PHP :: Bug #65166 :: PHP Generator yield causing zend_mm

Bug #65166

PHP Generator yield causing zend_mm_heap corrupted

Submitted:

2013-06-29 21:59 UTC

Modified:

2015-10-18 15:54 UTC

Votes:	3
Avg. Score:	3.7 ± 1.2
Reproduced:	3 of 3 (100.0%)
Same Version:	1 (33.3%)
Same OS:	2 (66.7%)

From:

gavroche dot bull at gmail dot com

Assigned:

nikic (profile)

Status:

Closed

Package:

Unknown/Other Function

PHP Version:

master-Git-2013-06-29 (Git)

OS:

Private report:

CVE-ID:

None

View Developer Edit

[2013-06-29 21:59 UTC] gavroche dot bull at gmail dot com

Description:
------------
The yield function in the example below gives a "zend_mm_heap corrupted" error.

Test script:
---------------
function dump($chunk = 500)
{
    $m = new MongoClient();
    $db = $m->dbname;

    $collection = $db->selectCollection('collectionname');

    $cursor = $collection->find();

    $count = 0;
    $output = [];
    
    foreach ($cursor as $doc) {
        $doc = array_filter($doc, function($v) { return !is_object($v); });
        $output[] = $doc;

        $count++;

        if ($count === $chunk) {
            yield json_encode($output);
            $output = [];
            $count = 0;
        }
    }

    yield json_encode($output);
}

foreach(dump() as $dump) {
    var_dump($dump);
}

Expected result:
----------------
No error.

Actual result:
--------------
zend_mm_heap corrupted

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2013-06-29 22:18 UTC] nikic@php.net

Is it possible to reproduce this crash without the use of mongo db?

If not, it would be nice to have a backtrace for this (as described on https://bugs.php.net/bugs-generating-backtrace.php).

[2013-06-29 22:32 UTC] gavroche dot bull at gmail dot com

Actually after investigation more, this code alone does not produce the error. But 
it now seems that having too much lines of code in the script will produce this 
error or a segmentation fault error. 

For example, if I remove unused lines of code, the code execute properly. If I 
change those unused lines of code for other lines like "null;", the error appears 
again.

[2013-06-30 00:49 UTC] gavroche dot bull at gmail dot com

And no, I have not been able to reproduce the bug without mongo db.

[2014-03-01 17:51 UTC] samo dot bracic at gmail dot com

This works:
-------------------------------

function dump($cursor, $chunk = 500)
{
    $count = 0;
    $output = [];
    
    foreach ($cursor as $doc) {
        $doc = array_filter($doc, function($v) { return !is_object($v); });
        $output[] = $doc;

        $count++;

        if ($count === $chunk) {
            yield json_encode($output);
            $output = [];
            $count = 0;
        }
    }

    yield json_encode($output);
}

$m = new MongoClient();
$db = $m->dbname;
$collection = $db->selectCollection('collectionname');
$cursor = $collection->find();

foreach(dump($cursor) as $dump) {
    var_dump($dump);
}

[2015-10-18 15:54 UTC] nikic@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: nikic

[2015-10-18 15:54 UTC] nikic@php.net

This is probably the same as https://bugs.php.net/bug.php?id=66671, so was fixed on the side of the mongodb extension.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Mar 10 23:01:31 2025 UTC