php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #60138 GC crash with referenced array in RecursiveArrayIterator
Submitted: 2011-10-26 09:44 UTC Modified: 2011-11-18 12:43 UTC
From: jinmoku at hotmail dot com Assigned: dmitry (profile)
Status: Closed Package: SPL related
PHP Version: 5.3.8 OS: Windows 7
Private report: No CVE-ID: None
 [2011-10-26 09:44 UTC] jinmoku at hotmail dot com
Description:
------------
GC crash with referenced array in RecursiveArrayIterator,(no problem with gc_disable)

Test script:
---------------
$tree = array();
$branch = &$tree;

$courses = array(
    'f1' => '/d1',
    'f6' => '/d2',
    'f7' => '/d3',
    'f8' => '/d3/d4',
    'f9' => '/d3/d4',
);

foreach($courses as $id => $course) {
    $path = explode('/', substr($course, 1));
    $branch = &$tree;
    foreach($path as $category) {
        if (!isset($branch[$category])) {
            $branch[$category] = array();
        }
        $branch = &$branch[$category];
    }
    $branch[] = $id;
}

$iterator = new RecursiveIteratorIterator(
    new RecursiveArrayIterator($tree),
    RecursiveIteratorIterator::SELF_FIRST
);

foreach($iterator as $file);

Actual result:
--------------
PHP5TS!GC_REMOVE_ZVAL_FROM_BUFFER+2C4In php__PID__1756__Date__10_26_2011__Time_11_24_34AM__612__Second_Chance_Exception_C0000005.dmp the assembly instruction at php5ts!gc_remove_zval_from_buffer+2c4 in C:\Program Files (x86)\PHP\php5ts.dll from The PHP Group has caused an access violation exception (0xC0000005) when trying to read from memory location 0x0000000c on thread 0



php5ts!gc_remove_zval_from_buffer+2c4     0127fbd0     00291a70     00291a70    
php5ts!gc_remove_zval_from_buffer+476     00291a70     00bef62c     73fc3b4e    
php5ts!gc_collect_cycles+6a               00291a70     00291a70     6592cc2e    
php5ts!zend_deactivate+126                00291a70     00291a70     00291a04    
php5ts!php_request_shutdown+31f           00000000     013c742c     00000001    
php!main+122b                             00000002     00291a00     00291fd0    
php!memcpy+160                            7efde000     00befb68     77439ed2    
kernel32!BaseThreadInitThunk+e            7efde000     77d7d20f     00000000    
ntdll!__RtlUserThreadStart+70             013c3002     7efde000     00000000    
ntdll!_RtlUserThreadStart+1b              013c3002     7efde000     00000000    


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-11-16 00:57 UTC] felipe@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: dmitry
 [2011-11-18 12:43 UTC] dmitry@php.net
Automatic comment from SVN on behalf of dmitry
Revision: http://svn.php.net/viewvc/?view=revision&revision=319469
Log: Fixed bug #60138 (GC crash with referenced array in RecursiveArrayIterator)
 [2011-11-18 12:43 UTC] dmitry@php.net
-Status: Assigned +Status: Closed
 [2011-11-18 12:43 UTC] dmitry@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 [2012-04-18 09:47 UTC] laruence@php.net
Automatic comment on behalf of dmitry
Revision: http://git.php.net/?p=php-src.git;a=commit;h=c24716dfa4a9ef54e1f8c53cd1dde35d990f35fe
Log: Fixed bug #60138 (GC crash with referenced array in RecursiveArrayIterator)
 [2012-07-24 23:38 UTC] rasmus@php.net
Automatic comment on behalf of dmitry
Revision: http://git.php.net/?p=php-src.git;a=commit;h=c24716dfa4a9ef54e1f8c53cd1dde35d990f35fe
Log: Fixed bug #60138 (GC crash with referenced array in RecursiveArrayIterator)
 [2013-11-17 09:35 UTC] laruence@php.net
Automatic comment on behalf of dmitry
Revision: http://git.php.net/?p=php-src.git;a=commit;h=c24716dfa4a9ef54e1f8c53cd1dde35d990f35fe
Log: Fixed bug #60138 (GC crash with referenced array in RecursiveArrayIterator)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 05 16:01:30 2024 UTC