php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #77669 Crash in extract() when overwriting extracted array
Submitted: 2019-02-25 22:20 UTC Modified: 2019-02-28 08:56 UTC
From: profic at gmail dot com Assigned: nikic (profile)
Status: Closed Package: Reproducible crash
PHP Version: 7.2.15 OS: Ubuntu 18.04/Windows 7
Private report: No CVE-ID: None
View Developer Edit
 [2019-02-25 22:20 UTC] profic at gmail dot com 
Description:
------------
I've looked through other similar bugs, but haven't found the exact match. However the main thing is the same: a crash inside zend_mm_alloc_small() when a rather large code base is used/ Trying to extract the offending stuff seems impossible as even the count of retured from a database rows is relevant. (In my case it is distinct: the difference between a crash and a non-crash lays between n and n+1 returned rows from the db.) Thus all I have is two backtraces.

Actual result:
--------------
1) This one is using a plus operator with arrays:
Program received signal SIGSEGV, Segmentation fault.
zend_mm_alloc_small (bin_num=6, size=56, heap=0x7f89d4400040) at ./Zend/zend_alloc.c:1273
1273    ./Zend/zend_alloc.c: No such file or directory.
(gdb) bt full
#0  zend_mm_alloc_small (bin_num=6, size=56, heap=0x7f89d4400040) at ./Zend/zend_alloc.c:1273
        p = 0x7f89d44ff7a800
#1  _emalloc_56 () at ./Zend/zend_alloc.c:2352
No locals.
#2  0x0000556371c55ec2 in zend_array_dup (source=0x7f89d4466540) at ./Zend/zend_hash.c:1764
        idx = <optimized out>
        target = <optimized out>
#3  0x0000556371c40b8d in _zval_copy_ctor_func (zvalue=zvalue@entry=0x7f89d441f1e0) at ./Zend/zend_variables.c:169
        __z = 0x7f89d441f1e0
#4  0x0000556371c3cce0 in add_function (result=0x7f89d441f1e0, op1=0x7f89d441f0e0, op2=op2@entry=0x7f89d441f1d0)
    at ./Zend/zend_operators.c:925
        _z1 = 0x7f89d441f1e0
        _z2 = 0x7f89d441f0e0
        _gc = <optimized out>
        _t = <optimized out>
        op1_copy = {value = {lval = 140229948686560, dval = 6.9282800164110129e-310, counted = 0x7f89d44740e0,
            str = 0x7f89d44740e0, arr = 0x7f89d44740e0, obj = 0x7f89d44740e0, res = 0x7f89d44740e0, ref = 0x7f89d44740e0,
            ast = 0x7f89d44740e0, zv = 0x7f89d44740e0, ptr = 0x7f89d44740e0, ce = 0x7f89d44740e0, func = 0x7f89d44740e0,
            ww = {w1 = 3561439456, w2 = 32649}}, u1 = {v = {type = 0 '\000', type_flags = 242 '\362', const_flags = 65 'A',
              reserved = 212 '\324'}, type_info = 3561091584}, u2 = {next = 32649, cache_slot = 32649, lineno = 32649,
            num_args = 32649, fe_pos = 32649, fe_iter_idx = 32649, access_flags = 32649, property_guard = 32649,
            extra = 32649}}
        op2_copy = {value = {lval = 140229948337920, dval = 6.9282799991859082e-310, counted = 0x7f89d441ef00,
            str = 0x7f89d441ef00, arr = 0x7f89d441ef00, obj = 0x7f89d441ef00, res = 0x7f89d441ef00, ref = 0x7f89d441ef00,
            ast = 0x7f89d441ef00, zv = 0x7f89d441ef00, ptr = 0x7f89d441ef00, ce = 0x7f89d441ef00, func = 0x7f89d441ef00,
            ww = {w1 = 3561090816, w2 = 32649}}, u1 = {v = {type = 106 'j', type_flags = 204 '\314',
              const_flags = 200 '\310', reserved = 113 'q'}, type_info = 1908984938}, u2 = {next = 21859,
            cache_slot = 21859, lineno = 21859, num_args = 21859, fe_pos = 21859, fe_iter_idx = 21859,
            access_flags = 21859, property_guard = 21859, extra = 21859}}
        converted = <optimized out>
#5  0x0000556371caa021 in ZEND_ADD_SPEC_CV_TMPVAR_HANDLER () at ./Zend/zend_vm_execute.h:44848
        free_op2 = 0x7f89d441f1d0
        op1 = <optimized out>
        op2 = <optimized out>
        result = <optimized out>
#6  0x0000556371cee8a4 in execute_ex (ex=0x7f89d4400040) at ./Zend/zend_vm_execute.h:62846
        orig_opline = <optimized out>
        orig_execute_data = <optimized out>
#7  0x0000556371cf43a7 in zend_execute (op_array=op_array@entry=0x7f89d44740e0,
    return_value=return_value@entry=0x7f89d4498ac0) at ./Zend/zend_vm_execute.h:63776
        execute_data = <optimized out>
#8  0x0000556371c42d92 in zend_execute_scripts (type=type@entry=8, retval=0x7f89d4498ac0, retval@entry=0x7ffc4d7e7740,
    file_count=-733876096, file_count@entry=1) at ./Zend/zend.c:1498
        files = {{gp_offset = 32, fp_offset = 0, overflow_arg_area = 0x7ffc4d7e6710, reg_save_area = 0x7ffc4d7e66a0}}
        i = 0
        file_handle = 0x7ffc4d7e7750
        op_array = 0x7f89d44740e0
#9  0x0000556371cfcd5a in php_cli_server_dispatch_router (client=0x5563733a6c20, server=<optimized out>)
    at ./sapi/cli/php_cli_server.c:2117
        retval = {value = {lval = 93885623332104, dval = 4.6385661126783968e-310, counted = 0x5563733a6d08,
            str = 0x5563733a6d08, arr = 0x5563733a6d08, obj = 0x5563733a6d08, res = 0x5563733a6d08, ref = 0x5563733a6d08,
            ast = 0x5563733a6d08, zv = 0x5563733a6d08, ptr = 0x5563733a6d08, ce = 0x5563733a6d08, func = 0x5563733a6d08,
            ww = {w1 = 1933208840, w2 = 21859}}, u1 = {v = {type = 0 '\000', type_flags = 0 '\000', const_flags = 0 '\000',
              reserved = 0 '\000'}, type_info = 0}, u2 = {next = 21859, cache_slot = 21859, lineno = 21859,
            num_args = 21859, fe_pos = 21859, fe_iter_idx = 21859, access_flags = 21859, property_guard = 21859,
            extra = 21859}}
        __orig_bailout = 0x7ffc4d7e8bf0
        __bailout = {{__jmpbuf = {93885603123128, 84926004876533906, 93885603122568, 1, 93885623332104, 93885623331872,
