php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #56572 Heap corruption caused by runkit_method_rename
Submitted: 2005-10-02 23:41 UTC Modified: 2005-10-31 16:45 UTC
From: skissane at gmail dot com Assigned:
Status: Closed Package: runkit (PECL)
PHP Version: 5.0.3 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: skissane at gmail dot com
New email:
PHP Version: OS:

 

 [2005-10-02 23:41 UTC] skissane at gmail dot com
Description:
------------
using php 5.0.5 & runkit 0.5
runkit_method_rename somehow causes heap corruption in the zend opcode array. In the context of a complex script, this corruption can cause PHP to segfault during request shutdown. (My reproduce script below has been simplified to the point that while the heap corruption still occurs, PHP doesn't segfault.)

Strangely, the behaviour appears to be influenced by the length of the class/method names in question: substituting the long names in the script below for very short ones (A, B, C, etc.) results in no memory leak message.

Reproduce code:
---------------
<?
class LongEnoughName  {
function ThisIsALongEnoughName() { } }
class LongEnoughNameForBugToHappen extends LongEnoughName 
{ }
runkit_method_rename('LongEnoughNameForBugToHappen',
'ThisIsALongEnoughName','EvenLongerThisIsALongEnoughName');


Expected result:
----------------
No memory leak messages

Actual result:
--------------
---------------------------------------
/home/skissane/unpacked/php-5.0.5/Zend/zend_opcode.c(227) : Block 0x08A9F7A0 status:
Beginning:      Cached (allocated on Zend/zend_language_scanner.c:4661, 22 bytes)
      End:      OK
---------------------------------------
/home/skissane/unpacked/runkit-0.5/runkit_methods.c(503) :  Freeing 0x08A8C984 (33 bytes), script=simple.php
=== Total 1 memory leaks detected ===


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-10-31 16:45 UTC] pollita@php.net
This bug has been fixed in CVS.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.

Fixed in Release 0.7
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 09 10:01:27 2024 UTC