php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #67433 SIGSEGV when using count() on an object implementing Countable
Submitted: 2014-06-13 07:40 UTC Modified: 2014-06-13 13:41 UTC
From: mbeccati@php.net Assigned: mbeccati
Status: Closed Package: Reproducible crash
PHP Version: 5.6Git-2014-06-13 (Git) OS: Ubuntu 13.10
Private report: No CVE-ID:
 [2014-06-13 07:40 UTC] mbeccati@php.net
Description:
------------
Running phpspecs' own test suite randomly triggers segmentation faults on PHP_5.6 and master. I've also tested 5.4 and 5.5 and they seem to be ok.

The backtrace showed that the segmentation fault was happening during GC.

When running the full suite with valgrind, the culprit seemed to be Reflection::invokeArgs. When trying to pin down the test(s) causing the issue call_user_func_array seemed to be involved.

Valgrind logs attached for both runs

Test script:
---------------
git clone https://github.com/phpspec/phpspec.git
cd phpspec
/path/to/php56 bin/phpspec run spec/PhpSpec/Loader/SuiteSpec.php
# and/or
/path/to/php56 bin/phpspec run 


Actual result:
--------------
==10284== Memcheck, a memory error detector
==10284== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==10284== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==10284== Command: /home/atlassian/php56/bin/php bin/phpspec run spec/PhpSpec/Loader
==10284== Parent PID: 22871
==10284== 
==10284== Invalid read of size 4
==10284==    at 0x9F84FA: zval_delref_p (zend.h:411)
==10284==    by 0x9F8685: i_zval_ptr_dtor (zend_execute.h:76)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA0CF3C: _zval_ptr_dtor_wrapper (zend_variables.c:187)
==10284==    by 0xA2257F: zend_hash_destroy (zend_hash.c:548)
==10284==    by 0xA0CAEB: _zval_dtor_func (zend_variables.c:45)
==10284==    by 0x9F862B: _zval_dtor (zend_variables.h:35)
==10284==    by 0x9F86F2: i_zval_ptr_dtor (zend_execute.h:79)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA0CF3C: _zval_ptr_dtor_wrapper (zend_variables.c:187)
==10284==    by 0xA2257F: zend_hash_destroy (zend_hash.c:548)
==10284==    by 0xA0CAEB: _zval_dtor_func (zend_variables.c:45)
==10284==    by 0x9F862B: _zval_dtor (zend_variables.h:35)
==10284==    by 0x9F86F2: i_zval_ptr_dtor (zend_execute.h:79)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA0CF3C: _zval_ptr_dtor_wrapper (zend_variables.c:187)
==10284==    by 0xA2257F: zend_hash_destroy (zend_hash.c:548)
==10284==    by 0xA0CAEB: _zval_dtor_func (zend_variables.c:45)
==10284==    by 0x9F862B: _zval_dtor (zend_variables.h:35)
==10284==    by 0x9F86F2: i_zval_ptr_dtor (zend_execute.h:79)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA0CF3C: _zval_ptr_dtor_wrapper (zend_variables.c:187)
==10284==    by 0xA2257F: zend_hash_destroy (zend_hash.c:548)
==10284==    by 0xA0CAEB: _zval_dtor_func (zend_variables.c:45)
==10284==    by 0x9F862B: _zval_dtor (zend_variables.h:35)
==10284==    by 0x9F86F2: i_zval_ptr_dtor (zend_execute.h:79)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA45AFD: zend_object_std_dtor (zend_objects.c:54)
==10284==    by 0xA45F28: zend_objects_free_object_storage (zend_objects.c:137)
==10284==    by 0xA4D029: zend_objects_store_del_ref_by_handle_ex (zend_objects_API.c:226)
==10284==  Address 0xc7d4100 is 16 bytes inside a block of size 32 free'd
==10284==    at 0x4C2B60C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10284==    by 0x9D709E: _efree (zend_alloc.c:2437)
==10284==    by 0x84E8F1: zif_count (array.c:346)
==10284==    by 0x9FB47E: zend_call_function (zend_execute_API.c:850)
==10284==    by 0x85CF2C: zif_array_map (array.c:4270)
==10284==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==10284==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==10284==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==10284==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==10284==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==10284==    by 0x8629AF: zif_call_user_func_array (basic_functions.c:4774)
==10284==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==10284==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==10284==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==10284==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==10284==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==10284==    by 0xA307A8: zend_call_method (zend_interfaces.c:97)
==10284==    by 0xA49EB9: zend_std_call_user_call (zend_object_handlers.c:928)
==10284==    by 0x9FB47E: zend_call_function (zend_execute_API.c:850)
==10284==    by 0x8629AF: zif_call_user_func_array (basic_functions.c:4774)
==10284==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==10284==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==10284==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==10284==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==10284==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==10284==    by 0xA307A8: zend_call_method (zend_interfaces.c:97)
==10284==    by 0xA49EB9: zend_std_call_user_call (zend_object_handlers.c:928)
==10284==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==10284==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==10284==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==10284== 
==10284== Invalid write of size 4
==10284==    at 0x9F8504: zval_delref_p (zend.h:411)
==10284==    by 0x9F8685: i_zval_ptr_dtor (zend_execute.h:76)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA0CF3C: _zval_ptr_dtor_wrapper (zend_variables.c:187)
==10284==    by 0xA2257F: zend_hash_destroy (zend_hash.c:548)
==10284==    by 0xA0CAEB: _zval_dtor_func (zend_variables.c:45)
==10284==    by 0x9F862B: _zval_dtor (zend_variables.h:35)
==10284==    by 0x9F86F2: i_zval_ptr_dtor (zend_execute.h:79)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA0CF3C: _zval_ptr_dtor_wrapper (zend_variables.c:187)
==10284==    by 0xA2257F: zend_hash_destroy (zend_hash.c:548)
==10284==    by 0xA0CAEB: _zval_dtor_func (zend_variables.c:45)
==10284==    by 0x9F862B: _zval_dtor (zend_variables.h:35)
==10284==    by 0x9F86F2: i_zval_ptr_dtor (zend_execute.h:79)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA0CF3C: _zval_ptr_dtor_wrapper (zend_variables.c:187)
==10284==    by 0xA2257F: zend_hash_destroy (zend_hash.c:548)
==10284==    by 0xA0CAEB: _zval_dtor_func (zend_variables.c:45)
==10284==    by 0x9F862B: _zval_dtor (zend_variables.h:35)
==10284==    by 0x9F86F2: i_zval_ptr_dtor (zend_execute.h:79)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA0CF3C: _zval_ptr_dtor_wrapper (zend_variables.c:187)
==10284==    by 0xA2257F: zend_hash_destroy (zend_hash.c:548)
==10284==    by 0xA0CAEB: _zval_dtor_func (zend_variables.c:45)
==10284==    by 0x9F862B: _zval_dtor (zend_variables.h:35)
==10284==    by 0x9F86F2: i_zval_ptr_dtor (zend_execute.h:79)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA45AFD: zend_object_std_dtor (zend_objects.c:54)
==10284==    by 0xA45F28: zend_objects_free_object_storage (zend_objects.c:137)
==10284==    by 0xA4D029: zend_objects_store_del_ref_by_handle_ex (zend_objects_API.c:226)
==10284==  Address 0xc7d4100 is 16 bytes inside a block of size 32 free'd