              84926004857659538, 6058413123358548114}, __mask_was_saved = 0, __saved_mask = {__val = {93885598456025, 1,
                93885621682208, 93885603123152, 7713376935073365248, 1, 93885622513304, 93885603123152, 93885603122568, 1,
                0, 93885621682208, 93885599559546, 93885621682208, 7713376935073365248, 93885603122560}}}}
        decline = 0
        zfd = {handle = {fd = -733528064, fp = 0x7f89d4474000, stream = {handle = 0x7f89d4474000, isatty = 0, mmap = {
                len = 9346, pos = 0, map = 0x0,
                buf = 0x7f89d90f4000 <error: Cannot access memory at address 0x7f89d90f4000>, old_handle = 0x0,
                old_closer = 0x0}, reader = 0x556371bf52f0 <_php_stream_read>,
              fsizer = 0x556371bdbac0 <php_zend_stream_fsizer>, closer = 0x556371bdbaa0 <php_zend_stream_mmap_closer>}},
          filename = 0x556373392350 "index.php", opened_path = 0x0, type = ZEND_HANDLE_MAPPED, free_filename = 0 '\000'}
        old_cwd = 0x7ffc4d7e6710 "/srv/zags-broadcast/web"
#10 0x0000556371cfd74b in php_cli_server_dispatch (client=0x5563733a6c20, server=0x556372060d80 <server>)
    at ./sapi/cli/php_cli_server.c:2156
        is_static_file = <optimized out>
        is_static_file = <optimized out>
        send_header_func = 0x556371cfd2a0 <sapi_cli_server_send_headers>
#11 php_cli_server_recv_event_read_request (server=0x556372060d80 <server>, client=0x5563733a6c20)
    at ./sapi/cli/php_cli_server.c:2379
        errstr = 0x0
        status = <optimized out>
#12 0x0000556371cfde40 in php_cli_server_do_event_for_each_fd_callback (_params=_params@entry=0x7ffc4d7e7a30,
    fd=<optimized out>, event=event@entry=1) at ./sapi/cli/php_cli_server.c:2462
        client = <optimized out>
        params = 0x7ffc4d7e7a30
        server = 0x556372060d80 <server>
#13 0x0000556371cfec0e in php_cli_server_poller_iter_on_active (poller=0x556372060d88 <server+8>,
    callback=0x556371cfddf0 <php_cli_server_do_event_for_each_fd_callback>, opaque=0x7ffc4d7e7a30)
    at ./sapi/cli/php_cli_server.c:846
        retval = <optimized out>
        fd = <optimized out>
        max_fd = <optimized out>
        retval = <optimized out>
        fd = <optimized out>
        max_fd = <optimized out>
        __d = <optimized out>
        __d = <optimized out>
#14 php_cli_server_do_event_for_each_fd (whandler=0x556371cfbe10 <php_cli_server_send_event>,
    rhandler=0x556371cfd590 <php_cli_server_recv_event_read_request>, server=0x556372060d80 <server>)
    at ./sapi/cli/php_cli_server.c:2480
        params = {server = 0x556372060d80 <server>, rhandler = 0x556371cfd590 <php_cli_server_recv_event_read_request>,
          whandler = 0x556371cfbe10 <php_cli_server_send_event>}
        params = <optimized out>
#15 php_cli_server_do_event_loop (server=0x556372060d80 <server>) at ./sapi/cli/php_cli_server.c:2490
        tv = {tv_sec = 0, tv_usec = 995055}
        n = <optimized out>
        retval = <optimized out>
        retval = <optimized out>
        tv = <optimized out>
        n = <optimized out>
        err = <optimized out>
        errstr = <optimized out>
#16 do_cli_server (argc=<optimized out>, argv=<optimized out>) at ./sapi/cli/php_cli_server.c:2612
        php_optarg = 0x5563731f87e0 "0.0.0.0:8081"
        php_optind = 3
        c = <optimized out>
        server_bind_address = <optimized out>
        document_root = <optimized out>
        router = <optimized out>
        document_root_buf = "/srv/zags-broadcast/web\000\000\200!\000\000\000\000\000xq!\000\000\000\000\000\060t!\000\000\000\000\000\000`\001\000\000\000\000\000\003\000\000\000\211\177\000\000\000~~M\374\177\000\000\300{~M\374\177\000\000\350~~M\374\177\000\000\002\000\000\000\000\000\000\000\001\312\000\000\000\000\000\000\255n\355؉\177", '\000' <repeats 11 times>, "\200\232\001\000\000\000\000\324{\232\001\000\000\000\000\324{\232\001", '\000' <repeats 12 times>, "\005\000\000\000\211\177\000\000\000p\272\001\000\000\000\000\000\220\272\001\000\000\000\000\b\200\272\001\000\000\000\000\020\200\272\001\000\000\000\000\000p\232\001\000\000\000\000\221"...
#17 0x0000556371a8c4d2 in main (argc=4, argv=0x5563731f8770) at ./sapi/cli/php_cli.c:1406
        __orig_bailout = 0x0
        __bailout = {{__jmpbuf = {93885603034400, -84111279872286574, 0, 140721608625124, 0, 140721608625128,
              84926009819521170, 6058412891705565330}, __mask_was_saved = 0, __saved_mask = {__val = {17179869188,
                140229998027808, 140229998027808, 0 <repeats 12 times>, 1}}}}
        c = <optimized out>
        exit_status = 0
        module_started = 1
        sapi_started = 1
        php_optarg = 0x5563731f87e0 "0.0.0.0:8081"
        php_optind = 3
        use_extended_info = 0
        ini_path_override = 0x0
        ini_entries = 0x0
        ini_entries_len = 0
        ini_ignore = 0
        sapi_module = <optimized out>
(gdb)

2) And this one is a result of replacing the plus array operator with an array_merge() call in the attempt to mitigate the problem:
Program received signal SIGSEGV, Segmentation fault.
zend_mm_alloc_small (bin_num=6, size=56, heap=0x7f0ffc400040) at ./Zend/zend_alloc.c:1273
1273    ./Zend/zend_alloc.c: No such file or directory.
(gdb) bt full
#0  zend_mm_alloc_small (bin_num=6, size=56, heap=0x7f0ffc400040) at ./Zend/zend_alloc.c:1273
        p = 0x7f0ffc50093000
#1  _emalloc_56 () at ./Zend/zend_alloc.c:2352
No locals.
