PHP :: Bug #79813 :: Assertion `p->refcount

Bug #79813

Assertion `p->refcount > 0' failed.

Submitted:

2020-07-09 04:27 UTC

Modified:

2020-07-10 08:09 UTC

Votes:	2
Avg. Score:	3.5 ± 0.5
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

changochen1 at gmail dot com

Assigned:

Status:

Verified

Package:

Scripting Engine problem

PHP Version:

7.4

OS:

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	changochen1 at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2020-07-09 04:27 UTC] changochen1 at gmail dot com

Description:
------------
LOG:
---
php: /home/yongheng/php_clean/Zend/zend_types.h:1162: uint32_t zend_gc_delref(zend_refcounted_h *): Assertion `p->refcount > 0' failed.
---

Run with `php -f poc.php >/dev/null`

Test script:
---------------
<?
foreach ( new InfiniteIterator ( new ArrayIterator ( [ [] ] ) ) as $a )
    $c[] = array ( $b.= 1)  ;

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2020-07-09 07:25 UTC] cmb@php.net

-Status: Open +Status: Verified -PHP Version: 8.0Git-2020-07-09 (Git) +PHP Version: 7.4

[2020-07-09 15:34 UTC] changochen1 at gmail dot com

Hi, I wonder why the version info changed, as I tested it on the master brach of version 8.0/

[2020-07-10 08:09 UTC] cmb@php.net

Because that assertion fails on PHP 7.4 as well.

[2020-12-22 19:00 UTC] enumag at gmail dot com

PHP version: 7.4.13


This just popped up randomly in my CI:

```
Assertion failed: p->refcount > 0 (/usr/src/php/Zend/zend_types.h: zend_gc_delref: 1039)
Aborted (core dumped)
```

I have a gdb backtrace from the core but it's most likely not very useful...

```
Reading symbols from /usr/local/bin/php...
warning: Can't read pathname for load map: No error information.
[New LWP 156]
Core was generated by `php vendor/bin/phpunit --colors=always --exclude-group ignore'.
Program terminated with signal SIGABRT, Aborted.
#0  0x00007f62b9245a71 in setjmp () from /lib/ld-musl-x86_64.so.1
#0  0x00007f62b9245a71 in setjmp () from /lib/ld-musl-x86_64.so.1
#1  0x00007f62b9245bcc in raise () from /lib/ld-musl-x86_64.so.1
#2  0x0000003000000010 in ?? ()
#3  0x00007ffd7d4a7c10 in ?? ()
#4  0x00007ffd7d4a7b50 in ?? ()
#5  0x0000563b9a3428c0 in ?? ()
#6  0x0000563b9a346380 in ?? ()
#7  0x0000563b9857a9b7 in ?? ()
#8  0x0000563b9857a998 in ?? ()
#9  0x0000563b9857ab90 in ?? ()
#10 0x000000000000040f in ?? ()
#11 0x00000000000000c0 in ?? ()
#12 0x00007f62ab3d44e8 in ?? ()
#13 0x0000563b9a3462e0 in ?? ()
#14 0x0000563b9a346360 in ?? ()
#15 0x00007ffd7d4a7bd0 in ?? ()
#16 0x00007ffd7d4a7c5c in ?? ()
#17 0x00007ffd7d4a7c70 in ?? ()
#18 0x0000563b9a4f8ca0 in ?? ()
#19 0x00007ffd7d4a7c30 in ?? ()
#20 0x00007f62b921d713 in abort () from /lib/ld-musl-x86_64.so.1
#21 0x0000563b9a4f8ca0 in ?? ()
#22 0x00007f62b92494be in ?? () from /lib/ld-musl-x86_64.so.1
#23 0x0000000000000000 in ?? ()
```

[2020-12-30 10:27 UTC] enumag at gmail dot com

I tried to narrow down when this bug appeared. From my testing PHP 7.4.9 is fine and 7.4.10+ has this problem.

[2021-01-14 08:17 UTC] enumag at gmail dot com

Ignore my last comment. PHP 7.4.9 also has the problem.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 16:01:28 2024 UTC