==10284==    at 0x4C2B60C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10284==    by 0x9D709E: _efree (zend_alloc.c:2437)
==10284==    by 0x84E8F1: zif_count (array.c:346)
==10284==    by 0x9FB47E: zend_call_function (zend_execute_API.c:850)
==10284==    by 0x85CF2C: zif_array_map (array.c:4270)
==10284==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==10284==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==10284==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==10284==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==10284==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==10284==    by 0x8629AF: zif_call_user_func_array (basic_functions.c:4774)
==10284==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==10284==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==10284==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==10284==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==10284==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==10284==    by 0xA307A8: zend_call_method (zend_interfaces.c:97)
==10284==    by 0xA49EB9: zend_std_call_user_call (zend_object_handlers.c:928)
==10284==    by 0x9FB47E: zend_call_function (zend_execute_API.c:850)
==10284==    by 0x8629AF: zif_call_user_func_array (basic_functions.c:4774)
==10284==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==10284==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==10284==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==10284==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==10284==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==10284==    by 0xA307A8: zend_call_method (zend_interfaces.c:97)
==10284==    by 0xA49EB9: zend_std_call_user_call (zend_object_handlers.c:928)
==10284==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==10284==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==10284==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==10284== 
==10284== Invalid read of size 4
==10284==    at 0x9F850B: zval_delref_p (zend.h:411)
==10284==    by 0x9F8685: i_zval_ptr_dtor (zend_execute.h:76)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA0CF3C: _zval_ptr_dtor_wrapper (zend_variables.c:187)
==10284==    by 0xA2257F: zend_hash_destroy (zend_hash.c:548)
==10284==    by 0xA0CAEB: _zval_dtor_func (zend_variables.c:45)
==10284==    by 0x9F862B: _zval_dtor (zend_variables.h:35)
==10284==    by 0x9F86F2: i_zval_ptr_dtor (zend_execute.h:79)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA0CF3C: _zval_ptr_dtor_wrapper (zend_variables.c:187)
==10284==    by 0xA2257F: zend_hash_destroy (zend_hash.c:548)
==10284==    by 0xA0CAEB: _zval_dtor_func (zend_variables.c:45)
==10284==    by 0x9F862B: _zval_dtor (zend_variables.h:35)
==10284==    by 0x9F86F2: i_zval_ptr_dtor (zend_execute.h:79)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA0CF3C: _zval_ptr_dtor_wrapper (zend_variables.c:187)
==10284==    by 0xA2257F: zend_hash_destroy (zend_hash.c:548)
==10284==    by 0xA0CAEB: _zval_dtor_func (zend_variables.c:45)
==10284==    by 0x9F862B: _zval_dtor (zend_variables.h:35)
==10284==    by 0x9F86F2: i_zval_ptr_dtor (zend_execute.h:79)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA0CF3C: _zval_ptr_dtor_wrapper (zend_variables.c:187)
==10284==    by 0xA2257F: zend_hash_destroy (zend_hash.c:548)
==10284==    by 0xA0CAEB: _zval_dtor_func (zend_variables.c:45)
==10284==    by 0x9F862B: _zval_dtor (zend_variables.h:35)
==10284==    by 0x9F86F2: i_zval_ptr_dtor (zend_execute.h:79)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA45AFD: zend_object_std_dtor (zend_objects.c:54)
==10284==    by 0xA45F28: zend_objects_free_object_storage (zend_objects.c:137)
==10284==    by 0xA4D029: zend_objects_store_del_ref_by_handle_ex (zend_objects_API.c:226)
==10284==  Address 0xc7d4100 is 16 bytes inside a block of size 32 free'd
==10284==    at 0x4C2B60C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10284==    by 0x9D709E: _efree (zend_alloc.c:2437)
==10284==    by 0x84E8F1: zif_count (array.c:346)
==10284==    by 0x9FB47E: zend_call_function (zend_execute_API.c:850)
==10284==    by 0x85CF2C: zif_array_map (array.c:4270)
==10284==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==10284==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==10284==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==10284==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==10284==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==10284==    by 0x8629AF: zif_call_user_func_array (basic_functions.c:4774)
==10284==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==10284==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==10284==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==10284==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==10284==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==10284==    by 0xA307A8: zend_call_method (zend_interfaces.c:97)
==10284==    by 0xA49EB9: zend_std_call_user_call (zend_object_handlers.c:928)
==10284==    by 0x9FB47E: zend_call_function (zend_execute_API.c:850)
==10284==    by 0x8629AF: zif_call_user_func_array (basic_functions.c:4774)
==10284==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==10284==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==10284==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==10284==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==10284==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==10284==    by 0xA307A8: zend_call_method (zend_interfaces.c:97)
==10284==    by 0xA49EB9: zend_std_call_user_call (zend_object_handlers.c:928)
==10284==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==10284==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==10284==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==10284== 
==10284== Invalid read of size 4
==10284==    at 0x9F84A9: zval_refcount_p (zend.h:399)
==10284==    by 0x9F8720: i_zval_ptr_dtor (zend_execute.h:82)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA0CF3C: _zval_ptr_dtor_wrapper (zend_variables.c:187)
==10284==    by 0xA2257F: zend_hash_destroy (zend_hash.c:548)
==10284==    by 0xA0CAEB: _zval_dtor_func (zend_variables.c:45)
==10284==    by 0x9F862B: _zval_dtor (zend_variables.h:35)
==10284==    by 0x9F86F2: i_zval_ptr_dtor (zend_execute.h:79)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA0CF3C: _zval_ptr_dtor_wrapper (zend_variables.c:187)
==10284==    by 0xA2257F: zend_hash_destroy (zend_hash.c:548)
==10284==    by 0xA0CAEB: _zval_dtor_func (zend_variables.c:45)
==10284==    by 0x9F862B: _zval_dtor (zend_variables.h:35)
==10284==    by 0x9F86F2: i_zval_ptr_dtor (zend_execute.h:79)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA0CF3C: _zval_ptr_dtor_wrapper (zend_variables.c:187)
==10284==    by 0xA2257F: zend_hash_destroy (zend_hash.c:548)
==10284==    by 0xA0CAEB: _zval_dtor_func (zend_variables.c:45)
==10284==    by 0x9F862B: _zval_dtor (zend_variables.h:35)
==10284==    by 0x9F86F2: i_zval_ptr_dtor (zend_execute.h:79)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA0CF3C: _zval_ptr_dtor_wrapper (zend_variables.c:187)
