|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #39046 double free on circular references (PHP 4 only!)
Submitted: 2006-10-05 11:07 UTC Modified: 2008-07-11 21:24 UTC
Avg. Score:4.5 ± 0.5
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: checat at yandex dot ru Assigned: derick (profile)
Status: Wont fix Package: Reproducible crash
PHP Version: 4.4.4 OS: RHEL4
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2006-10-05 11:07 UTC] checat at yandex dot ru
When freeing array variables with multiple references, variables which should still be accessible via other reference may be unexpectedly freed.

Depending of the code it may produce data corruption, glibc-detected memory corruption or segfault.

Reproduce code:

$root=array('id'=>'1', 'parent_id'=>NULL);
$child1 = array('id'=>'2', 'parent_id'=>'1');

// build tree with references up and down
$root['childs'] = array();

$child1['parent'] = & $root;
$child1['parent']['childs'][] = & $child1;
$child1['childs'] = array();





Expected result:

Actual result:
Segmentation fault

Apache2/prefork/mod_php: no output, Segmentation fault in log


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2006-10-05 11:13 UTC] checat at yandex dot ru
To have "double free" bug, one needs to wrap my test case into a function.
 [2006-10-05 11:15 UTC]
Circular references is the easiest way one can shoot his own leg.
Upgrade to PHP5, which doesn't segfault.
 [2006-10-05 11:31 UTC]
We still need to address segfaults in 4.4.
 [2008-07-11 21:24 UTC]
We are sorry, but we can not support PHP 4 related problems anymore.
Momentum is gathering for PHP 6, and we think supporting PHP 4 will
lead to a waste of resources which we want to put into getting PHP 6

PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Wed Dec 07 00:03:19 2022 UTC