|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2005-08-28 07:09 UTC] eka1970 at mail dot ru
[2005-08-28 10:42 UTC] tony2001@php.net
[2005-08-29 02:25 UTC] eka1970 at mail dot ru
[2005-08-30 09:19 UTC] derick@php.net
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Mon Nov 17 21:00:01 2025 UTC |
Description: ------------ hundreds of thousands of "$a[]= ..." and "array_pop()" calls triggers memory overwrite. Reproduce code: --------------- <?php $a = array(0,1,2,3,4,5,6,7,8,9,10); $paths = array(); $stack = array(); for($i=0; $i<100000; $i++) { $steps = mt_rand(2,6); // move forward for($j=0; $j<$steps; $j++) { $stack[] = array('x'=>$a[$j]); } $paths[] = $stack; // move backward for($j=0; $j<$steps; $j++) { array_pop($stack); } } print_r($a); ?> Expected result: ---------------- array $a is never modified in the code, but when you print it at the end of the script it spills out a whole lot of unexpected reccursions or just dies with no output.