==10284==    by 0xA2257F: zend_hash_destroy (zend_hash.c:548)
==10284==    by 0xA0CAEB: _zval_dtor_func (zend_variables.c:45)
==10284==    by 0x9F862B: _zval_dtor (zend_variables.h:35)
==10284==    by 0x9F86F2: i_zval_ptr_dtor (zend_execute.h:79)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA45AFD: zend_object_std_dtor (zend_objects.c:54)
==10284==    by 0xA45F28: zend_objects_free_object_storage (zend_objects.c:137)
==10284==    by 0xA4D029: zend_objects_store_del_ref_by_handle_ex (zend_objects_API.c:226)
==10284==  Address 0xc7d4100 is 16 bytes inside a block of size 32 free'd
==10284==    at 0x4C2B60C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10284==    by 0x9D709E: _efree (zend_alloc.c:2437)
==10284==    by 0x84E8F1: zif_count (array.c:346)
==10284==    by 0x9FB47E: zend_call_function (zend_execute_API.c:850)
==10284==    by 0x85CF2C: zif_array_map (array.c:4270)
==10284==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==10284==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==10284==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==10284==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==10284==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==10284==    by 0x8629AF: zif_call_user_func_array (basic_functions.c:4774)
==10284==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==10284==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==10284==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==10284==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==10284==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==10284==    by 0xA307A8: zend_call_method (zend_interfaces.c:97)
==10284==    by 0xA49EB9: zend_std_call_user_call (zend_object_handlers.c:928)
==10284==    by 0x9FB47E: zend_call_function (zend_execute_API.c:850)
==10284==    by 0x8629AF: zif_call_user_func_array (basic_functions.c:4774)
==10284==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==10284==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==10284==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==10284==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==10284==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==10284==    by 0xA307A8: zend_call_method (zend_interfaces.c:97)
==10284==    by 0xA49EB9: zend_std_call_user_call (zend_object_handlers.c:928)
==10284==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==10284==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==10284==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==10284== 
==10284== Invalid read of size 1
==10284==    at 0x9F8582: gc_zval_check_possible_root (zend_gc.h:182)
==10284==    by 0x9F873D: i_zval_ptr_dtor (zend_execute.h:86)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA0CF3C: _zval_ptr_dtor_wrapper (zend_variables.c:187)
==10284==    by 0xA2257F: zend_hash_destroy (zend_hash.c:548)
==10284==    by 0xA0CAEB: _zval_dtor_func (zend_variables.c:45)
==10284==    by 0x9F862B: _zval_dtor (zend_variables.h:35)
==10284==    by 0x9F86F2: i_zval_ptr_dtor (zend_execute.h:79)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA0CF3C: _zval_ptr_dtor_wrapper (zend_variables.c:187)
==10284==    by 0xA2257F: zend_hash_destroy (zend_hash.c:548)
==10284==    by 0xA0CAEB: _zval_dtor_func (zend_variables.c:45)
==10284==    by 0x9F862B: _zval_dtor (zend_variables.h:35)
==10284==    by 0x9F86F2: i_zval_ptr_dtor (zend_execute.h:79)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA0CF3C: _zval_ptr_dtor_wrapper (zend_variables.c:187)
==10284==    by 0xA2257F: zend_hash_destroy (zend_hash.c:548)
==10284==    by 0xA0CAEB: _zval_dtor_func (zend_variables.c:45)
==10284==    by 0x9F862B: _zval_dtor (zend_variables.h:35)
==10284==    by 0x9F86F2: i_zval_ptr_dtor (zend_execute.h:79)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA0CF3C: _zval_ptr_dtor_wrapper (zend_variables.c:187)
==10284==    by 0xA2257F: zend_hash_destroy (zend_hash.c:548)
==10284==    by 0xA0CAEB: _zval_dtor_func (zend_variables.c:45)
==10284==    by 0x9F862B: _zval_dtor (zend_variables.h:35)
==10284==    by 0x9F86F2: i_zval_ptr_dtor (zend_execute.h:79)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA45AFD: zend_object_std_dtor (zend_objects.c:54)
==10284==    by 0xA45F28: zend_objects_free_object_storage (zend_objects.c:137)
==10284==    by 0xA4D029: zend_objects_store_del_ref_by_handle_ex (zend_objects_API.c:226)
==10284==  Address 0xc7d4104 is 20 bytes inside a block of size 32 free'd
==10284==    at 0x4C2B60C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10284==    by 0x9D709E: _efree (zend_alloc.c:2437)
==10284==    by 0x84E8F1: zif_count (array.c:346)
==10284==    by 0x9FB47E: zend_call_function (zend_execute_API.c:850)
==10284==    by 0x85CF2C: zif_array_map (array.c:4270)
==10284==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==10284==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==10284==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==10284==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==10284==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==10284==    by 0x8629AF: zif_call_user_func_array (basic_functions.c:4774)
==10284==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==10284==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==10284==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==10284==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==10284==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==10284==    by 0xA307A8: zend_call_method (zend_interfaces.c:97)
==10284==    by 0xA49EB9: zend_std_call_user_call (zend_object_handlers.c:928)
==10284==    by 0x9FB47E: zend_call_function (zend_execute_API.c:850)
==10284==    by 0x8629AF: zif_call_user_func_array (basic_functions.c:4774)
==10284==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==10284==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==10284==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==10284==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==10284==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==10284==    by 0xA307A8: zend_call_method (zend_interfaces.c:97)
==10284==    by 0xA49EB9: zend_std_call_user_call (zend_object_handlers.c:928)
==10284==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==10284==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==10284==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==10284== 
==10284== Invalid read of size 1
==10284==    at 0x9F858E: gc_zval_check_possible_root (zend_gc.h:182)
==10284==    by 0x9F873D: i_zval_ptr_dtor (zend_execute.h:86)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA0CF3C: _zval_ptr_dtor_wrapper (zend_variables.c:187)
==10284==    by 0xA2257F: zend_hash_destroy (zend_hash.c:548)
==10284==    by 0xA0CAEB: _zval_dtor_func (zend_variables.c:45)
==10284==    by 0x9F862B: _zval_dtor (zend_variables.h:35)
==10284==    by 0x9F86F2: i_zval_ptr_dtor (zend_execute.h:79)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA0CF3C: _zval_ptr_dtor_wrapper (zend_variables.c:187)
==10284==    by 0xA2257F: zend_hash_destroy (zend_hash.c:548)
