PHP :: Bug #75176 :: APCu: Modifying a cached value while using APCUIterator Causes segfault

Bug #75176

APCu: Modifying a cached value while using APCUIterator Causes segfault

Submitted:

2017-09-08 21:18 UTC

Modified:

2018-02-11 20:28 UTC

Votes:	1
Avg. Score:	3.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

sethgrim123 at yahoo dot com

Assigned:

nikic (profile)

Status:

Closed

Package:

APC (PECL)

PHP Version:

7.1.9

OS:

Ubuntu 16.04.3 LTS

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	sethgrim123 at yahoo dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2017-09-08 21:18 UTC] sethgrim123 at yahoo dot com

Description:
------------
Changing a cached value with apcu_store after retrieving the key names using APCUIterator seems to cause a Segmentation fault.

For example, I found that if I save three values into the APC cache, I could modify the cache via apcu_store as long as I know the key names ahead of time.

If I use APCUIterator with a regex to find the key names, then iterated through the entries, a segmentation fault would occur if I tried to adjust the cached value.

It will still crash even if I try to save the key names in an array then try to change them outside of the APCUIterator iteration loop.

This issue does not seem to happen when reverting back to APCu 5.1.7.

Test script:
---------------
<?php 
$keys = array("Test1", "Test2", "Test3");

foreach($keys as $key) {
	$value = rand(1, 100);
	apcu_add($key, $value);   // set initial values
}

foreach($keys as $key) {
	$value = rand(1, 100);
	apcu_store($key, $value); // this does not cause a crash
	
}

$iterator = new APCUIterator('#^Test#', APC_ITER_KEY);
foreach ($iterator as $entry) {
	$key = (string) $entry['key'];
	apcu_store($key, 0); 	 // this will cause a Segmentation fault with APC 5.1.8
}

Expected result:
----------------
The script should run without any errors and ultimately set the APC cache for keys "Test1", "Test2" and "Test3" to 0.

Actual result:
--------------
With APC 5.1.8, a "Segmentation fault (core dumped)" or "zend_mm_heap corrupted" error will be displayed instead.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2017-10-24 08:51 UTC] kalle@php.net

-Summary: Modifying a cached value while using APCUIterator Causes Segmentation Fault +Summary: APCu: Modifying a cached value while using APCUIterator Causes segfault

[2018-01-12 21:15 UTC] sethgrim123 at yahoo dot com

I'm using PHP 7.1.13 and the latest APCu 5.1.9 and my test script no longer crashes.

Maybe this was fixed with "- fix gh#266 refcounting errors in APCIterator"?

[2018-02-11 20:28 UTC] nikic@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: nikic

[2018-02-11 20:28 UTC] nikic@php.net

Per the previous comment, this has been fixed in apcu 5.1.9.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 25 11:01:30 2024 UTC