php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #39046 double free on circular references (PHP 4 only!)
Submitted: 2006-10-05 11:07 UTC Modified: 2008-07-11 21:24 UTC
Votes:2
Avg. Score:4.5 ± 0.5
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: checat at yandex dot ru Assigned: derick (profile)
Status: Wont fix Package: Reproducible crash
PHP Version: 4.4.4 OS: RHEL4
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: checat at yandex dot ru
New email:
PHP Version: OS:

 

 [2006-10-05 11:07 UTC] checat at yandex dot ru 
Description:
------------
When freeing array variables with multiple references, variables which should still be accessible via other reference may be unexpectedly freed.

Depending of the code it may produce data corruption, glibc-detected memory corruption or segfault.

Reproduce code:
---------------
<?php

$root=array('id'=>'1', 'parent_id'=>NULL);
$child1 = array('id'=>'2', 'parent_id'=>'1');

// build tree with references up and down
$root['childs'] = array();

$child1['parent'] = & $root;
$child1['parent']['childs'][] = & $child1;
$child1['childs'] = array();


print_r($root['childs'][0]['childs']);

unset($child1);

print_r($root['childs'][0]['childs']);

?>


Expected result:
----------------
Array
(
)
Array
(
)



Actual result:
--------------
CGI:
Array
(
)
Array
(
)
Segmentation fault

Apache2/prefork/mod_php: no output, Segmentation fault in log

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-10-05 11:13 UTC] checat at yandex dot ru 
To have "double free" bug, one needs to wrap my test case into a function.
 [2006-10-05 11:15 UTC] tony2001@php.net 
Circular references is the easiest way one can shoot his own leg.
Upgrade to PHP5, which doesn't segfault.
 [2006-10-05 11:31 UTC] derick@php.net 
We still need to address segfaults in 4.4.
 [2008-07-11 21:24 UTC] jani@php.net 
We are sorry, but we can not support PHP 4 related problems anymore.
Momentum is gathering for PHP 6, and we think supporting PHP 4 will
lead to a waste of resources which we want to put into getting PHP 6
ready.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 13:01:31 2024 UTC