==10284==    by 0xA0CAEB: _zval_dtor_func (zend_variables.c:45)
==10284==    by 0x9F862B: _zval_dtor (zend_variables.h:35)
==10284==    by 0x9F86F2: i_zval_ptr_dtor (zend_execute.h:79)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA0CF3C: _zval_ptr_dtor_wrapper (zend_variables.c:187)
==10284==    by 0xA2257F: zend_hash_destroy (zend_hash.c:548)
==10284==    by 0xA0CAEB: _zval_dtor_func (zend_variables.c:45)
==10284==    by 0x9F862B: _zval_dtor (zend_variables.h:35)
==10284==    by 0x9F86F2: i_zval_ptr_dtor (zend_execute.h:79)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA0CF3C: _zval_ptr_dtor_wrapper (zend_variables.c:187)
==10284==    by 0xA2257F: zend_hash_destroy (zend_hash.c:548)
==10284==    by 0xA0CAEB: _zval_dtor_func (zend_variables.c:45)
==10284==    by 0x9F862B: _zval_dtor (zend_variables.h:35)
==10284==    by 0x9F86F2: i_zval_ptr_dtor (zend_execute.h:79)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA45AFD: zend_object_std_dtor (zend_objects.c:54)
==10284==    by 0xA45F28: zend_objects_free_object_storage (zend_objects.c:137)
==10284==    by 0xA4D029: zend_objects_store_del_ref_by_handle_ex (zend_objects_API.c:226)
==10284==  Address 0xc7d4104 is 20 bytes inside a block of size 32 free'd
==10284==    at 0x4C2B60C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10284==    by 0x9D709E: _efree (zend_alloc.c:2437)
==10284==    by 0x84E8F1: zif_count (array.c:346)
==10284==    by 0x9FB47E: zend_call_function (zend_execute_API.c:850)
==10284==    by 0x85CF2C: zif_array_map (array.c:4270)
==10284==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==10284==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==10284==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==10284==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==10284==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==10284==    by 0x8629AF: zif_call_user_func_array (basic_functions.c:4774)
==10284==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==10284==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==10284==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==10284==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==10284==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==10284==    by 0xA307A8: zend_call_method (zend_interfaces.c:97)
==10284==    by 0xA49EB9: zend_std_call_user_call (zend_object_handlers.c:928)
==10284==    by 0x9FB47E: zend_call_function (zend_execute_API.c:850)
==10284==    by 0x8629AF: zif_call_user_func_array (basic_functions.c:4774)
==10284==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==10284==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==10284==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==10284==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==10284==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==10284==    by 0xA307A8: zend_call_method (zend_interfaces.c:97)
==10284==    by 0xA49EB9: zend_std_call_user_call (zend_object_handlers.c:928)
==10284==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==10284==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==10284==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==10284== 
==10284== Invalid write of size 1
==10284==    at 0x9F8545: zval_unset_isref_p (zend.h:423)
==10284==    by 0x9F8731: i_zval_ptr_dtor (zend_execute.h:83)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA0CF3C: _zval_ptr_dtor_wrapper (zend_variables.c:187)
==10284==    by 0xA2257F: zend_hash_destroy (zend_hash.c:548)
==10284==    by 0xA0CAEB: _zval_dtor_func (zend_variables.c:45)
==10284==    by 0x9F862B: _zval_dtor (zend_variables.h:35)
==10284==    by 0x9F86F2: i_zval_ptr_dtor (zend_execute.h:79)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA45AFD: zend_object_std_dtor (zend_objects.c:54)
==10284==    by 0xA45F28: zend_objects_free_object_storage (zend_objects.c:137)
==10284==    by 0xA4D029: zend_objects_store_del_ref_by_handle_ex (zend_objects_API.c:226)
==10284==    by 0xA4CD2E: zend_objects_store_del_ref (zend_objects_API.c:178)
==10284==    by 0xA0CB3B: _zval_dtor_func (zend_variables.c:57)
==10284==    by 0x9F862B: _zval_dtor (zend_variables.h:35)
==10284==    by 0x9F86F2: i_zval_ptr_dtor (zend_execute.h:79)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA45AFD: zend_object_std_dtor (zend_objects.c:54)
==10284==    by 0xA45F28: zend_objects_free_object_storage (zend_objects.c:137)
==10284==    by 0xA4D029: zend_objects_store_del_ref_by_handle_ex (zend_objects_API.c:226)
==10284==    by 0xA4CD2E: zend_objects_store_del_ref (zend_objects_API.c:178)
==10284==    by 0xA0CB3B: _zval_dtor_func (zend_variables.c:57)
==10284==    by 0x9F862B: _zval_dtor (zend_variables.h:35)
==10284==    by 0x9F86F2: i_zval_ptr_dtor (zend_execute.h:79)
==10284==    by 0x9F994F: _zval_ptr_dtor (zend_execute_API.c:427)
==10284==    by 0xA0CF3C: _zval_ptr_dtor_wrapper (zend_variables.c:187)
==10284==    by 0xA2257F: zend_hash_destroy (zend_hash.c:548)
==10284==    by 0xA0CAEB: _zval_dtor_func (zend_variables.c:45)
==10284==    by 0x9F862B: _zval_dtor (zend_variables.h:35)
==10284==    by 0x9F86F2: i_zval_ptr_dtor (zend_execute.h:79)
==10284==  Address 0xc7d4105 is 21 bytes inside a block of size 32 free'd
==10284==    at 0x4C2B60C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10284==    by 0x9D709E: _efree (zend_alloc.c:2437)
==10284==    by 0x84E8F1: zif_count (array.c:346)
==10284==    by 0x9FB47E: zend_call_function (zend_execute_API.c:850)
==10284==    by 0x85CF2C: zif_array_map (array.c:4270)
==10284==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==10284==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==10284==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==10284==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==10284==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==10284==    by 0x8629AF: zif_call_user_func_array (basic_functions.c:4774)
==10284==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==10284==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==10284==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==10284==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==10284==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==10284==    by 0xA307A8: zend_call_method (zend_interfaces.c:97)
==10284==    by 0xA49EB9: zend_std_call_user_call (zend_object_handlers.c:928)
==10284==    by 0x9FB47E: zend_call_function (zend_execute_API.c:850)
==10284==    by 0x8629AF: zif_call_user_func_array (basic_functions.c:4774)
==10284==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==10284==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==10284==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==10284==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==10284==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==10284==    by 0xA307A8: zend_call_method (zend_interfaces.c:97)
==10284==    by 0xA49EB9: zend_std_call_user_call (zend_object_handlers.c:928)
==10284==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==10284==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==10284==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==10284== 
