php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72794 Corrupted or nulled, pointers to zvals arrval (HT)
Submitted: 2016-08-09 11:07 UTC Modified: 2021-03-16 14:20 UTC
From: shlomi at sbz dot co dot il Assigned: cmb (profile)
Status: Not a bug Package: Arrays related
PHP Version: 7.0.9 OS: centOS 7 x64
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: shlomi at sbz dot co dot il
New email:
PHP Version: OS:

 

 [2016-08-09 11:07 UTC] shlomi at sbz dot co dot il
Description:
------------
Hi,
I'm trying to add zvals to parent zval (creating associative array),
and hold pointers to each entry. Then fill the entries.

The process fails with segmentation fault when adding (int)indexed array, or corrupts the hash when adding acct array.

There is an example under: Test script.

I'll try to debug this issue but I need a clue what the problem might be.

Thanks.
Shlomi

Test script:
---------------
PHP_METHOD(__some_class__, foo){
	zval *data,
			*data_a,
			*data_b,
			*data_c,
			*data_d,
			*data_e,
			*data_f,
			*data_g,
			*data_h,
			*data_i,
			*data_j;

	array_init(return_value);
	zval tmp;
	array_init(&tmp);
	data = zend_hash_str_add(Z_ARRVAL_P(return_value), "data", strlen("data"), &tmp);

	array_init(&tmp);
	data_a = zend_hash_str_add(Z_ARRVAL_P(data), "index_a", strlen("index_a"), &tmp);
	array_init(&tmp);
	data_b = zend_hash_str_add(Z_ARRVAL_P(data), "index_b", strlen("index_b"), &tmp);
	array_init(&tmp);
	data_c = zend_hash_str_add(Z_ARRVAL_P(data), "index_c", strlen("index_c"), &tmp);
	array_init(&tmp);
	data_d = zend_hash_str_add(Z_ARRVAL_P(data), "index_d", strlen("index_d"), &tmp);
	array_init(&tmp);
	data_e = zend_hash_str_add(Z_ARRVAL_P(data), "index_e", strlen("index_e"), &tmp);
	array_init(&tmp);
	data_f = zend_hash_str_add(Z_ARRVAL_P(data), "index_f", strlen("index_f"), &tmp);
	array_init(&tmp);
	data_g = zend_hash_str_add(Z_ARRVAL_P(data), "index_g", strlen("index_g"), &tmp);
	array_init(&tmp);
	data_h = zend_hash_str_add(Z_ARRVAL_P(data), "index_h", strlen("index_h"), &tmp);
	array_init(&tmp);
	data_i = zend_hash_str_add(Z_ARRVAL_P(data), "index_i", strlen("index_i"), &tmp);
	array_init(&tmp);
	data_j = zend_hash_str_add(Z_ARRVAL_P(data), "index_j", strlen("index_j"), &tmp);


	int i, j;
	char str[6];
	for(i=0; i<30; i++){
		zval *__z;
		zend_string *key;

		zval *carr = data_h; // change this for  testing [data_a - data_j].
							 // when set to data_i or data_j it works as expected.

		/** /
		__z = zend_hash_index_find(Z_ARRVAL_P(carr), i);
		if(!__z) {
			zval __tmp;
			array_init(&__tmp);
			__z = zend_hash_index_add_new(Z_ARRVAL_P(carr), i, &__tmp);
		}

		// seg fault the HT is nulled
		/**/
		snprintf(str, 6, "_%d", i);
		key = zend_string_init(str, strlen(str), 0);
		__z = zend_hash_find(Z_ARRVAL_P(carr), key);
		if(!__z) {
			zval __tmp;
			array_init(&__tmp);
			__z = zend_hash_add_new(Z_ARRVAL_P(carr), key, &__tmp);
		}
		zend_string_release(key);
		// hash corrupted
		/**/
		add_assoc_string(__z, "hello", "world!");
	}

}


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-08-09 11:24 UTC] shlomi at sbz dot co dot il
-Package: hash related +Package: Arrays related
 [2016-08-09 11:24 UTC] shlomi at sbz dot co dot il
My mistake, It is not hash functions releated, but the hashTable related.
The closest I've found is array related.
 [2021-03-16 14:20 UTC] cmb@php.net
-Status: Open +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2021-03-16 14:20 UTC] cmb@php.net
Form a quick glance, I think you need multiple different tmp
variables.  Anyhow, such questions are better asked on the
internal mailing list anyway.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 11:01:28 2024 UTC