PHP :: Bug #69700 :: tests/lang/this_assignment.phpt memory errors

Bug #69700	tests/lang/this_assignment.phpt memory errors
Submitted:	2015-05-24 20:11 UTC	Modified:	2015-05-24 20:11 UTC
From:	nikic@php.net	Assigned:	dmitry (profile)
Status:	Closed	Package:	Scripting Engine problem
PHP Version:	5.6Git-2015-05-24 (Git)	OS:
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2015-05-24 20:11 UTC] nikic@php.net

Description:
------------
From gcov:

==5934== Invalid read of size 8
==5934==    at 0x10B3C11: ZEND_INIT_METHOD_CALL_SPEC_UNUSED_CONST_HANDLER (zend_vm_execute.h:23938)
==5934==    by 0x100E4E5: execute_ex (zend_vm_execute.h:394)
==5934==    by 0x100EFFE: zend_execute (zend_vm_execute.h:434)
==5934==    by 0xF46C5B: zend_execute_scripts (zend.c:1389)
==5934==    by 0xE48EBB: php_execute_script (main.c:2479)
==5934==    by 0x114D47A: do_cli (php_cli.c:967)
==5934==    by 0x114EEE9: main (php_cli.c:1334)
==5934==  Address 0x11d52e70 is 16 bytes inside a block of size 40 free'd
==5934==    at 0x4C27C24: free (vg_replace_malloc.c:473)
==5934==    by 0xEECE24: _efree (zend_alloc.c:2222)
==5934==    by 0xFF31A2: zend_objects_store_del (zend_objects_API.c:205)
==5934==    by 0xF40F2D: _zval_dtor_func_for_ptr (zend_variables.c:116)
==5934==    by 0x10F25B2: zend_assign_to_variable (zend_execute.h:104)
==5934==    by 0x10F25B2: ZEND_ASSIGN_SPEC_CV_VAR_HANDLER (zend_vm_execute.h:33656)
==5934==    by 0x100E4E5: execute_ex (zend_vm_execute.h:394)
==5934==    by 0x100EFFE: zend_execute (zend_vm_execute.h:434)
==5934==    by 0xF46C5B: zend_execute_scripts (zend.c:1389)
==5934==    by 0xE48EBB: php_execute_script (main.c:2479)
==5934==    by 0x114D47A: do_cli (php_cli.c:967)
==5934==    by 0x114EEE9: main (php_cli.c:1334)
==5934== 
==5934== Invalid read of size 8
==5934==    at 0x10B3CBA: ZEND_INIT_METHOD_CALL_SPEC_UNUSED_CONST_HANDLER (zend_vm_execute.h:23944)
==5934==    by 0x100E4E5: execute_ex (zend_vm_execute.h:394)
==5934==    by 0x100EFFE: zend_execute (zend_vm_execute.h:434)
==5934==    by 0xF46C5B: zend_execute_scripts (zend.c:1389)
==5934==    by 0xE48EBB: php_execute_script (main.c:2479)
==5934==    by 0x114D47A: do_cli (php_cli.c:967)
==5934==    by 0x114EEE9: main (php_cli.c:1334)
==5934==  Address 0x11d52e78 is 24 bytes inside a block of size 40 free'd
==5934==    at 0x4C27C24: free (vg_replace_malloc.c:473)
==5934==    by 0xEECE24: _efree (zend_alloc.c:2222)
==5934==    by 0xFF31A2: zend_objects_store_del (zend_objects_API.c:205)
==5934==    by 0xF40F2D: _zval_dtor_func_for_ptr (zend_variables.c:116)
==5934==    by 0x10F25B2: zend_assign_to_variable (zend_execute.h:104)
==5934==    by 0x10F25B2: ZEND_ASSIGN_SPEC_CV_VAR_HANDLER (zend_vm_execute.h:33656)
==5934==    by 0x100E4E5: execute_ex (zend_vm_execute.h:394)
==5934==    by 0x100EFFE: zend_execute (zend_vm_execute.h:434)
==5934==    by 0xF46C5B: zend_execute_scripts (zend.c:1389)
==5934==    by 0xE48EBB: php_execute_script (main.c:2479)
==5934==    by 0x114D47A: do_cli (php_cli.c:967)
==5934==    by 0x114EEE9: main (php_cli.c:1334)
==5934== 
==5934== Invalid read of size 8
==5934==    at 0x10B3D30: ZEND_INIT_METHOD_CALL_SPEC_UNUSED_CONST_HANDLER (zend_vm_execute.h:23952)
==5934==    by 0x100E4E5: execute_ex (zend_vm_execute.h:394)