#2  0x000055f6a0a92ec2 in zend_array_dup (source=0x7f0ffc467578) at ./Zend/zend_hash.c:1764
        idx = <optimized out>
        target = <optimized out>
#3  0x000055f6a0b11df0 in ZEND_ASSIGN_DIM_SPEC_CV_TMPVAR_OP_DATA_VAR_HANDLER () at ./Zend/zend_vm_execute.h:47298
        __z = 0x7f0ffc41fc70
        _zv = 0x7f0ffc41fc70
        _arr = <optimized out>
        object_ptr = 0x7f0ffc41fc70
        free_op2 = <optimized out>
        free_op_data = <optimized out>
        value = <optimized out>
        variable_ptr = <optimized out>
        dim = <optimized out>
#4  0x000055f6a0b2a77e in execute_ex (ex=0x7f0ffc400040) at ./Zend/zend_vm_execute.h:63077
        orig_opline = <optimized out>
        orig_execute_data = <optimized out>
#5  0x000055f6a0b313a7 in zend_execute (op_array=op_array@entry=0x7f0ffc4740e0,
    return_value=return_value@entry=0x7f0ffc4989a0) at ./Zend/zend_vm_execute.h:63776
        execute_data = <optimized out>
#6  0x000055f6a0a7fd92 in zend_execute_scripts (type=type@entry=8, retval=0x7f0ffc4989a0, retval@entry=0x7fff3301d3d0,
    file_count=-62784512, file_count@entry=1) at ./Zend/zend.c:1498
        files = {{gp_offset = 32, fp_offset = 8, overflow_arg_area = 0x7fff3301c3a0, reg_save_area = 0x7fff3301c330}}
        i = 0
        file_handle = 0x7fff3301d3e0
        op_array = 0x7f0ffc4740e0
#7  0x000055f6a0b39d5a in php_cli_server_dispatch_router (client=0x55f6a19c4020, server=<optimized out>)
    at ./sapi/cli/php_cli_server.c:2117
        retval = {value = {lval = 94517761687816, dval = 4.6697978971759841e-310, counted = 0x55f6a19c4108,
            str = 0x55f6a19c4108, arr = 0x55f6a19c4108, obj = 0x55f6a19c4108, res = 0x55f6a19c4108, ref = 0x55f6a19c4108,
            ast = 0x55f6a19c4108, zv = 0x55f6a19c4108, ptr = 0x55f6a19c4108, ce = 0x55f6a19c4108, func = 0x55f6a19c4108,
            ww = {w1 = 2711372040, w2 = 22006}}, u1 = {v = {type = 0 '\000', type_flags = 0 '\000', const_flags = 0 '\000',
              reserved = 0 '\000'}, type_info = 0}, u2 = {next = 22006, cache_slot = 22006, lineno = 22006,
            num_args = 22006, fe_pos = 22006, fe_iter_idx = 22006, access_flags = 22006, property_guard = 22006,
            extra = 22006}}
        __orig_bailout = 0x7fff3301e880
        __bailout = {{__jmpbuf = {94517749997496, -5842525765454173790, 94517749996936, 1, 94517761687816, 94517761687584,
              -5842525765938615902, -362528079560873566}, __mask_was_saved = 0, __saved_mask = {__val = {94517745330393,
                140734049146736, 140734049146336, 140734049146736, 94517749997064, 140734049146560, 139706680025055,
                206158430256, 140734049146320, 0, 15, 8589934592, 94517746433768, 32, 17432682182253752064,
                94517749996928}}}}
        decline = 0
        zfd = {handle = {fd = -62439424, fp = 0x7f0ffc474000, stream = {handle = 0x7f0ffc474000, isatty = 0, mmap = {
                len = 9346, pos = 0, map = 0x0,
                buf = 0x7f100118b000 <error: Cannot access memory at address 0x7f100118b000>, old_handle = 0x0,
                old_closer = 0x0}, reader = 0x55f6a0a322f0 <_php_stream_read>,
              fsizer = 0x55f6a0a18ac0 <php_zend_stream_fsizer>, closer = 0x55f6a0a18aa0 <php_zend_stream_mmap_closer>}},
          filename = 0x55f6a1b42350 "index.php", opened_path = 0x0, type = ZEND_HANDLE_MAPPED, free_filename = 0 '\000'}
        old_cwd = 0x7fff3301c3a0 "/srv/zags-broadcast/web"
#8  0x000055f6a0b3a74b in php_cli_server_dispatch (client=0x55f6a19c4020, server=0x55f6a0e9dd80 <server>)
    at ./sapi/cli/php_cli_server.c:2156
        is_static_file = <optimized out>
        is_static_file = <optimized out>
        send_header_func = 0x0
#9  php_cli_server_recv_event_read_request (server=0x55f6a0e9dd80 <server>, client=0x55f6a19c4020)
    at ./sapi/cli/php_cli_server.c:2379
        errstr = 0x0
        status = <optimized out>
#10 0x000055f6a0b3ae40 in php_cli_server_do_event_for_each_fd_callback (_params=_params@entry=0x7fff3301d6c0,
    fd=<optimized out>, event=event@entry=1) at ./sapi/cli/php_cli_server.c:2462
        client = <optimized out>
        params = 0x7fff3301d6c0
        server = 0x55f6a0e9dd80 <server>
#11 0x000055f6a0b3bc0e in php_cli_server_poller_iter_on_active (poller=0x55f6a0e9dd88 <server+8>,
    callback=0x55f6a0b3adf0 <php_cli_server_do_event_for_each_fd_callback>, opaque=0x7fff3301d6c0)
    at ./sapi/cli/php_cli_server.c:846
        retval = <optimized out>
        fd = <optimized out>
        max_fd = <optimized out>
        retval = <optimized out>
        fd = <optimized out>
        max_fd = <optimized out>
        __d = <optimized out>
        __d = <optimized out>
#12 php_cli_server_do_event_for_each_fd (whandler=0x55f6a0b38e10 <php_cli_server_send_event>,
    rhandler=0x55f6a0b3a590 <php_cli_server_recv_event_read_request>, server=0x55f6a0e9dd80 <server>)
    at ./sapi/cli/php_cli_server.c:2480
        params = {server = 0x55f6a0e9dd80 <server>, rhandler = 0x55f6a0b3a590 <php_cli_server_recv_event_read_request>,
          whandler = 0x55f6a0b38e10 <php_cli_server_send_event>}
        params = <optimized out>
#13 php_cli_server_do_event_loop (server=0x55f6a0e9dd80 <server>) at ./sapi/cli/php_cli_server.c:2490
        tv = {tv_sec = 0, tv_usec = 996211}
        n = <optimized out>
        retval = <optimized out>
        retval = <optimized out>
        tv = <optimized out>
        n = <optimized out>
        err = <optimized out>
        errstr = <optimized out>
#14 do_cli_server (argc=<optimized out>, argv=<optimized out>) at ./sapi/cli/php_cli_server.c:2612
        php_optarg = 0x55f6a19a87e0 "0.0.0.0:8081"
        php_optind = 3
        c = <optimized out>
        server_bind_address = <optimized out>
        document_root = <optimized out>
        router = <optimized out>
        document_root_buf = "/srv/zags-broadcast/web\000\000\200!\000\000\000\000\000xq!\000\000\000\000\000\060t!\000\000\000\000\000\000`\001\000\000\000\000\000\003\000\000\000\020\177\000\000\220\332\001\063\377\177\000\000P\330\001\063\377\177\000\000x\333\001\063\377\177\000\000\002\000\000\000\000\000\000\000\001\312\000\000\000\000\000\000\255\336\366\000\020\177", '\000' <repeats 11 times>, "\200\232\001\000\000\000\000\324{\232\001\000\000\000\000\324{\232\001", '\000' <repeats 12 times>, "\005\000\000\000\020\177\000\000\000p\272\001\000\000\000\000\000\220\272\001\000\000\000\000\b\200\272\001\000\000\000\000\020\200\272\001\000\000\000\000\000p\232\001\000\000\000\000"...
