|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2005-10-31 16:45 UTC] pollita@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2023 The PHP GroupAll rights reserved. |
Last updated: Fri Jun 02 01:03:37 2023 UTC |
Description: ------------ using php 5.0.5 & runkit 0.5 runkit_method_rename somehow causes heap corruption in the zend opcode array. In the context of a complex script, this corruption can cause PHP to segfault during request shutdown. (My reproduce script below has been simplified to the point that while the heap corruption still occurs, PHP doesn't segfault.) Strangely, the behaviour appears to be influenced by the length of the class/method names in question: substituting the long names in the script below for very short ones (A, B, C, etc.) results in no memory leak message. Reproduce code: --------------- <? class LongEnoughName { function ThisIsALongEnoughName() { } } class LongEnoughNameForBugToHappen extends LongEnoughName { } runkit_method_rename('LongEnoughNameForBugToHappen', 'ThisIsALongEnoughName','EvenLongerThisIsALongEnoughName'); Expected result: ---------------- No memory leak messages Actual result: -------------- --------------------------------------- /home/skissane/unpacked/php-5.0.5/Zend/zend_opcode.c(227) : Block 0x08A9F7A0 status: Beginning: Cached (allocated on Zend/zend_language_scanner.c:4661, 22 bytes) End: OK --------------------------------------- /home/skissane/unpacked/runkit-0.5/runkit_methods.c(503) : Freeing 0x08A8C984 (33 bytes), script=simple.php === Total 1 memory leaks detected ===