php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #65166 PHP Generator yield causing zend_mm_heap corrupted
Submitted: 2013-06-29 21:59 UTC Modified: 2015-10-18 15:54 UTC
Votes:3
Avg. Score:3.7 ± 1.2
Reproduced:3 of 3 (100.0%)
Same Version:1 (33.3%)
Same OS:2 (66.7%)
From: gavroche dot bull at gmail dot com Assigned: nikic (profile)
Status: Closed Package: Unknown/Other Function
PHP Version: master-Git-2013-06-29 (Git) OS:
Private report: No CVE-ID: None
 [2013-06-29 21:59 UTC] gavroche dot bull at gmail dot com
Description:
------------
The yield function in the example below gives a "zend_mm_heap corrupted" error.

Test script:
---------------
function dump($chunk = 500)
{
    $m = new MongoClient();
    $db = $m->dbname;

    $collection = $db->selectCollection('collectionname');

    $cursor = $collection->find();

    $count = 0;
    $output = [];
    
    foreach ($cursor as $doc) {
        $doc = array_filter($doc, function($v) { return !is_object($v); });
        $output[] = $doc;

        $count++;

        if ($count === $chunk) {
            yield json_encode($output);
            $output = [];
            $count = 0;
        }
    }

    yield json_encode($output);
}

foreach(dump() as $dump) {
    var_dump($dump);
}

Expected result:
----------------
No error.

Actual result:
--------------
zend_mm_heap corrupted

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-06-29 22:18 UTC] nikic@php.net
Is it possible to reproduce this crash without the use of mongo db?

If not, it would be nice to have a backtrace for this (as described on https://bugs.php.net/bugs-generating-backtrace.php).
 [2013-06-29 22:32 UTC] gavroche dot bull at gmail dot com
Actually after investigation more, this code alone does not produce the error. But 
it now seems that having too much lines of code in the script will produce this 
error or a segmentation fault error. 

For example, if I remove unused lines of code, the code execute properly. If I 
change those unused lines of code for other lines like "null;", the error appears 
again.
 [2013-06-30 00:49 UTC] gavroche dot bull at gmail dot com
And no, I have not been able to reproduce the bug without mongo db.
 [2014-03-01 17:51 UTC] samo dot bracic at gmail dot com
This works:
-------------------------------

function dump($cursor, $chunk = 500)
{
    $count = 0;
    $output = [];
    
    foreach ($cursor as $doc) {
        $doc = array_filter($doc, function($v) { return !is_object($v); });
        $output[] = $doc;

        $count++;

        if ($count === $chunk) {
            yield json_encode($output);
            $output = [];
            $count = 0;
        }
    }

    yield json_encode($output);
}

$m = new MongoClient();
$db = $m->dbname;
$collection = $db->selectCollection('collectionname');
$cursor = $collection->find();

foreach(dump($cursor) as $dump) {
    var_dump($dump);
}
 [2015-10-18 15:54 UTC] nikic@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: nikic
 [2015-10-18 15:54 UTC] nikic@php.net
This is probably the same as https://bugs.php.net/bug.php?id=66671, so was fixed on the side of the mongodb extension.
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Thu Aug 18 02:05:45 2022 UTC