#15 0x000055f6a08c94d2 in main (argc=4, argv=0x55f6a19a8770) at ./sapi/cli/php_cli.c:1406
        __orig_bailout = 0x0
        __bailout = {{__jmpbuf = {94517749908768, 5842659409073367458, 0, 140734049151092, 0, 140734049151096,
              -5842525767226267230, -362527813012330078}, __mask_was_saved = 0, __saved_mask = {__val = {17179869188,
                139706683724832, 139706683724832, 0 <repeats 12 times>, 1}}}}
        c = <optimized out>
        exit_status = 0
        module_started = 1
        sapi_started = 1
        php_optarg = 0x55f6a19a87e0 "0.0.0.0:8081"
        php_optind = 3
        use_extended_info = 0
        ini_path_override = 0x0
        ini_entries = 0x0
        ini_entries_len = 0
        ini_ignore = 0
        sapi_module = <optimized out>
(gdb)

If there is something else I can provide, I'm open to suggestions.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-02-26 11:15 UTC] profic at gmail dot com 
I fogot to mention that this is the version I use:
$ php -v
PHP 7.2.15-0ubuntu0.18.04.1 (cli) (built: Feb  8 2019 14:54:22) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
$

Using php -n and loading only required extensions (tokenizer, pdo, pdo_pgsql) still leads to the crash.

Valgrind is of no help too:
==17063== Memcheck, a memory error detector
==17063== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==17063== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==17063== Command: php -S 0.0.0.0:8081 index.php
==17063==
==17063== Invalid read of size 8
==17063==    at 0x3815D2: zend_mm_alloc_small (zend_alloc.c:1273)
==17063==    by 0x3815D2: _emalloc_56 (zend_alloc.c:2352)
==17063==    by 0x3BDEC1: zend_array_dup (zend_hash.c:1764)
==17063==    by 0x3A8B8C: _zval_copy_ctor_func (zend_variables.c:169)
==17063==    by 0x3A4CDF: add_function (zend_operators.c:925)
==17063==    by 0x412020: ZEND_ADD_SPEC_CV_TMPVAR_HANDLER (zend_vm_execute.h:44848)
==17063==    by 0x4568A3: execute_ex (zend_vm_execute.h:62846)
==17063==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==17063==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==17063==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==17063==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==17063==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==17063==    by 0x465E3F: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2462)
==17063==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==17063==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==17063==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==17063==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==17063==  Address 0x9cff7a800 is not stack'd, malloc'd or (recently) free'd
==17063==
==17063==
==17063== Process terminating with default action of signal 11 (SIGSEGV)
==17063==  Access not within mapped region at address 0x9CFF7A800
==17063==    at 0x3815D2: zend_mm_alloc_small (zend_alloc.c:1273)
==17063==    by 0x3815D2: _emalloc_56 (zend_alloc.c:2352)
==17063==    by 0x3BDEC1: zend_array_dup (zend_hash.c:1764)
==17063==    by 0x3A8B8C: _zval_copy_ctor_func (zend_variables.c:169)
==17063==    by 0x3A4CDF: add_function (zend_operators.c:925)
==17063==    by 0x412020: ZEND_ADD_SPEC_CV_TMPVAR_HANDLER (zend_vm_execute.h:44848)
==17063==    by 0x4568A3: execute_ex (zend_vm_execute.h:62846)
==17063==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==17063==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==17063==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==17063==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==17063==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==17063==    by 0x465E3F: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2462)
==17063==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==17063==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==17063==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==17063==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==17063==  If you believe this happened as a result of a stack
==17063==  overflow in your program's main thread (unlikely but
==17063==  possible), you can try to increase the size of the
==17063==  main thread stack using the --main-stacksize= flag.
==17063==  The main thread stack size used in this run was 8388608.
==17063==
==17063== HEAP SUMMARY:
==17063==     in use at exit: 2,318,455 bytes in 19,018 blocks
==17063==   total heap usage: 34,734 allocs, 15,716 frees, 7,343,841 bytes allocated
==17063==
==17063== LEAK SUMMARY:
==17063==    definitely lost: 0 bytes in 0 blocks
==17063==    indirectly lost: 0 bytes in 0 blocks
==17063==      possibly lost: 1,337,570 bytes in 11,439 blocks
==17063==    still reachable: 980,885 bytes in 7,579 blocks
==17063==                       of which reachable via heuristic:
==17063==                         stdstring          : 5,826 bytes in 162 blocks
==17063==         suppressed: 0 bytes in 0 blocks
==17063== Rerun with --leak-check=full to see details of leaked memory
==17063==
==17063== For counts of detected and suppressed errors, rerun with: -v
==17063== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault

Any ideas on how to mitigate this crash are welcome too, for this crash only appeared after deploying the scripts in question to a production Linux-server, while there were no crashes during development on Windows [using PHP 7.2.12 (cli) (built: Nov  8 2018 05:47:36) ( ZTS MSVC15 (Visual C++ 2017) x64 )].
 [2019-02-26 11:22 UTC] profic at gmail dot com
-Operating System: Ubuntu 18.04 +Operating System: Ubuntu 18.04/Windows 7
 [2019-02-26 11:22 UTC] profic at gmail dot com 
Just tested the same code on Windows with PHP 7.2.12 for the sake of it, and it does crash too, while PHP 7.1.21 works fine.
 [2019-02-26 13:06 UTC] nikic@php.net 
@profic: Can you please rerun valgrind, but with the USE_ZEND_ALLOC=0 environment variable set?
 [2019-02-26 15:04 UTC] profic at gmail dot com 
@nikic, here's the result (it is rather huge):

u7n@ags:/srv/zags-broadcast/web$ sudo -u www-data USE_ZEND_ALLOC=0 valgrind php -S 0.0.0.0:8081 index.php
==19654== Memcheck, a memory error detector
==19654== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==19654== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==19654== Command: php -S 0.0.0.0:8081 index.php
==19654==
PHP 7.2.15-0ubuntu0.18.04.1 Development Server started at Tue Feb 26 17:58:54 2019
Listening on http://0.0.0.0:8081
Document root is /srv/zags-broadcast/web
Press Ctrl-C to quit.
==19654== Conditional jump or move depends on uninitialised value(s)
==19654==    at 0x4191485: ???
==19654==    by 0x165ABEB7: ???
==19654==    by 0x165ABEB7: ???
==19654==    by 0x165ABEC3: ???
==19654==    by 0x1FFEFFD7AF: ???
==19654==
==19654== Conditional jump or move depends on uninitialised value(s)
==19654==    at 0x4191485: ???
==19654==    by 0x165ACAD7: ???
==19654==    by 0x165ACAD7: ???
==19654==    by 0x165ACAEA: ???
==19654==    by 0x1FFEFFD7AF: ???
==19654==
==19654== Conditional jump or move depends on uninitialised value(s)
==19654==    at 0x4191485: ???
==19654==    by 0x165AE147: ???
==19654==    by 0x165AE147: ???
==19654==    by 0x165AE153: ???
==19654==    by 0x1FFEFFD7AF: ???
==19654==
==19654== Conditional jump or move depends on uninitialised value(s)
==19654==    at 0x4191485: ???
==19654==    by 0x165AFB67: ???
==19654==    by 0x165AFB67: ???