==10284== 
==10284== HEAP SUMMARY:
==10284==     in use at exit: 3,892 bytes in 14 blocks
==10284==   total heap usage: 314,108 allocs, 314,094 frees, 35,060,489 bytes allocated
==10284== 
==10284== LEAK SUMMARY:
==10284==    definitely lost: 376 bytes in 5 blocks
==10284==    indirectly lost: 3,388 bytes in 5 blocks
==10284==      possibly lost: 0 bytes in 0 blocks
==10284==    still reachable: 128 bytes in 4 blocks
==10284==         suppressed: 0 bytes in 0 blocks
==10284== Rerun with --leak-check=full to see details of leaked memory
==10284== 
==10284== For counts of detected and suppressed errors, rerun with: -v
==10284== ERROR SUMMARY: 25 errors from 7 contexts (suppressed: 2 from 2)






AND






==28514== Memcheck, a memory error detector
==28514== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==28514== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==28514== Command: /home/atlassian/php56/bin/php bin/phpspec run
==28514== Parent PID: 22871
==28514== 
==28514== Invalid read of size 1
==28514==    at 0xA3B7CE: zval_mark_grey (zend_gc.c:426)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B73E: zval_mark_grey (zend_gc.c:407)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B73E: zval_mark_grey (zend_gc.c:407)
==28514==    by 0xA3B73E: zval_mark_grey (zend_gc.c:407)
==28514==    by 0xA3B962: zobj_mark_grey (zend_gc.c:459)
==28514==    by 0xA3BA97: gc_mark_roots (zend_gc.c:493)
==28514==    by 0xA3C69A: gc_collect_cycles (zend_gc.c:795)
==28514==    by 0xA3AEAC: gc_zobj_possible_root (zend_gc.c:221)
==28514==    by 0xA3AB71: gc_zval_possible_root (zend_gc.c:143)
==28514==    by 0xA4DA1A: gc_zval_check_possible_root (zend_gc.h:183)
==28514==    by 0xA4ED3C: i_zval_ptr_dtor (zend_execute.h:86)
==28514==    by 0xA546CC: zend_leave_helper_SPEC (zend_vm_execute.h:454)
==28514==    by 0xA5A4DC: ZEND_RETURN_SPEC_CONST_HANDLER (zend_vm_execute.h:2628)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0xA104D7: zend_execute_scripts (zend.c:1330)
==28514==    by 0x9786F6: php_execute_script (main.c:2584)
==28514==    by 0xAC26FC: do_cli (php_cli.c:994)
==28514==    by 0xAC3A2A: main (php_cli.c:1378)
==28514==  Address 0xce71184 is 20 bytes inside a block of size 32 free'd
==28514==    at 0x4C2B60C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==28514==    by 0x9D709E: _efree (zend_alloc.c:2437)
==28514==    by 0xA4EDEA: i_zval_ptr_dtor_nogc (zend_execute.h:96)
==28514==    by 0xA71809: ZEND_BOOL_SPEC_VAR_HANDLER (zend_vm_execute.h:13491)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==28514==    by 0x9FA441: call_user_function_ex (zend_execute_API.c:620)
==28514==    by 0xA0FD64: zend_error (zend.c:1212)
==28514==    by 0xA508F4: zend_verify_arg_error (zend_execute.c:606)
==28514==    by 0xA50A8A: zend_verify_arg_type (zend_execute.c:639)
==28514==    by 0xA5611D: ZEND_RECV_SPEC_HANDLER (zend_vm_execute.h:886)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==28514==    by 0x7799C7: zim_reflection_method_invokeArgs (php_reflection.c:3033)
==28514==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==28514==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0xA104D7: zend_execute_scripts (zend.c:1330)
==28514==    by 0x9786F6: php_execute_script (main.c:2584)
==28514==    by 0xAC26FC: do_cli (php_cli.c:994)
==28514==    by 0xAC3A2A: main (php_cli.c:1378)
==28514== 
==28514== Invalid read of size 4
==28514==    at 0xA3B7F4: zval_mark_grey (zend_gc.c:427)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B73E: zval_mark_grey (zend_gc.c:407)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B73E: zval_mark_grey (zend_gc.c:407)
==28514==    by 0xA3B73E: zval_mark_grey (zend_gc.c:407)
==28514==    by 0xA3B962: zobj_mark_grey (zend_gc.c:459)
==28514==    by 0xA3BA97: gc_mark_roots (zend_gc.c:493)
==28514==    by 0xA3C69A: gc_collect_cycles (zend_gc.c:795)
==28514==    by 0xA3AEAC: gc_zobj_possible_root (zend_gc.c:221)
==28514==    by 0xA3AB71: gc_zval_possible_root (zend_gc.c:143)
==28514==    by 0xA4DA1A: gc_zval_check_possible_root (zend_gc.h:183)
==28514==    by 0xA4ED3C: i_zval_ptr_dtor (zend_execute.h:86)
==28514==    by 0xA546CC: zend_leave_helper_SPEC (zend_vm_execute.h:454)
==28514==    by 0xA5A4DC: ZEND_RETURN_SPEC_CONST_HANDLER (zend_vm_execute.h:2628)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0xA104D7: zend_execute_scripts (zend.c:1330)
==28514==    by 0x9786F6: php_execute_script (main.c:2584)
==28514==    by 0xAC26FC: do_cli (php_cli.c:994)
==28514==    by 0xAC3A2A: main (php_cli.c:1378)
==28514==  Address 0xce71180 is 16 bytes inside a block of size 32 free'd
==28514==    at 0x4C2B60C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==28514==    by 0x9D709E: _efree (zend_alloc.c:2437)
==28514==    by 0xA4EDEA: i_zval_ptr_dtor_nogc (zend_execute.h:96)
==28514==    by 0xA71809: ZEND_BOOL_SPEC_VAR_HANDLER (zend_vm_execute.h:13491)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==28514==    by 0x9FA441: call_user_function_ex (zend_execute_API.c:620)
==28514==    by 0xA0FD64: zend_error (zend.c:1212)
==28514==    by 0xA508F4: zend_verify_arg_error (zend_execute.c:606)
==28514==    by 0xA50A8A: zend_verify_arg_type (zend_execute.c:639)
==28514==    by 0xA5611D: ZEND_RECV_SPEC_HANDLER (zend_vm_execute.h:886)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==28514==    by 0x7799C7: zim_reflection_method_invokeArgs (php_reflection.c:3033)
==28514==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==28514==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0xA104D7: zend_execute_scripts (zend.c:1330)
==28514==    by 0x9786F6: php_execute_script (main.c:2584)
==28514==    by 0xAC26FC: do_cli (php_cli.c:994)
==28514==    by 0xAC3A2A: main (php_cli.c:1378)
==28514== 
==28514== Invalid write of size 4
==28514==    at 0xA3B7FE: zval_mark_grey (zend_gc.c:427)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B73E: zval_mark_grey (zend_gc.c:407)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B73E: zval_mark_grey (zend_gc.c:407)
==28514==    by 0xA3B73E: zval_mark_grey (zend_gc.c:407)
==28514==    by 0xA3B962: zobj_mark_grey (zend_gc.c:459)
==28514==    by 0xA3BA97: gc_mark_roots (zend_gc.c:493)
==28514==    by 0xA3C69A: gc_collect_cycles (zend_gc.c:795)
==28514==    by 0xA3AEAC: gc_zobj_possible_root (zend_gc.c:221)
==28514==    by 0xA3AB71: gc_zval_possible_root (zend_gc.c:143)
==28514==    by 0xA4DA1A: gc_zval_check_possible_root (zend_gc.h:183)
==28514==    by 0xA4ED3C: i_zval_ptr_dtor (zend_execute.h:86)
==28514==    by 0xA546CC: zend_leave_helper_SPEC (zend_vm_execute.h:454)
==28514==    by 0xA5A4DC: ZEND_RETURN_SPEC_CONST_HANDLER (zend_vm_execute.h:2628)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0xA104D7: zend_execute_scripts (zend.c:1330)
==28514==    by 0x9786F6: php_execute_script (main.c:2584)
==28514==    by 0xAC26FC: do_cli (php_cli.c:994)
==28514==    by 0xAC3A2A: main (php_cli.c:1378)
==28514==  Address 0xce71180 is 16 bytes inside a block of size 32 free'd
==28514==    at 0x4C2B60C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==28514==    by 0x9D709E: _efree (zend_alloc.c:2437)
