|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2019-09-23 10:35 UTC] nikic@php.net
-Status: Open
+Status: Analyzed
[2019-09-23 10:35 UTC] nikic@php.net
[2019-09-24 10:19 UTC] nikic@php.net
[2019-09-24 10:19 UTC] nikic@php.net
-Status: Analyzed
+Status: Closed
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Fri Oct 31 12:00:01 2025 UTC |
Description: ------------ This is reduced from an OSS-Fuzz testcase involving unserialize(), but turns out to be some kind of generic GC bug. It is related to the changes to __destruct() handling in 7.4. Test script: --------------- class Test { public function __destruct() {} } $test = new Test; $test->foo = [&$test->foo]; $ary = [&$ary, $test]; unset($ary, $test); gc_collect_cycles(); Actual result: -------------- [Mon Sep 23 12:17:48 2019] Script: '/home/nikic/php-src-fuzz/t009.php' Zend/zend_vm_execute.h(27609) : Freeing 0x00007f8220201940 (32 bytes), script=/home/nikic/php-src-fuzz/t009.php [Mon Sep 23 12:17:48 2019] Script: '/home/nikic/php-src-fuzz/t009.php' /home/nikic/php-src-fuzz/Zend/zend_hash.c(256) : Freeing 0x00007f82202588a0 (56 bytes), script=/home/nikic/php-src-fuzz/t009.php [Mon Sep 23 12:17:48 2019] Script: '/home/nikic/php-src-fuzz/t009.php' /home/nikic/php-src-fuzz/Zend/zend_hash.c(131) : Freeing 0x00007f822025c280 (264 bytes), script=/home/nikic/php-src-fuzz/t009.php === Total 3 memory leaks detected ===