==19654==    by 0x165AFB77: ???
==19654==    by 0x1FFEFFD7AF: ???
==19654==
==19654== Conditional jump or move depends on uninitialised value(s)
==19654==    at 0x4191485: ???
==19654==    by 0x165B34B7: ???
==19654==    by 0x165B34B7: ???
==19654==    by 0x165B34CD: ???
==19654==    by 0x1FFEFFD7AF: ???
==19654==
==19654== Conditional jump or move depends on uninitialised value(s)
==19654==    at 0x4190A09: ???
==19654==    by 0x1651A94E: ???
==19654==    by 0x1651A5C7: ???
==19654==    by 0x1651A988: ???
==19654==    by 0x1FFEFFDB1F: ???
==19654==    by 0x8: ???
==19654==
==19654== Invalid read of size 8
==19654==    at 0x2C51A6: php_extract_prefix_invalid (array.c:2358)
==19654==    by 0x2C51A6: zif_extract (array.c:2554)
==19654==    by 0x45A641: ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:738)
==19654==    by 0x45A641: execute_ex (zend_vm_execute.h:59759)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Address 0x16bc3bb0 is 224 bytes inside a block of size 1,152 free'd
==19654==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x3BC7E9: zend_array_destroy (zend_hash.c:1330)
==19654==    by 0x2C51A5: php_extract_prefix_invalid (array.c:2357)
==19654==    by 0x2C51A5: zif_extract (array.c:2554)
==19654==    by 0x45A641: ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:738)
==19654==    by 0x45A641: execute_ex (zend_vm_execute.h:59759)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Block was alloc'd at
==19654==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x37EE88: __zend_malloc (zend_alloc.c:2829)
==19654==    by 0x3B7D42: zend_hash_do_resize (zend_hash.c:860)
==19654==    by 0x3B8A07: _zend_hash_add_or_update_i (zend_hash.c:591)
==19654==    by 0x3B8A07: _zend_hash_add_new (zend_hash.c:638)
==19654==    by 0x3F4C69: zend_fetch_dimension_address_inner (zend_execute.c:1565)
==19654==    by 0x3F4C69: zend_fetch_dimension_address_inner_W (zend_execute.c:1604)
==19654==    by 0x43CC50: ZEND_ASSIGN_DIM_SPEC_CV_TMPVAR_OP_DATA_VAR_HANDLER (zend_vm_execute.h:47310)
==19654==    by 0x45577D: execute_ex (zend_vm_execute.h:63077)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==
==19654== Invalid read of size 4
==19654==    at 0x2C51AA: php_extract_prefix_invalid (array.c:2358)
==19654==    by 0x2C51AA: zif_extract (array.c:2554)
==19654==    by 0x45A641: ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:738)
==19654==    by 0x45A641: execute_ex (zend_vm_execute.h:59759)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Address 0x16bc3bb8 is 232 bytes inside a block of size 1,152 free'd
==19654==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x3BC7E9: zend_array_destroy (zend_hash.c:1330)
==19654==    by 0x2C51A5: php_extract_prefix_invalid (array.c:2357)
==19654==    by 0x2C51A5: zif_extract (array.c:2554)
==19654==    by 0x45A641: ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:738)
==19654==    by 0x45A641: execute_ex (zend_vm_execute.h:59759)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Block was alloc'd at
==19654==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x37EE88: __zend_malloc (zend_alloc.c:2829)
==19654==    by 0x3B7D42: zend_hash_do_resize (zend_hash.c:860)
==19654==    by 0x3B8A07: _zend_hash_add_or_update_i (zend_hash.c:591)
==19654==    by 0x3B8A07: _zend_hash_add_new (zend_hash.c:638)
==19654==    by 0x3F4C69: zend_fetch_dimension_address_inner (zend_execute.c:1565)
==19654==    by 0x3F4C69: zend_fetch_dimension_address_inner_W (zend_execute.c:1604)
==19654==    by 0x43CC50: ZEND_ASSIGN_DIM_SPEC_CV_TMPVAR_OP_DATA_VAR_HANDLER (zend_vm_execute.h:47310)
==19654==    by 0x45577D: execute_ex (zend_vm_execute.h:63077)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==
==19654== Invalid read of size 1
==19654==    at 0x2C4B80: zval_get_type (zend_types.h:390)
==19654==    by 0x2C4B80: php_extract_prefix_invalid (array.c:2324)
==19654==    by 0x2C4B80: zif_extract (array.c:2554)
==19654==    by 0x45A641: ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:738)
==19654==    by 0x45A641: execute_ex (zend_vm_execute.h:59759)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Address 0x16bc3bd8 is 264 bytes inside a block of size 1,152 free'd
==19654==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x3BC7E9: zend_array_destroy (zend_hash.c:1330)
==19654==    by 0x2C51A5: php_extract_prefix_invalid (array.c:2357)
==19654==    by 0x2C51A5: zif_extract (array.c:2554)
==19654==    by 0x45A641: ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:738)
==19654==    by 0x45A641: execute_ex (zend_vm_execute.h:59759)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Block was alloc'd at
==19654==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x37EE88: __zend_malloc (zend_alloc.c:2829)
==19654==    by 0x3B7D42: zend_hash_do_resize (zend_hash.c:860)
==19654==    by 0x3B8A07: _zend_hash_add_or_update_i (zend_hash.c:591)
==19654==    by 0x3B8A07: _zend_hash_add_new (zend_hash.c:638)
==19654==    by 0x3F4C69: zend_fetch_dimension_address_inner (zend_execute.c:1565)
==19654==    by 0x3F4C69: zend_fetch_dimension_address_inner_W (zend_execute.c:1604)
==19654==    by 0x43CC50: ZEND_ASSIGN_DIM_SPEC_CV_TMPVAR_OP_DATA_VAR_HANDLER (zend_vm_execute.h:47310)
==19654==    by 0x45577D: execute_ex (zend_vm_execute.h:63077)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==
==19654== Invalid read of size 8
==19654==    at 0x2C4B9D: php_extract_prefix_invalid (array.c:2324)
==19654==    by 0x2C4B9D: zif_extract (array.c:2554)
==19654==    by 0x45A641: ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:738)
==19654==    by 0x45A641: execute_ex (zend_vm_execute.h:59759)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Address 0x16bc3be8 is 280 bytes inside a block of size 1,152 free'd
==19654==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x3BC7E9: zend_array_destroy (zend_hash.c:1330)
==19654==    by 0x2C51A5: php_extract_prefix_invalid (array.c:2357)
==19654==    by 0x2C51A5: zif_extract (array.c:2554)
==19654==    by 0x45A641: ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:738)
==19654==    by 0x45A641: execute_ex (zend_vm_execute.h:59759)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Block was alloc'd at
==19654==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x37EE88: __zend_malloc (zend_alloc.c:2829)
==19654==    by 0x3B7D42: zend_hash_do_resize (zend_hash.c:860)
==19654==    by 0x3B8A07: _zend_hash_add_or_update_i (zend_hash.c:591)