==28514==    by 0xA4EDEA: i_zval_ptr_dtor_nogc (zend_execute.h:96)
==28514==    by 0xA71809: ZEND_BOOL_SPEC_VAR_HANDLER (zend_vm_execute.h:13491)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==28514==    by 0x9FA441: call_user_function_ex (zend_execute_API.c:620)
==28514==    by 0xA0FD64: zend_error (zend.c:1212)
==28514==    by 0xA508F4: zend_verify_arg_error (zend_execute.c:606)
==28514==    by 0xA50A8A: zend_verify_arg_type (zend_execute.c:639)
==28514==    by 0xA5611D: ZEND_RECV_SPEC_HANDLER (zend_vm_execute.h:886)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==28514==    by 0x7799C7: zim_reflection_method_invokeArgs (php_reflection.c:3033)
==28514==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==28514==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0xA104D7: zend_execute_scripts (zend.c:1330)
==28514==    by 0x9786F6: php_execute_script (main.c:2584)
==28514==    by 0xAC26FC: do_cli (php_cli.c:994)
==28514==    by 0xAC3A2A: main (php_cli.c:1378)
==28514== 
==28514== Invalid read of size 8
==28514==    at 0xA3B547: zval_mark_grey (zend_gc.c:378)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B73E: zval_mark_grey (zend_gc.c:407)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B73E: zval_mark_grey (zend_gc.c:407)
==28514==    by 0xA3B73E: zval_mark_grey (zend_gc.c:407)
==28514==    by 0xA3B962: zobj_mark_grey (zend_gc.c:459)
==28514==    by 0xA3BA97: gc_mark_roots (zend_gc.c:493)
==28514==    by 0xA3C69A: gc_collect_cycles (zend_gc.c:795)
==28514==    by 0xA3AEAC: gc_zobj_possible_root (zend_gc.c:221)
==28514==    by 0xA3AB71: gc_zval_possible_root (zend_gc.c:143)
==28514==    by 0xA4DA1A: gc_zval_check_possible_root (zend_gc.h:183)
==28514==    by 0xA4ED3C: i_zval_ptr_dtor (zend_execute.h:86)
==28514==    by 0xA546CC: zend_leave_helper_SPEC (zend_vm_execute.h:454)
==28514==    by 0xA5A4DC: ZEND_RETURN_SPEC_CONST_HANDLER (zend_vm_execute.h:2628)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0xA104D7: zend_execute_scripts (zend.c:1330)
==28514==    by 0x9786F6: php_execute_script (main.c:2584)
==28514==    by 0xAC26FC: do_cli (php_cli.c:994)
==28514==    by 0xAC3A2A: main (php_cli.c:1378)
==28514==  Address 0xce71188 is 24 bytes inside a block of size 32 free'd
==28514==    at 0x4C2B60C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==28514==    by 0x9D709E: _efree (zend_alloc.c:2437)
==28514==    by 0xA4EDEA: i_zval_ptr_dtor_nogc (zend_execute.h:96)
==28514==    by 0xA71809: ZEND_BOOL_SPEC_VAR_HANDLER (zend_vm_execute.h:13491)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==28514==    by 0x9FA441: call_user_function_ex (zend_execute_API.c:620)
==28514==    by 0xA0FD64: zend_error (zend.c:1212)
==28514==    by 0xA508F4: zend_verify_arg_error (zend_execute.c:606)
==28514==    by 0xA50A8A: zend_verify_arg_type (zend_execute.c:639)
==28514==    by 0xA5611D: ZEND_RECV_SPEC_HANDLER (zend_vm_execute.h:886)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==28514==    by 0x7799C7: zim_reflection_method_invokeArgs (php_reflection.c:3033)
==28514==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==28514==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0xA104D7: zend_execute_scripts (zend.c:1330)
==28514==    by 0x9786F6: php_execute_script (main.c:2584)
==28514==    by 0xAC26FC: do_cli (php_cli.c:994)
==28514==    by 0xAC3A2A: main (php_cli.c:1378)
==28514== 
==28514== Invalid read of size 8
==28514==    at 0xA3B564: zval_mark_grey (zend_gc.c:381)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B73E: zval_mark_grey (zend_gc.c:407)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B73E: zval_mark_grey (zend_gc.c:407)
==28514==    by 0xA3B73E: zval_mark_grey (zend_gc.c:407)
==28514==    by 0xA3B962: zobj_mark_grey (zend_gc.c:459)
==28514==    by 0xA3BA97: gc_mark_roots (zend_gc.c:493)
==28514==    by 0xA3C69A: gc_collect_cycles (zend_gc.c:795)
==28514==    by 0xA3AEAC: gc_zobj_possible_root (zend_gc.c:221)
==28514==    by 0xA3AB71: gc_zval_possible_root (zend_gc.c:143)
==28514==    by 0xA4DA1A: gc_zval_check_possible_root (zend_gc.h:183)
==28514==    by 0xA4ED3C: i_zval_ptr_dtor (zend_execute.h:86)
==28514==    by 0xA546CC: zend_leave_helper_SPEC (zend_vm_execute.h:454)
==28514==    by 0xA5A4DC: ZEND_RETURN_SPEC_CONST_HANDLER (zend_vm_execute.h:2628)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0xA104D7: zend_execute_scripts (zend.c:1330)
==28514==    by 0x9786F6: php_execute_script (main.c:2584)
==28514==    by 0xAC26FC: do_cli (php_cli.c:994)
==28514==    by 0xAC3A2A: main (php_cli.c:1378)
==28514==  Address 0xce71188 is 24 bytes inside a block of size 32 free'd
==28514==    at 0x4C2B60C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==28514==    by 0x9D709E: _efree (zend_alloc.c:2437)
==28514==    by 0xA4EDEA: i_zval_ptr_dtor_nogc (zend_execute.h:96)
==28514==    by 0xA71809: ZEND_BOOL_SPEC_VAR_HANDLER (zend_vm_execute.h:13491)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==28514==    by 0x9FA441: call_user_function_ex (zend_execute_API.c:620)
==28514==    by 0xA0FD64: zend_error (zend.c:1212)
==28514==    by 0xA508F4: zend_verify_arg_error (zend_execute.c:606)
==28514==    by 0xA50A8A: zend_verify_arg_type (zend_execute.c:639)
==28514==    by 0xA5611D: ZEND_RECV_SPEC_HANDLER (zend_vm_execute.h:886)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==28514==    by 0x7799C7: zim_reflection_method_invokeArgs (php_reflection.c:3033)
==28514==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==28514==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0xA104D7: zend_execute_scripts (zend.c:1330)
==28514==    by 0x9786F6: php_execute_script (main.c:2584)
==28514==    by 0xAC26FC: do_cli (php_cli.c:994)
==28514==    by 0xAC3A2A: main (php_cli.c:1378)
==28514== 
==28514== Invalid write of size 8
==28514==    at 0xA3B577: zval_mark_grey (zend_gc.c:381)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B73E: zval_mark_grey (zend_gc.c:407)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B73E: zval_mark_grey (zend_gc.c:407)
==28514==    by 0xA3B73E: zval_mark_grey (zend_gc.c:407)
==28514==    by 0xA3B962: zobj_mark_grey (zend_gc.c:459)
==28514==    by 0xA3BA97: gc_mark_roots (zend_gc.c:493)
==28514==    by 0xA3C69A: gc_collect_cycles (zend_gc.c:795)
==28514==    by 0xA3AEAC: gc_zobj_possible_root (zend_gc.c:221)
==28514==    by 0xA3AB71: gc_zval_possible_root (zend_gc.c:143)
==28514==    by 0xA4DA1A: gc_zval_check_possible_root (zend_gc.h:183)
==28514==    by 0xA4ED3C: i_zval_ptr_dtor (zend_execute.h:86)
==28514==    by 0xA546CC: zend_leave_helper_SPEC (zend_vm_execute.h:454)
==28514==    by 0xA5A4DC: ZEND_RETURN_SPEC_CONST_HANDLER (zend_vm_execute.h:2628)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0xA104D7: zend_execute_scripts (zend.c:1330)
==28514==    by 0x9786F6: php_execute_script (main.c:2584)
==28514==    by 0xAC26FC: do_cli (php_cli.c:994)
==28514==    by 0xAC3A2A: main (php_cli.c:1378)
==28514==  Address 0xce71188 is 24 bytes inside a block of size 32 free'd
==28514==    at 0x4C2B60C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==28514==    by 0x9D709E: _efree (zend_alloc.c:2437)
