php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #39046 double free on circular references (PHP 4 only!)
Submitted: 2006-10-05 11:07 UTC Modified: 2008-07-11 21:24 UTC
Votes:2
Avg. Score:4.5 ± 0.5
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: checat at yandex dot ru Assigned: derick (profile)
Status: Wont fix Package: Reproducible crash
PHP Version: 4.4.4 OS: RHEL4
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2006-10-05 11:07 UTC] checat at yandex dot ru
Description:
------------
When freeing array variables with multiple references, variables which should still be accessible via other reference may be unexpectedly freed.

Depending of the code it may produce data corruption, glibc-detected memory corruption or segfault.

Reproduce code:
---------------
<?php

$root=array('id'=>'1', 'parent_id'=>NULL);
$child1 = array('id'=>'2', 'parent_id'=>'1');

// build tree with references up and down
$root['childs'] = array();

$child1['parent'] = & $root;
$child1['parent']['childs'][] = & $child1;
$child1['childs'] = array();


print_r($root['childs'][0]['childs']);

unset($child1);

print_r($root['childs'][0]['childs']);

?>


Expected result:
----------------
Array
(
)
Array
(
)



Actual result:
--------------
CGI:
Array
(
)
Array
(
)
Segmentation fault

Apache2/prefork/mod_php: no output, Segmentation fault in log

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-10-05 11:13 UTC] checat at yandex dot ru
To have "double free" bug, one needs to wrap my test case into a function.
 [2006-10-05 11:15 UTC] tony2001@php.net
Circular references is the easiest way one can shoot his own leg.
Upgrade to PHP5, which doesn't segfault.
 [2006-10-05 11:31 UTC] derick@php.net
We still need to address segfaults in 4.4.
 [2008-07-11 21:24 UTC] jani@php.net
We are sorry, but we can not support PHP 4 related problems anymore.
Momentum is gathering for PHP 6, and we think supporting PHP 4 will
lead to a waste of resources which we want to put into getting PHP 6
ready.


 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Thu May 06 02:01:23 2021 UTC