==19654==    by 0x3B8A07: _zend_hash_add_new (zend_hash.c:638)
==19654==    by 0x3F4C69: zend_fetch_dimension_address_inner (zend_execute.c:1565)
==19654==    by 0x3F4C69: zend_fetch_dimension_address_inner_W (zend_execute.c:1604)
==19654==    by 0x43CC50: ZEND_ASSIGN_DIM_SPEC_CV_TMPVAR_OP_DATA_VAR_HANDLER (zend_vm_execute.h:47310)
==19654==    by 0x45577D: execute_ex (zend_vm_execute.h:63077)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==
==19654== Invalid read of size 1
==19654==    at 0x2C5150: php_extract_prefix_invalid (array.c:2350)
==19654==    by 0x2C5150: zif_extract (array.c:2554)
==19654==    by 0x45A641: ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:738)
==19654==    by 0x45A641: execute_ex (zend_vm_execute.h:59759)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Address 0x16bc3bd8 is 264 bytes inside a block of size 1,152 free'd
==19654==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x3BC7E9: zend_array_destroy (zend_hash.c:1330)
==19654==    by 0x2C51A5: php_extract_prefix_invalid (array.c:2357)
==19654==    by 0x2C51A5: zif_extract (array.c:2554)
==19654==    by 0x45A641: ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:738)
==19654==    by 0x45A641: execute_ex (zend_vm_execute.h:59759)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Block was alloc'd at
==19654==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x37EE88: __zend_malloc (zend_alloc.c:2829)
==19654==    by 0x3B7D42: zend_hash_do_resize (zend_hash.c:860)
==19654==    by 0x3B8A07: _zend_hash_add_or_update_i (zend_hash.c:591)
==19654==    by 0x3B8A07: _zend_hash_add_new (zend_hash.c:638)
==19654==    by 0x3F4C69: zend_fetch_dimension_address_inner (zend_execute.c:1565)
==19654==    by 0x3F4C69: zend_fetch_dimension_address_inner_W (zend_execute.c:1604)
==19654==    by 0x43CC50: ZEND_ASSIGN_DIM_SPEC_CV_TMPVAR_OP_DATA_VAR_HANDLER (zend_vm_execute.h:47310)
==19654==    by 0x45577D: execute_ex (zend_vm_execute.h:63077)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==
==19654== Invalid read of size 1
==19654==    at 0x2C515A: php_extract_prefix_invalid (array.c:2351)
==19654==    by 0x2C515A: zif_extract (array.c:2554)
==19654==    by 0x45A641: ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:738)
==19654==    by 0x45A641: execute_ex (zend_vm_execute.h:59759)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Address 0x16bc3bd9 is 265 bytes inside a block of size 1,152 free'd
==19654==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x3BC7E9: zend_array_destroy (zend_hash.c:1330)
==19654==    by 0x2C51A5: php_extract_prefix_invalid (array.c:2357)
==19654==    by 0x2C51A5: zif_extract (array.c:2554)
==19654==    by 0x45A641: ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:738)
==19654==    by 0x45A641: execute_ex (zend_vm_execute.h:59759)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Block was alloc'd at
==19654==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x37EE88: __zend_malloc (zend_alloc.c:2829)
==19654==    by 0x3B7D42: zend_hash_do_resize (zend_hash.c:860)
==19654==    by 0x3B8A07: _zend_hash_add_or_update_i (zend_hash.c:591)
==19654==    by 0x3B8A07: _zend_hash_add_new (zend_hash.c:638)
==19654==    by 0x3F4C69: zend_fetch_dimension_address_inner (zend_execute.c:1565)
==19654==    by 0x3F4C69: zend_fetch_dimension_address_inner_W (zend_execute.c:1604)
==19654==    by 0x43CC50: ZEND_ASSIGN_DIM_SPEC_CV_TMPVAR_OP_DATA_VAR_HANDLER (zend_vm_execute.h:47310)
==19654==    by 0x45577D: execute_ex (zend_vm_execute.h:63077)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==
==19654== Invalid read of size 8
==19654==    at 0x2C5160: zval_addref_p (zend_types.h:892)
==19654==    by 0x2C5160: php_extract_prefix_invalid (array.c:2351)
==19654==    by 0x2C5160: zif_extract (array.c:2554)
==19654==    by 0x45A641: ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:738)
==19654==    by 0x45A641: execute_ex (zend_vm_execute.h:59759)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Address 0x16bc3bd0 is 256 bytes inside a block of size 1,152 free'd
==19654==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x3BC7E9: zend_array_destroy (zend_hash.c:1330)
==19654==    by 0x2C51A5: php_extract_prefix_invalid (array.c:2357)
==19654==    by 0x2C51A5: zif_extract (array.c:2554)
==19654==    by 0x45A641: ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:738)
==19654==    by 0x45A641: execute_ex (zend_vm_execute.h:59759)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Block was alloc'd at
==19654==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x37EE88: __zend_malloc (zend_alloc.c:2829)
==19654==    by 0x3B7D42: zend_hash_do_resize (zend_hash.c:860)
==19654==    by 0x3B8A07: _zend_hash_add_or_update_i (zend_hash.c:591)
==19654==    by 0x3B8A07: _zend_hash_add_new (zend_hash.c:638)
==19654==    by 0x3F4C69: zend_fetch_dimension_address_inner (zend_execute.c:1565)
==19654==    by 0x3F4C69: zend_fetch_dimension_address_inner_W (zend_execute.c:1604)
==19654==    by 0x43CC50: ZEND_ASSIGN_DIM_SPEC_CV_TMPVAR_OP_DATA_VAR_HANDLER (zend_vm_execute.h:47310)
==19654==    by 0x45577D: execute_ex (zend_vm_execute.h:63077)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==
==19654== Invalid read of size 4
==19654==    at 0x2C5164: zval_addref_p (zend_types.h:892)
==19654==    by 0x2C5164: php_extract_prefix_invalid (array.c:2351)
==19654==    by 0x2C5164: zif_extract (array.c:2554)
==19654==    by 0x45A641: ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:738)
==19654==    by 0x45A641: execute_ex (zend_vm_execute.h:59759)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Address 0x16c7aa70 is 0 bytes inside a block of size 56 free'd
==19654==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x3BC850: i_zval_ptr_dtor (zend_variables.h:49)
==19654==    by 0x3BC850: zend_array_destroy (zend_hash.c:1306)
==19654==    by 0x2C51A5: php_extract_prefix_invalid (array.c:2357)
==19654==    by 0x2C51A5: zif_extract (array.c:2554)
==19654==    by 0x45A641: ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:738)
==19654==    by 0x45A641: execute_ex (zend_vm_execute.h:59759)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Block was alloc'd at
==19654==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x37EE88: __zend_malloc (zend_alloc.c:2829)
==19654==    by 0x3BDEC1: zend_array_dup (zend_hash.c:1764)
==19654==    by 0x43CDEF: ZEND_ASSIGN_DIM_SPEC_CV_TMPVAR_OP_DATA_VAR_HANDLER (zend_vm_execute.h:47298)
