|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #34617 zend_deactivate: objects_store used after zend_objects_store_destroy is called
Submitted: 2005-09-23 16:17 UTC Modified: 2005-09-27 20:11 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: guillaume dot outters at free dot fr Assigned: dmitry
Status: Closed Package: Scripting Engine problem
PHP Version: 5CVS, 6CVS (2005-09-23) OS: Mac OS X 10.4.2
Private report: No CVE-ID:
 [2005-09-23 16:17 UTC] guillaume dot outters at free dot fr


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2005-09-23 16:25 UTC]
Please try using this CVS snapshot:
For Windows:

Please don't report issues unless you can reproduce the with PHP 5.1 snaps too. 
 [2005-09-23 16:56 UTC] guillaume dot outters at free dot fr
Same exact problem with 5.1.0RC2-dev (only line numbers in the 
backtrace differ).
 [2005-09-23 20:06 UTC]
Dmitry, this is not looking good. Can you check it out?

 [2005-09-24 15:11 UTC]
Yet another chicken-and-egg problem with resources and objects.
xml_parser uses object for callbacks that is already destroyed at the time when the resource is being destroyed.

2 guillaume dot outters at free dot fr:
Please try to make a reproduce case shorter than 1.7Mb. 
 [2005-09-24 16:43 UTC] guillaume dot outters at free dot fr
OK, here we go for a shorter crasher:

class Thing {}
function boom()
    $reader = xml_parser_create();
    xml_set_object($reader, new Thing());

Some comments on the environment:

- crashes with CLI (that could be useful to speed up testing  
and avoid crashing your company's internet web server)
- Doesn't crash with the default Tiger PHP (4.3.11)
- Doesn't crash with my modification (freing the store after 
resources). That said, it was a quick fix, and I don't know 
the Zend engine sufficently to ensure it is safe in other 

Some comments on the crasher:

- dying() after the xml_parser_free doesn't crash anymore 
(the parser has been manually freed, so that's the same as 
freing resources before the objects_store).
- the code must be in a function to crash.
 [2005-09-27 20:11 UTC]
Fixed in CVS HEAD, PHP_5_1 and PHP_5_0.
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Tue Dec 01 14:01:33 2015 UTC