==28514==    by 0xA4EDEA: i_zval_ptr_dtor_nogc (zend_execute.h:96)
==28514==    by 0xA71809: ZEND_BOOL_SPEC_VAR_HANDLER (zend_vm_execute.h:13491)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==28514==    by 0x9FA441: call_user_function_ex (zend_execute_API.c:620)
==28514==    by 0xA0FD64: zend_error (zend.c:1212)
==28514==    by 0xA508F4: zend_verify_arg_error (zend_execute.c:606)
==28514==    by 0xA50A8A: zend_verify_arg_type (zend_execute.c:639)
==28514==    by 0xA5611D: ZEND_RECV_SPEC_HANDLER (zend_vm_execute.h:886)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==28514==    by 0x7799C7: zim_reflection_method_invokeArgs (php_reflection.c:3033)
==28514==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==28514==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0xA104D7: zend_execute_scripts (zend.c:1330)
==28514==    by 0x9786F6: php_execute_script (main.c:2584)
==28514==    by 0xAC26FC: do_cli (php_cli.c:994)
==28514==    by 0xAC3A2A: main (php_cli.c:1378)
==28514== 
==28514== Invalid read of size 1
==28514==    at 0xA3B57F: zval_mark_grey (zend_gc.c:383)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B73E: zval_mark_grey (zend_gc.c:407)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B73E: zval_mark_grey (zend_gc.c:407)
==28514==    by 0xA3B73E: zval_mark_grey (zend_gc.c:407)
==28514==    by 0xA3B962: zobj_mark_grey (zend_gc.c:459)
==28514==    by 0xA3BA97: gc_mark_roots (zend_gc.c:493)
==28514==    by 0xA3C69A: gc_collect_cycles (zend_gc.c:795)
==28514==    by 0xA3AEAC: gc_zobj_possible_root (zend_gc.c:221)
==28514==    by 0xA3AB71: gc_zval_possible_root (zend_gc.c:143)
==28514==    by 0xA4DA1A: gc_zval_check_possible_root (zend_gc.h:183)
==28514==    by 0xA4ED3C: i_zval_ptr_dtor (zend_execute.h:86)
==28514==    by 0xA546CC: zend_leave_helper_SPEC (zend_vm_execute.h:454)
==28514==    by 0xA5A4DC: ZEND_RETURN_SPEC_CONST_HANDLER (zend_vm_execute.h:2628)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0xA104D7: zend_execute_scripts (zend.c:1330)
==28514==    by 0x9786F6: php_execute_script (main.c:2584)
==28514==    by 0xAC26FC: do_cli (php_cli.c:994)
==28514==    by 0xAC3A2A: main (php_cli.c:1378)
==28514==  Address 0xce71184 is 20 bytes inside a block of size 32 free'd
==28514==    at 0x4C2B60C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==28514==    by 0x9D709E: _efree (zend_alloc.c:2437)
==28514==    by 0xA4EDEA: i_zval_ptr_dtor_nogc (zend_execute.h:96)
==28514==    by 0xA71809: ZEND_BOOL_SPEC_VAR_HANDLER (zend_vm_execute.h:13491)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==28514==    by 0x9FA441: call_user_function_ex (zend_execute_API.c:620)
==28514==    by 0xA0FD64: zend_error (zend.c:1212)
==28514==    by 0xA508F4: zend_verify_arg_error (zend_execute.c:606)
==28514==    by 0xA50A8A: zend_verify_arg_type (zend_execute.c:639)
==28514==    by 0xA5611D: ZEND_RECV_SPEC_HANDLER (zend_vm_execute.h:886)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==28514==    by 0x7799C7: zim_reflection_method_invokeArgs (php_reflection.c:3033)
==28514==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==28514==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0xA104D7: zend_execute_scripts (zend.c:1330)
==28514==    by 0x9786F6: php_execute_script (main.c:2584)
==28514==    by 0xAC26FC: do_cli (php_cli.c:994)
==28514==    by 0xAC3A2A: main (php_cli.c:1378)
==28514== 
==28514== Invalid read of size 1
==28514==    at 0xA3B76C: zval_mark_grey (zend_gc.c:417)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B73E: zval_mark_grey (zend_gc.c:407)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B73E: zval_mark_grey (zend_gc.c:407)
==28514==    by 0xA3B73E: zval_mark_grey (zend_gc.c:407)
==28514==    by 0xA3B962: zobj_mark_grey (zend_gc.c:459)
==28514==    by 0xA3BA97: gc_mark_roots (zend_gc.c:493)
==28514==    by 0xA3C69A: gc_collect_cycles (zend_gc.c:795)
==28514==    by 0xA3AEAC: gc_zobj_possible_root (zend_gc.c:221)
==28514==    by 0xA3AB71: gc_zval_possible_root (zend_gc.c:143)
==28514==    by 0xA4DA1A: gc_zval_check_possible_root (zend_gc.h:183)
==28514==    by 0xA4ED3C: i_zval_ptr_dtor (zend_execute.h:86)
==28514==    by 0xA546CC: zend_leave_helper_SPEC (zend_vm_execute.h:454)
==28514==    by 0xA5A4DC: ZEND_RETURN_SPEC_CONST_HANDLER (zend_vm_execute.h:2628)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0xA104D7: zend_execute_scripts (zend.c:1330)
==28514==    by 0x9786F6: php_execute_script (main.c:2584)
==28514==    by 0xAC26FC: do_cli (php_cli.c:994)
==28514==    by 0xAC3A2A: main (php_cli.c:1378)
==28514==  Address 0xce71184 is 20 bytes inside a block of size 32 free'd
==28514==    at 0x4C2B60C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==28514==    by 0x9D709E: _efree (zend_alloc.c:2437)
==28514==    by 0xA4EDEA: i_zval_ptr_dtor_nogc (zend_execute.h:96)
==28514==    by 0xA71809: ZEND_BOOL_SPEC_VAR_HANDLER (zend_vm_execute.h:13491)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==28514==    by 0x9FA441: call_user_function_ex (zend_execute_API.c:620)
==28514==    by 0xA0FD64: zend_error (zend.c:1212)
==28514==    by 0xA508F4: zend_verify_arg_error (zend_execute.c:606)
==28514==    by 0xA50A8A: zend_verify_arg_type (zend_execute.c:639)
==28514==    by 0xA5611D: ZEND_RECV_SPEC_HANDLER (zend_vm_execute.h:886)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==28514==    by 0x7799C7: zim_reflection_method_invokeArgs (php_reflection.c:3033)
==28514==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==28514==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0xA104D7: zend_execute_scripts (zend.c:1330)
==28514==    by 0x9786F6: php_execute_script (main.c:2584)
==28514==    by 0xAC26FC: do_cli (php_cli.c:994)
==28514==    by 0xAC3A2A: main (php_cli.c:1378)
==28514== 
==28514== Invalid read of size 1
==28514==    at 0xA3B7CE: zval_mark_grey (zend_gc.c:426)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B73E: zval_mark_grey (zend_gc.c:407)
==28514==    by 0xA3B73E: zval_mark_grey (zend_gc.c:407)
==28514==    by 0xA3B962: zobj_mark_grey (zend_gc.c:459)
==28514==    by 0xA3BA97: gc_mark_roots (zend_gc.c:493)
==28514==    by 0xA3C69A: gc_collect_cycles (zend_gc.c:795)
==28514==    by 0xA3AEAC: gc_zobj_possible_root (zend_gc.c:221)
==28514==    by 0xA3AB71: gc_zval_possible_root (zend_gc.c:143)
==28514==    by 0xA4DA1A: gc_zval_check_possible_root (zend_gc.h:183)
==28514==    by 0xA4ED3C: i_zval_ptr_dtor (zend_execute.h:86)
==28514==    by 0xA546CC: zend_leave_helper_SPEC (zend_vm_execute.h:454)
==28514==    by 0xA5A4DC: ZEND_RETURN_SPEC_CONST_HANDLER (zend_vm_execute.h:2628)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0xA104D7: zend_execute_scripts (zend.c:1330)
==28514==    by 0x9786F6: php_execute_script (main.c:2584)
==28514==    by 0xAC26FC: do_cli (php_cli.c:994)
==28514==    by 0xAC3A2A: main (php_cli.c:1378)
==28514==  Address 0xce71184 is 20 bytes inside a block of size 32 free'd
==28514==    at 0x4C2B60C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==28514==    by 0x9D709E: _efree (zend_alloc.c:2437)
==28514==    by 0xA4EDEA: i_zval_ptr_dtor_nogc (zend_execute.h:96)
==28514==    by 0xA71809: ZEND_BOOL_SPEC_VAR_HANDLER (zend_vm_execute.h:13491)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==28514==    by 0x9FA441: call_user_function_ex (zend_execute_API.c:620)
==28514==    by 0xA0FD64: zend_error (zend.c:1212)
==28514==    by 0xA508F4: zend_verify_arg_error (zend_execute.c:606)
==28514==    by 0xA50A8A: zend_verify_arg_type (zend_execute.c:639)
==28514==    by 0xA5611D: ZEND_RECV_SPEC_HANDLER (zend_vm_execute.h:886)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==28514==    by 0x7799C7: zim_reflection_method_invokeArgs (php_reflection.c:3033)
==28514==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==28514==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0xA104D7: zend_execute_scripts (zend.c:1330)
==28514==    by 0x9786F6: php_execute_script (main.c:2584)
==28514==    by 0xAC26FC: do_cli (php_cli.c:994)
==28514==    by 0xAC3A2A: main (php_cli.c:1378)
==28514== 
==28514== Invalid read of size 4
==28514==    at 0xA3B7F4: zval_mark_grey (zend_gc.c:427)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B73E: zval_mark_grey (zend_gc.c:407)
==28514==    by 0xA3B73E: zval_mark_grey (zend_gc.c:407)
==28514==    by 0xA3B962: zobj_mark_grey (zend_gc.c:459)
==28514==    by 0xA3BA97: gc_mark_roots (zend_gc.c:493)
==28514==    by 0xA3C69A: gc_collect_cycles (zend_gc.c:795)
==28514==    by 0xA3AEAC: gc_zobj_possible_root (zend_gc.c:221)
==28514==    by 0xA3AB71: gc_zval_possible_root (zend_gc.c:143)
==28514==    by 0xA4DA1A: gc_zval_check_possible_root (zend_gc.h:183)
==28514==    by 0xA4ED3C: i_zval_ptr_dtor (zend_execute.h:86)
==28514==    by 0xA546CC: zend_leave_helper_SPEC (zend_vm_execute.h:454)
==28514==    by 0xA5A4DC: ZEND_RETURN_SPEC_CONST_HANDLER (zend_vm_execute.h:2628)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0xA104D7: zend_execute_scripts (zend.c:1330)
==28514==    by 0x9786F6: php_execute_script (main.c:2584)
==28514==    by 0xAC26FC: do_cli (php_cli.c:994)
==28514==    by 0xAC3A2A: main (php_cli.c:1378)
==28514==  Address 0xce71180 is 16 bytes inside a block of size 32 free'd
==28514==    at 0x4C2B60C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==28514==    by 0x9D709E: _efree (zend_alloc.c:2437)
==28514==    by 0xA4EDEA: i_zval_ptr_dtor_nogc (zend_execute.h:96)
==28514==    by 0xA71809: ZEND_BOOL_SPEC_VAR_HANDLER (zend_vm_execute.h:13491)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==28514==    by 0x9FA441: call_user_function_ex (zend_execute_API.c:620)
==28514==    by 0xA0FD64: zend_error (zend.c:1212)
==28514==    by 0xA508F4: zend_verify_arg_error (zend_execute.c:606)
==28514==    by 0xA50A8A: zend_verify_arg_type (zend_execute.c:639)
==28514==    by 0xA5611D: ZEND_RECV_SPEC_HANDLER (zend_vm_execute.h:886)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==28514==    by 0x7799C7: zim_reflection_method_invokeArgs (php_reflection.c:3033)
==28514==    by 0xA54C91: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:558)
==28514==    by 0xA55468: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:693)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0xA104D7: zend_execute_scripts (zend.c:1330)
==28514==    by 0x9786F6: php_execute_script (main.c:2584)
==28514==    by 0xAC26FC: do_cli (php_cli.c:994)
==28514==    by 0xAC3A2A: main (php_cli.c:1378)
==28514== 
==28514== Invalid write of size 4
==28514==    at 0xA3B7FE: zval_mark_grey (zend_gc.c:427)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B81E: zval_mark_grey (zend_gc.c:432)
==28514==    by 0xA3B73E: zval_mark_grey (zend_gc.c:407)
==28514==    by 0xA3B73E: zval_mark_grey (zend_gc.c:407)
==28514==    by 0xA3B962: zobj_mark_grey (zend_gc.c:459)
==28514==    by 0xA3BA97: gc_mark_roots (zend_gc.c:493)
==28514==    by 0xA3C69A: gc_collect_cycles (zend_gc.c:795)
==28514==    by 0xA3AEAC: gc_zobj_possible_root (zend_gc.c:221)
==28514==    by 0xA3AB71: gc_zval_possible_root (zend_gc.c:143)
==28514==    by 0xA4DA1A: gc_zval_check_possible_root (zend_gc.h:183)
==28514==    by 0xA4ED3C: i_zval_ptr_dtor (zend_execute.h:86)
==28514==    by 0xA546CC: zend_leave_helper_SPEC (zend_vm_execute.h:454)
==28514==    by 0xA5A4DC: ZEND_RETURN_SPEC_CONST_HANDLER (zend_vm_execute.h:2628)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0xA104D7: zend_execute_scripts (zend.c:1330)
==28514==    by 0x9786F6: php_execute_script (main.c:2584)
==28514==    by 0xAC26FC: do_cli (php_cli.c:994)
==28514==    by 0xAC3A2A: main (php_cli.c:1378)
==28514==  Address 0xce71180 is 16 bytes inside a block of size 32 free'd
==28514==    at 0x4C2B60C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==28514==    by 0x9D709E: _efree (zend_alloc.c:2437)
==28514==    by 0xA4EDEA: i_zval_ptr_dtor_nogc (zend_execute.h:96)
==28514==    by 0xA71809: ZEND_BOOL_SPEC_VAR_HANDLER (zend_vm_execute.h:13491)
==28514==    by 0xA54306: execute_ex (zend_vm_execute.h:363)
==28514==    by 0xA5438F: zend_execute (zend_vm_execute.h:388)
==28514==    by 0x9FB2CF: zend_call_function (zend_execute_API.c:832)
==28514==    by 0x9FA441: call_user_function_ex (zend_execute_API.c:620)
==28514==    by 0xA0FD64: zend_error (zend.c:1212)
==28514==    by 0xA50

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-06-13 11:06 UTC] mbeccati@php.net
-Summary: SIGSEGV caused by Reflection::invokeArgs and/or call_user_func_array +Summary: SIGSEGV when using count() on an object implementing Countable -Assigned To: +Assigned To: mbeccati
 [2014-06-13 11:07 UTC] mbeccati@php.net
Related to the changes for #67064
 [2014-06-13 11:17 UTC] mbeccati@php.net
Automatic comment on behalf of mbeccati
Revision: http://git.php.net/?p=php-src.git;a=commit;h=df5551ba4f1aae8486b3c4011318188fde7e30cd
Log: Fix bug #67433 SIGSEGV when using count() on an object implementing Countable
 [2014-06-13 11:17 UTC] mbeccati@php.net
-Status: Assigned +Status: Closed
 [2014-06-13 13:41 UTC] mbeccati@php.net
For the sake of clarity, at first I didn't notice the problem was happening in zif_count. That's why the bug description points the finger on Reflection::invokeArgs / call_user_func_array
 [2014-06-18 13:51 UTC] dmitry@php.net
Automatic comment on behalf of mbeccati
Revision: http://git.php.net/?p=php-src.git;a=commit;h=df5551ba4f1aae8486b3c4011318188fde7e30cd
Log: Fix bug #67433 SIGSEGV when using count() on an object implementing Countable
 [2014-06-19 00:53 UTC] tyrael@php.net
Automatic comment on behalf of mbeccati
Revision: http://git.php.net/?p=php-src.git;a=commit;h=df5551ba4f1aae8486b3c4011318188fde7e30cd
Log: Fix bug #67433 SIGSEGV when using count() on an object implementing Countable
 [2014-07-02 08:26 UTC] ab@php.net
Automatic comment on behalf of mbeccati
Revision: http://git.php.net/?p=php-src.git;a=commit;h=df5551ba4f1aae8486b3c4011318188fde7e30cd
Log: Fix bug #67433 SIGSEGV when using count() on an object implementing Countable
 [2014-07-02 08:34 UTC] ab@php.net
Automatic comment on behalf of mbeccati
Revision: http://git.php.net/?p=php-src.git;a=commit;h=df5551ba4f1aae8486b3c4011318188fde7e30cd
Log: Fix bug #67433 SIGSEGV when using count() on an object implementing Countable
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Thu Apr 27 18:01:39 2017 UTC