==19654==    by 0x45577D: execute_ex (zend_vm_execute.h:63077)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==
==19654== Invalid read of size 4
==19654==    at 0x3B89BF: _zend_hash_add_or_update_i (zend_hash.c:608)
==19654==    by 0x3B89BF: _zend_hash_add_new (zend_hash.c:638)
==19654==    by 0x2C5F6F: php_extract_prefix_invalid (array.c:2360)
==19654==    by 0x2C5F6F: zif_extract (array.c:2554)
==19654==    by 0x45A641: ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:738)
==19654==    by 0x45A641: execute_ex (zend_vm_execute.h:59759)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Address 0x16bc3bd8 is 264 bytes inside a block of size 1,152 free'd
==19654==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x3BC7E9: zend_array_destroy (zend_hash.c:1330)
==19654==    by 0x2C51A5: php_extract_prefix_invalid (array.c:2357)
==19654==    by 0x2C51A5: zif_extract (array.c:2554)
==19654==    by 0x45A641: ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:738)
==19654==    by 0x45A641: execute_ex (zend_vm_execute.h:59759)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Block was alloc'd at
==19654==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x37EE88: __zend_malloc (zend_alloc.c:2829)
==19654==    by 0x3B7D42: zend_hash_do_resize (zend_hash.c:860)
==19654==    by 0x3B8A07: _zend_hash_add_or_update_i (zend_hash.c:591)
==19654==    by 0x3B8A07: _zend_hash_add_new (zend_hash.c:638)
==19654==    by 0x3F4C69: zend_fetch_dimension_address_inner (zend_execute.c:1565)
==19654==    by 0x3F4C69: zend_fetch_dimension_address_inner_W (zend_execute.c:1604)
==19654==    by 0x43CC50: ZEND_ASSIGN_DIM_SPEC_CV_TMPVAR_OP_DATA_VAR_HANDLER (zend_vm_execute.h:47310)
==19654==    by 0x45577D: execute_ex (zend_vm_execute.h:63077)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==
==19654== Invalid read of size 8
==19654==    at 0x3B89C3: _zend_hash_add_or_update_i (zend_hash.c:608)
==19654==    by 0x3B89C3: _zend_hash_add_new (zend_hash.c:638)
==19654==    by 0x2C5F6F: php_extract_prefix_invalid (array.c:2360)
==19654==    by 0x2C5F6F: zif_extract (array.c:2554)
==19654==    by 0x45A641: ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:738)
==19654==    by 0x45A641: execute_ex (zend_vm_execute.h:59759)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Address 0x16bc3bd0 is 256 bytes inside a block of size 1,152 free'd
==19654==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x3BC7E9: zend_array_destroy (zend_hash.c:1330)
==19654==    by 0x2C51A5: php_extract_prefix_invalid (array.c:2357)
==19654==    by 0x2C51A5: zif_extract (array.c:2554)
==19654==    by 0x45A641: ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:738)
==19654==    by 0x45A641: execute_ex (zend_vm_execute.h:59759)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Block was alloc'd at
==19654==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x37EE88: __zend_malloc (zend_alloc.c:2829)
==19654==    by 0x3B7D42: zend_hash_do_resize (zend_hash.c:860)
==19654==    by 0x3B8A07: _zend_hash_add_or_update_i (zend_hash.c:591)
==19654==    by 0x3B8A07: _zend_hash_add_new (zend_hash.c:638)
==19654==    by 0x3F4C69: zend_fetch_dimension_address_inner (zend_execute.c:1565)
==19654==    by 0x3F4C69: zend_fetch_dimension_address_inner_W (zend_execute.c:1604)
==19654==    by 0x43CC50: ZEND_ASSIGN_DIM_SPEC_CV_TMPVAR_OP_DATA_VAR_HANDLER (zend_vm_execute.h:47310)
==19654==    by 0x45577D: execute_ex (zend_vm_execute.h:63077)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==
==19654== Invalid read of size 4
==19654==    at 0x4108FB: zval_addref_p (zend_types.h:892)
==19654==    by 0x4108FB: ZEND_FE_RESET_R_SPEC_CV_HANDLER (zend_vm_execute.h:33944)
==19654==    by 0x455F55: execute_ex (zend_vm_execute.h:62000)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Address 0x16c7aa70 is 0 bytes inside a block of size 56 free'd
==19654==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x3BC850: i_zval_ptr_dtor (zend_variables.h:49)
==19654==    by 0x3BC850: zend_array_destroy (zend_hash.c:1306)
==19654==    by 0x2C51A5: php_extract_prefix_invalid (array.c:2357)
==19654==    by 0x2C51A5: zif_extract (array.c:2554)
==19654==    by 0x45A641: ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:738)
==19654==    by 0x45A641: execute_ex (zend_vm_execute.h:59759)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Block was alloc'd at
==19654==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x37EE88: __zend_malloc (zend_alloc.c:2829)
==19654==    by 0x3BDEC1: zend_array_dup (zend_hash.c:1764)
==19654==    by 0x43CDEF: ZEND_ASSIGN_DIM_SPEC_CV_TMPVAR_OP_DATA_VAR_HANDLER (zend_vm_execute.h:47298)
==19654==    by 0x45577D: execute_ex (zend_vm_execute.h:63077)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==
==19654== Invalid read of size 8
==19654==    at 0x4335AD: ZEND_FE_FETCH_R_SPEC_VAR_HANDLER (zend_vm_execute.h:16838)
==19654==    by 0x458604: execute_ex (zend_vm_execute.h:60833)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Address 0x16c7aa80 is 16 bytes inside a block of size 56 free'd
==19654==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x3BC850: i_zval_ptr_dtor (zend_variables.h:49)
==19654==    by 0x3BC850: zend_array_destroy (zend_hash.c:1306)
==19654==    by 0x2C51A5: php_extract_prefix_invalid (array.c:2357)
==19654==    by 0x2C51A5: zif_extract (array.c:2554)
==19654==    by 0x45A641: ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:738)
==19654==    by 0x45A641: execute_ex (zend_vm_execute.h:59759)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Block was alloc'd at
==19654==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x37EE88: __zend_malloc (zend_alloc.c:2829)
==19654==    by 0x3BDEC1: zend_array_dup (zend_hash.c:1764)
==19654==    by 0x43CDEF: ZEND_ASSIGN_DIM_SPEC_CV_TMPVAR_OP_DATA_VAR_HANDLER (zend_vm_execute.h:47298)
==19654==    by 0x45577D: execute_ex (zend_vm_execute.h:63077)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==
==19654== Invalid read of size 4
==19654==    at 0x4335B1: ZEND_FE_FETCH_R_SPEC_VAR_HANDLER (zend_vm_execute.h:16840)
==19654==    by 0x458604: execute_ex (zend_vm_execute.h:60833)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Address 0x16c7aa88 is 24 bytes inside a block of size 56 free'd
==19654==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x3BC850: i_zval_ptr_dtor (zend_variables.h:49)
==19654==    by 0x3BC850: zend_array_destroy (zend_hash.c:1306)
