php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #23872 reference to same variable(array) crash web server
Submitted: 2003-05-29 07:37 UTC Modified: 2003-05-29 07:51 UTC
Votes:3
Avg. Score:4.0 ± 1.4
Reproduced:1 of 2 (50.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: Xuefer at 21cn dot com Assigned:
Status: Wont fix Package: Scripting Engine problem
PHP Version: 4.3.2 OS: win2k apache2
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
MUST BE VALID
Solve the problem:
5 + 45 = ?
Subscribe to this entry?

 
 [2003-05-29 07:37 UTC] Xuefer at 21cn dot com
php4.3.2-rc3
<?php
$times = 65536; // 65535 works fine
$t = array(1);
for ($i = 0; $i < $times; $i ++)
{
	$a[] = &$t;
}
?>
crash

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-05-29 07:51 UTC] wez@php.net
That breaks - don't do it :)
It won't be fixed in 4.x; PHP 5 will (and does) handle it though.

 [2003-06-06 14:24 UTC] php at codewhore dot org
According to zend.h, the refcount for zvals is an unsigned short, which would roll over to zero on the 65536th increment, causing shutdown_memory_manager to free the zval while references to it still remain.

I'm guessing it'd be too costly to check every refcount increment.
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Mon Aug 08 16:05:45 2022 UTC