|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2021-07-23 08:12 UTC] nikic@php.net
-Status: Open
+Status: Closed
-Assigned To:
+Assigned To: nikic
[2021-07-23 08:12 UTC] nikic@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sat Oct 25 08:00:01 2025 UTC |
Description: ------------ The zend_hash_apply is used all over the place, but it isn't interruption safe (just like iteration using HashPosition). Here is an example making use of OB callbacks in var_dump: <?php $array1 = [0, 1]; $array2 = [&$array1]; ob_start(function($str) use(&$array1) { static $i = 0; if ($i++ == 4) { unset($array1[0]); //unset($array1[1]); } return "$i: $str"; }, 1); var_dump($array2); nikic@pluto:~/dev/php-dev$ sapi/cli/php t16.php 1: array(1) { 2: [0]=> 3: 4: &array(2) { 5: [0]=> 6: Segmentation fault (core dumped) Valgrind output (only first entry): ==11997== Invalid read of size 4 ==11997== at 0x819057F: php_var_dump (var.c:99) ==11997== by 0x81903EF: php_array_element_dump (var.c:51) ==11997== by 0x827C917: zend_hash_apply_with_arguments (zend_hash.c:748) ==11997== by 0x8190A58: php_var_dump (var.c:146) ==11997== by 0x81903EF: php_array_element_dump (var.c:51) ==11997== by 0x827C917: zend_hash_apply_with_arguments (zend_hash.c:748) ==11997== by 0x8190A58: php_var_dump (var.c:146) ==11997== by 0x8190C07: zif_var_dump (var.c:183) ==11997== by 0x82A72BA: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:547) ==11997== by 0x82ABD3F: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2328) ==11997== by 0x82A67F6: execute_ex (zend_vm_execute.h:356) ==11997== by 0x82A68AB: zend_execute (zend_vm_execute.h:381) ==11997== Address 0x447f15c is 12 bytes inside a block of size 36 free'd ==11997== at 0x402B06C: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==11997== by 0x823257E: _efree (zend_alloc.c:2437) ==11997== by 0x827C09B: zend_hash_del_key_or_index (zend_hash.c:512) ==11997== by 0x82FC731: ZEND_UNSET_DIM_SPEC_CV_CONST_HANDLER (zend_vm_execute.h:33119) ==11997== by 0x82A67F6: execute_ex (zend_vm_execute.h:356) ==11997== by 0x82A68AB: zend_execute (zend_vm_execute.h:381) ==11997== by 0x8258E71: zend_call_function (zend_execute_API.c:939) ==11997== by 0x8277CD4: zend_fcall_info_call (zend_API.c:3381) ==11997== by 0x81E7B47: php_output_handler_op (output.c:962) ==11997== by 0x81E8026: php_output_op (output.c:1063) ==11997== by 0x81E5E6C: php_output_write (output.c:255) ==11997== by 0x81C9442: php_printf (main.c:682)