php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72794 Corrupted or nulled, pointers to zvals arrval (HT)
Submitted: 2016-08-09 11:07 UTC Modified: 2016-08-09 11:24 UTC
From: shlomi at sbz dot co dot il Assigned:
Status: Open Package: Arrays related
PHP Version: 7.0.9 OS: centOS 7 x64
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: shlomi at sbz dot co dot il
New email:
PHP Version: OS:

 

 [2016-08-09 11:07 UTC] shlomi at sbz dot co dot il
Description:
------------
Hi,
I'm trying to add zvals to parent zval (creating associative array),
and hold pointers to each entry. Then fill the entries.

The process fails with segmentation fault when adding (int)indexed array, or corrupts the hash when adding acct array.

There is an example under: Test script.

I'll try to debug this issue but I need a clue what the problem might be.

Thanks.
Shlomi

Test script:
---------------
PHP_METHOD(__some_class__, foo){
	zval *data,
			*data_a,
			*data_b,
			*data_c,
			*data_d,
			*data_e,
			*data_f,
			*data_g,
			*data_h,
			*data_i,
			*data_j;

	array_init(return_value);
	zval tmp;
	array_init(&tmp);
	data = zend_hash_str_add(Z_ARRVAL_P(return_value), "data", strlen("data"), &tmp);

	array_init(&tmp);
	data_a = zend_hash_str_add(Z_ARRVAL_P(data), "index_a", strlen("index_a"), &tmp);
	array_init(&tmp);
	data_b = zend_hash_str_add(Z_ARRVAL_P(data), "index_b", strlen("index_b"), &tmp);
	array_init(&tmp);
	data_c = zend_hash_str_add(Z_ARRVAL_P(data), "index_c", strlen("index_c"), &tmp);
	array_init(&tmp);
	data_d = zend_hash_str_add(Z_ARRVAL_P(data), "index_d", strlen("index_d"), &tmp);
	array_init(&tmp);
	data_e = zend_hash_str_add(Z_ARRVAL_P(data), "index_e", strlen("index_e"), &tmp);
	array_init(&tmp);
	data_f = zend_hash_str_add(Z_ARRVAL_P(data), "index_f", strlen("index_f"), &tmp);
	array_init(&tmp);
	data_g = zend_hash_str_add(Z_ARRVAL_P(data), "index_g", strlen("index_g"), &tmp);
	array_init(&tmp);
	data_h = zend_hash_str_add(Z_ARRVAL_P(data), "index_h", strlen("index_h"), &tmp);
	array_init(&tmp);
	data_i = zend_hash_str_add(Z_ARRVAL_P(data), "index_i", strlen("index_i"), &tmp);
	array_init(&tmp);
	data_j = zend_hash_str_add(Z_ARRVAL_P(data), "index_j", strlen("index_j"), &tmp);


	int i, j;
	char str[6];
	for(i=0; i<30; i++){
		zval *__z;
		zend_string *key;

		zval *carr = data_h; // change this for  testing [data_a - data_j].
							 // when set to data_i or data_j it works as expected.

		/** /
		__z = zend_hash_index_find(Z_ARRVAL_P(carr), i);
		if(!__z) {
			zval __tmp;
			array_init(&__tmp);
			__z = zend_hash_index_add_new(Z_ARRVAL_P(carr), i, &__tmp);
		}

		// seg fault the HT is nulled
		/**/
		snprintf(str, 6, "_%d", i);
		key = zend_string_init(str, strlen(str), 0);
		__z = zend_hash_find(Z_ARRVAL_P(carr), key);
		if(!__z) {
			zval __tmp;
			array_init(&__tmp);
			__z = zend_hash_add_new(Z_ARRVAL_P(carr), key, &__tmp);
		}
		zend_string_release(key);
		// hash corrupted
		/**/
		add_assoc_string(__z, "hello", "world!");
	}

}


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-08-09 11:24 UTC] shlomi at sbz dot co dot il
-Package: hash related +Package: Arrays related
 [2016-08-09 11:24 UTC] shlomi at sbz dot co dot il
My mistake, It is not hash functions releated, but the hashTable related.
The closest I've found is array related.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Tue Sep 17 12:01:27 2019 UTC