Modified: 2004-07-13 21:40 UTC
From: jdolecek at NetBSD dot org Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 4.3.8, 5.0.0 OS: *
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: jdolecek at NetBSD dot org
New email:
PHP Version: OS:

 

 [2004-07-13 14:17 UTC] jdolecek at NetBSD dot org 
Description:
------------
If a constant in a define() call is already defined, Zend engine issues a warning with E_NOTICE set. This warning code might use memory after it's freed. This can cause interpreter crash, especially under threaded Apache 2.x.

Following fixes the problem (this patch is in NetBSD pkgsrc ATM):

--- Zend/zend_constants.c.orig  2004-07-13 14:01:27.000000000 +0200
+++ Zend/zend_constants.c       2004-07-13 14:01:54.000000000 +0200
@@ -265,11 +265,11 @@
        }

        if (zend_hash_add(EG(zend_constants), name, c->name_len, (void *) c, sizeof(zend_constant), NULL)==FAILURE) {
+               zend_error(E_NOTICE,"Constant %s already defined", name);
                free(c->name);
                if (!(c->flags & CONST_PERSISTENT)) {
                        zval_dtor(&c->value);
                }
-               zend_error(E_NOTICE,"Constant %s already defined", name);
                ret = FAILURE;
        }
        if (lowercase_name) {


Reproduce code:
---------------
Under NetBSD, switch on extended malloc() debugging, by telling malloc to fill free()d values with junk:

ln -s J /etc/malloc.conf

then, run:

php -r 'error_reporting(E_ALL); define("foo", "j"); define("foo", "j");'

see something along:

PHP Notice:  Constant ÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐ in Command line code on line 1

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-07-13 21:40 UTC] helly@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 [2004-07-13 21:40 UTC] helly@php.net 
Sorry a few hours too late for both 4.3.8 and 5.0.0
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu May 09 19:01:34 2024 UTC