php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75176 APCu: Modifying a cached value while using APCUIterator Causes segfault
Submitted: 2017-09-08 21:18 UTC Modified: 2018-02-11 20:28 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: sethgrim123 at yahoo dot com Assigned: nikic (profile)
Status: Closed Package: APC (PECL)
PHP Version: 7.1.9 OS: Ubuntu 16.04.3 LTS
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: sethgrim123 at yahoo dot com
New email:
PHP Version: OS:

 

 [2017-09-08 21:18 UTC] sethgrim123 at yahoo dot com
Description:
------------
Changing a cached value with apcu_store after retrieving the key names using APCUIterator seems to cause a Segmentation fault.

For example, I found that if I save three values into the APC cache, I could modify the cache via apcu_store as long as I know the key names ahead of time.

If I use APCUIterator with a regex to find the key names, then iterated through the entries, a segmentation fault would occur if I tried to adjust the cached value.

It will still crash even if I try to save the key names in an array then try to change them outside of the APCUIterator iteration loop.

This issue does not seem to happen when reverting back to APCu 5.1.7.

Test script:
---------------
<?php 
$keys = array("Test1", "Test2", "Test3");

foreach($keys as $key) {
	$value = rand(1, 100);
	apcu_add($key, $value);   // set initial values
}

foreach($keys as $key) {
	$value = rand(1, 100);
	apcu_store($key, $value); // this does not cause a crash
	
}

$iterator = new APCUIterator('#^Test#', APC_ITER_KEY);
foreach ($iterator as $entry) {
	$key = (string) $entry['key'];
	apcu_store($key, 0); 	 // this will cause a Segmentation fault with APC 5.1.8
}

Expected result:
----------------
The script should run without any errors and ultimately set the APC cache for keys "Test1", "Test2" and "Test3" to 0.

Actual result:
--------------
With APC 5.1.8, a "Segmentation fault (core dumped)" or "zend_mm_heap corrupted" error will be displayed instead.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-10-24 08:51 UTC] kalle@php.net
-Summary: Modifying a cached value while using APCUIterator Causes Segmentation Fault +Summary: APCu: Modifying a cached value while using APCUIterator Causes segfault
 [2018-01-12 21:15 UTC] sethgrim123 at yahoo dot com
I'm using PHP 7.1.13 and the latest APCu 5.1.9 and my test script no longer crashes.

Maybe this was fixed with "- fix gh#266 refcounting errors in APCIterator"?
 [2018-02-11 20:28 UTC] nikic@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: nikic
 [2018-02-11 20:28 UTC] nikic@php.net
Per the previous comment, this has been fixed in apcu 5.1.9.
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC