php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #49390 SEGV with zval_ptr_dtor
Submitted: 2009-08-27 16:47 UTC Modified: 2009-08-29 01:22 UTC
From: aya at eh dot org Assigned:
Status: Not a bug Package: Scripting Engine problem
PHP Version: 5.3.0 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
 [2009-08-27 16:47 UTC] aya at eh dot org 
Description:
------------
It seems that zval_ptr_dtor doesn't check if strings are heap-allocated.

Reproduce code:
---------------
// Change this to zero to get a SEGV
int heapAllocate = 1;

// Make a string zval
zval* v;
MAKE_STD_ZVAL(v);
ZVAL_STRING(v, "foo", heapAllocate);

// SEGV happens here
zval_ptr_dtor(&v);

Expected result:
----------------
Nothing.

Actual result:
--------------
php-5.3.0/Zend/zend_execute_API.c(435) : Block 0x004014fa status:
php-5.3.0/Zend/zend_variables.c(36) : Actual location (location was relayed)
Invalid pointer: ((thread_id=0x74706972) != (expected=0x96F6B8A0))

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-08-29 01:22 UTC] jani@php.net 
Please ask this kind of support questions on the internals@ mailing 
list.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Jul 03 14:01:34 2025 UTC