|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2000-07-05 18:35 UTC] rasmus at cvs dot php dot net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Wed Jul 02 13:01:34 2025 UTC |
In certain conditions several functions inserted to symbol table by end_function_decleration() function have value.func.arg_types pointer reffering to same memory block. This will cause that memory block freed multiple times during request cleanup proccess, witch mixes up internal PHP memory structures and leads to crashes Here is example of that condition: test.phtml: <? function test(&$vvv){ include("test1.phtml"); test1($vvv); } test($qqq); ?> test1.phtml: <? function test1(&$vvv){ $vvv=6; } ?> When requesting test.phtml, with DEBUG turned on you get following error in error log: [Tue Jul 4 17:30:31 2000] [error] Illegal _efree: 2 bytes from control_structures_inline.h:454 (variables.c:84) --------------------------------------- Block 0x08842140 status at variables.c:84: Beginning: Cached (allocated on control_structures_inline.h:454, 2 bytes) End: OK --------------------------------------- Fix: Initialze GLOBAL(function_state).func_arg_types with NULL in start_function_decleration() function: pluto:/u2/src/php-3.0.15>diff control_structures_inline.h.old control_structures_inline.h 495a496 > GLOBAL(function_state).func_arg_types = NULL;