php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #69485 Double free on zend_list_dtor
Submitted: 2015-04-20 03:36 UTC Modified: -
From: laruence@php.net Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: master-Git-2015-04-20 (Git) OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: laruence@php.net
New email:
PHP Version: OS:

 

 [2015-04-20 03:36 UTC] laruence@php.net 
Description:
------------
double free on recursively call to list dtor

Test script:
---------------
<?php

class O {
    public $ch;
    public function dummy() {
    }
}

$ch = curl_init();

$o = new O;
$o->ch = $ch;
curl_setopt($ch, CURLOPT_WRITEFUNCTION, array($o, "dummy"));

Expected result:
----------------
non segfault

Actual result:
--------------
segfault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-04-20 03:58 UTC] laruence@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d66045fe73fb646f15a45286313231908e656a37
Log: Fixed bug #69485 (Double free on zend_list_dtor).
 [2015-04-20 03:58 UTC] laruence@php.net
-Status: Open +Status: Closed
 [2016-07-20 11:39 UTC] davey@php.net 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d66045fe73fb646f15a45286313231908e656a37
Log: Fixed bug #69485 (Double free on zend_list_dtor).
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri Oct 31 11:00:01 2025 UTC