php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72794 Corrupted or nulled, pointers to zvals arrval (HT)
Submitted: 2016-08-09 11:07 UTC Modified: 2016-08-09 11:24 UTC
From: shlomi at sbz dot co dot il Assigned:
Status: Open Package: Arrays related
PHP Version: 7.0.9 OS: centOS 7 x64
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2016-08-09 11:07 UTC] shlomi at sbz dot co dot il
Description:
------------
Hi,
I'm trying to add zvals to parent zval (creating associative array),
and hold pointers to each entry. Then fill the entries.

The process fails with segmentation fault when adding (int)indexed array, or corrupts the hash when adding acct array.

There is an example under: Test script.

I'll try to debug this issue but I need a clue what the problem might be.

Thanks.
Shlomi

Test script:
---------------
PHP_METHOD(__some_class__, foo){
	zval *data,
			*data_a,
			*data_b,
			*data_c,
			*data_d,
			*data_e,
			*data_f,
			*data_g,
			*data_h,
			*data_i,
			*data_j;

	array_init(return_value);
	zval tmp;
	array_init(&tmp);
	data = zend_hash_str_add(Z_ARRVAL_P(return_value), "data", strlen("data"), &tmp);

	array_init(&tmp);
	data_a = zend_hash_str_add(Z_ARRVAL_P(data), "index_a", strlen("index_a"), &tmp);
	array_init(&tmp);
	data_b = zend_hash_str_add(Z_ARRVAL_P(data), "index_b", strlen("index_b"), &tmp);
	array_init(&tmp);
	data_c = zend_hash_str_add(Z_ARRVAL_P(data), "index_c", strlen("index_c"), &tmp);
	array_init(&tmp);
	data_d = zend_hash_str_add(Z_ARRVAL_P(data), "index_d", strlen("index_d"), &tmp);
	array_init(&tmp);
	data_e = zend_hash_str_add(Z_ARRVAL_P(data), "index_e", strlen("index_e"), &tmp);
	array_init(&tmp);
	data_f = zend_hash_str_add(Z_ARRVAL_P(data), "index_f", strlen("index_f"), &tmp);
	array_init(&tmp);
	data_g = zend_hash_str_add(Z_ARRVAL_P(data), "index_g", strlen("index_g"), &tmp);
	array_init(&tmp);
	data_h = zend_hash_str_add(Z_ARRVAL_P(data), "index_h", strlen("index_h"), &tmp);
	array_init(&tmp);
	data_i = zend_hash_str_add(Z_ARRVAL_P(data), "index_i", strlen("index_i"), &tmp);
	array_init(&tmp);
	data_j = zend_hash_str_add(Z_ARRVAL_P(data), "index_j", strlen("index_j"), &tmp);


	int i, j;
	char str[6];
	for(i=0; i<30; i++){
		zval *__z;
		zend_string *key;

		zval *carr = data_h; // change this for  testing [data_a - data_j].
							 // when set to data_i or data_j it works as expected.

		/** /
		__z = zend_hash_index_find(Z_ARRVAL_P(carr), i);
		if(!__z) {
			zval __tmp;
			array_init(&__tmp);
			__z = zend_hash_index_add_new(Z_ARRVAL_P(carr), i, &__tmp);
		}

		// seg fault the HT is nulled
		/**/
		snprintf(str, 6, "_%d", i);
		key = zend_string_init(str, strlen(str), 0);
		__z = zend_hash_find(Z_ARRVAL_P(carr), key);
		if(!__z) {
			zval __tmp;
			array_init(&__tmp);
			__z = zend_hash_add_new(Z_ARRVAL_P(carr), key, &__tmp);
		}
		zend_string_release(key);
		// hash corrupted
		/**/
		add_assoc_string(__z, "hello", "world!");
	}

}


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-08-09 11:24 UTC] shlomi at sbz dot co dot il
-Package: hash related +Package: Arrays related
 [2016-08-09 11:24 UTC] shlomi at sbz dot co dot il
My mistake, It is not hash functions releated, but the hashTable related.
The closest I've found is array related.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Tue Oct 22 10:01:29 2019 UTC