==5934==    by 0x100EFFE: zend_execute (zend_vm_execute.h:434)
==5934==    by 0xF46C5B: zend_execute_scripts (zend.c:1389)
==5934==    by 0xE48EBB: php_execute_script (main.c:2479)
==5934==    by 0x114D47A: do_cli (php_cli.c:967)
==5934==    by 0x114EEE9: main (php_cli.c:1334)
==5934==  Address 0x11d52e78 is 24 bytes inside a block of size 40 free'd
==5934==    at 0x4C27C24: free (vg_replace_malloc.c:473)
==5934==    by 0xEECE24: _efree (zend_alloc.c:2222)
==5934==    by 0xFF31A2: zend_objects_store_del (zend_objects_API.c:205)
==5934==    by 0xF40F2D: _zval_dtor_func_for_ptr (zend_variables.c:116)
==5934==    by 0x10F25B2: zend_assign_to_variable (zend_execute.h:104)
==5934==    by 0x10F25B2: ZEND_ASSIGN_SPEC_CV_VAR_HANDLER (zend_vm_execute.h:33656)
==5934==    by 0x100E4E5: execute_ex (zend_vm_execute.h:394)
==5934==    by 0x100EFFE: zend_execute (zend_vm_execute.h:434)
==5934==    by 0xF46C5B: zend_execute_scripts (zend.c:1389)
==5934==    by 0xE48EBB: php_execute_script (main.c:2479)
==5934==    by 0x114D47A: do_cli (php_cli.c:967)
==5934==    by 0x114EEE9: main (php_cli.c:1334)
==5934== 
==5934== Invalid read of size 8
==5934==    at 0xFEED8F: zend_std_get_method (zend_object_handlers.c:1068)
==5934==    by 0x10B3D71: ZEND_INIT_METHOD_CALL_SPEC_UNUSED_CONST_HANDLER (zend_vm_execute.h:23952)
==5934==    by 0x100E4E5: execute_ex (zend_vm_execute.h:394)
==5934==    by 0x100EFFE: zend_execute (zend_vm_execute.h:434)
==5934==    by 0xF46C5B: zend_execute_scripts (zend.c:1389)
==5934==    by 0xE48EBB: php_execute_script (main.c:2479)
==5934==    by 0x114D47A: do_cli (php_cli.c:967)
==5934==    by 0x114EEE9: main (php_cli.c:1334)
==5934==  Address 0x11d52e70 is 16 bytes inside a block of size 40 free'd
==5934==    at 0x4C27C24: free (vg_replace_malloc.c:473)
==5934==    by 0xEECE24: _efree (zend_alloc.c:2222)
==5934==    by 0xFF31A2: zend_objects_store_del (zend_objects_API.c:205)
==5934==    by 0xF40F2D: _zval_dtor_func_for_ptr (zend_variables.c:116)
==5934==    by 0x10F25B2: zend_assign_to_variable (zend_execute.h:104)
==5934==    by 0x10F25B2: ZEND_ASSIGN_SPEC_CV_VAR_HANDLER (zend_vm_execute.h:33656)
==5934==    by 0x100E4E5: execute_ex (zend_vm_execute.h:394)
==5934==    by 0x100EFFE: zend_execute (zend_vm_execute.h:434)
==5934==    by 0xF46C5B: zend_execute_scripts (zend.c:1389)
==5934==    by 0xE48EBB: php_execute_script (main.c:2479)
==5934==    by 0x114D47A: do_cli (php_cli.c:967)
==5934==    by 0x114EEE9: main (php_cli.c:1334)
==5934==

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-05-24 20:11 UTC] nikic@php.net

-Assigned To: +Assigned To: dmitry

[2015-05-24 20:11 UTC] nikic@php.net

Assigning to Dmitry as this is likely related to the recent $this refcounting changes.

[2015-05-25 15:29 UTC] dmitry@php.net

Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=c436e25fd5519bb26fea2385d858823be7e3fca2
Log: Fixed bug #69700 (tests/lang/this_assignment.phpt memory errors)

[2015-05-25 15:29 UTC] dmitry@php.net

-Status: Assigned +Status: Closed

[2016-07-20 11:38 UTC] davey@php.net

Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=c436e25fd5519bb26fea2385d858823be7e3fca2
Log: Fixed bug #69700 (tests/lang/this_assignment.phpt memory errors)

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat May 04 17:01:33 2024 UTC