==19654==    by 0x2C51A5: php_extract_prefix_invalid (array.c:2357)
==19654==    by 0x2C51A5: zif_extract (array.c:2554)
==19654==    by 0x45A641: ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:738)
==19654==    by 0x45A641: execute_ex (zend_vm_execute.h:59759)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Block was alloc'd at
==19654==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x37EE88: __zend_malloc (zend_alloc.c:2829)
==19654==    by 0x3BDEC1: zend_array_dup (zend_hash.c:1764)
==19654==    by 0x43CDEF: ZEND_ASSIGN_DIM_SPEC_CV_TMPVAR_OP_DATA_VAR_HANDLER (zend_vm_execute.h:47298)
==19654==    by 0x45577D: execute_ex (zend_vm_execute.h:63077)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==
==19654== Invalid read of size 4
==19654==    at 0x4335BC: ZEND_FE_FETCH_R_SPEC_VAR_HANDLER (zend_vm_execute.h:16845)
==19654==    by 0x458604: execute_ex (zend_vm_execute.h:60833)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Address 0x16c7b6b0 is 16 bytes inside a block of size 264 free'd
==19654==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x3BC7E9: zend_array_destroy (zend_hash.c:1330)
==19654==    by 0x3BC850: i_zval_ptr_dtor (zend_variables.h:49)
==19654==    by 0x3BC850: zend_array_destroy (zend_hash.c:1306)
==19654==    by 0x2C51A5: php_extract_prefix_invalid (array.c:2357)
==19654==    by 0x2C51A5: zif_extract (array.c:2554)
==19654==    by 0x45A641: ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:738)
==19654==    by 0x45A641: execute_ex (zend_vm_execute.h:59759)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Block was alloc'd at
==19654==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x37EE88: __zend_malloc (zend_alloc.c:2829)
==19654==    by 0x3BA5A0: zend_hash_real_init_ex (zend_hash.c:135)
==19654==    by 0x3BA5A0: zend_hash_check_init (zend_hash.c:163)
==19654==    by 0x3BA5A0: _zend_hash_index_add_or_update_i (zend_hash.c:715)
==19654==    by 0x3BA5A0: _zend_hash_index_add_new (zend_hash.c:829)
==19654==    by 0x3F4BC6: zend_fetch_dimension_address_inner (zend_execute.c:1517)
==19654==    by 0x3F4BC6: zend_fetch_dimension_address_inner_W (zend_execute.c:1604)
==19654==    by 0x43CC50: ZEND_ASSIGN_DIM_SPEC_CV_TMPVAR_OP_DATA_VAR_HANDLER (zend_vm_execute.h:47310)
==19654==    by 0x45577D: execute_ex (zend_vm_execute.h:63077)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==
==19654== Invalid read of size 1
==19654==    at 0x4335F5: zend_assign_to_variable (zend_execute.h:65)
==19654==    by 0x4335F5: ZEND_FE_FETCH_R_SPEC_VAR_HANDLER (zend_vm_execute.h:16970)
==19654==    by 0x458604: execute_ex (zend_vm_execute.h:60833)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Address 0x16c7b6b0 is 16 bytes inside a block of size 264 free'd
==19654==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x3BC7E9: zend_array_destroy (zend_hash.c:1330)
==19654==    by 0x3BC850: i_zval_ptr_dtor (zend_variables.h:49)
==19654==    by 0x3BC850: zend_array_destroy (zend_hash.c:1306)
==19654==    by 0x2C51A5: php_extract_prefix_invalid (array.c:2357)
==19654==    by 0x2C51A5: zif_extract (array.c:2554)
==19654==    by 0x45A641: ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:738)
==19654==    by 0x45A641: execute_ex (zend_vm_execute.h:59759)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Block was alloc'd at
==19654==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x37EE88: __zend_malloc (zend_alloc.c:2829)
==19654==    by 0x3BA5A0: zend_hash_real_init_ex (zend_hash.c:135)
==19654==    by 0x3BA5A0: zend_hash_check_init (zend_hash.c:163)
==19654==    by 0x3BA5A0: _zend_hash_index_add_or_update_i (zend_hash.c:715)
==19654==    by 0x3BA5A0: _zend_hash_index_add_new (zend_hash.c:829)
==19654==    by 0x3F4BC6: zend_fetch_dimension_address_inner (zend_execute.c:1517)
==19654==    by 0x3F4BC6: zend_fetch_dimension_address_inner_W (zend_execute.c:1604)
==19654==    by 0x43CC50: ZEND_ASSIGN_DIM_SPEC_CV_TMPVAR_OP_DATA_VAR_HANDLER (zend_vm_execute.h:47310)
==19654==    by 0x45577D: execute_ex (zend_vm_execute.h:63077)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==
==19654== Invalid read of size 4
==19654==    at 0x43360D: zend_assign_to_variable (zend_execute.h:117)
==19654==    by 0x43360D: ZEND_FE_FETCH_R_SPEC_VAR_HANDLER (zend_vm_execute.h:16970)
==19654==    by 0x458604: execute_ex (zend_vm_execute.h:60833)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Address 0x16c7b6b0 is 16 bytes inside a block of size 264 free'd
==19654==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x3BC7E9: zend_array_destroy (zend_hash.c:1330)
==19654==    by 0x3BC850: i_zval_ptr_dtor (zend_variables.h:49)
==19654==    by 0x3BC850: zend_array_destroy (zend_hash.c:1306)
==19654==    by 0x2C51A5: php_extract_prefix_invalid (array.c:2357)
==19654==    by 0x2C51A5: zif_extract (array.c:2554)
==19654==    by 0x45A641: ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:738)
==19654==    by 0x45A641: execute_ex (zend_vm_execute.h:59759)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Block was alloc'd at
==19654==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x37EE88: __zend_malloc (zend_alloc.c:2829)
==19654==    by 0x3BA5A0: zend_hash_real_init_ex (zend_hash.c:135)
==19654==    by 0x3BA5A0: zend_hash_check_init (zend_hash.c:163)
==19654==    by 0x3BA5A0: _zend_hash_index_add_or_update_i (zend_hash.c:715)
==19654==    by 0x3BA5A0: _zend_hash_index_add_new (zend_hash.c:829)
==19654==    by 0x3F4BC6: zend_fetch_dimension_address_inner (zend_execute.c:1517)
==19654==    by 0x3F4BC6: zend_fetch_dimension_address_inner_W (zend_execute.c:1604)
==19654==    by 0x43CC50: ZEND_ASSIGN_DIM_SPEC_CV_TMPVAR_OP_DATA_VAR_HANDLER (zend_vm_execute.h:47310)
==19654==    by 0x45577D: execute_ex (zend_vm_execute.h:63077)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==
==19654== Invalid read of size 8
==19654==    at 0x433610: zend_assign_to_variable (zend_execute.h:117)
==19654==    by 0x433610: ZEND_FE_FETCH_R_SPEC_VAR_HANDLER (zend_vm_execute.h:16970)
==19654==    by 0x458604: execute_ex (zend_vm_execute.h:60833)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Address 0x16c7b6a8 is 8 bytes inside a block of size 264 free'd
==19654==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x3BC7E9: zend_array_destroy (zend_hash.c:1330)
==19654==    by 0x3BC850: i_zval_ptr_dtor (zend_variables.h:49)
==19654==    by 0x3BC850: zend_array_destroy (zend_hash.c:1306)
==19654==    by 0x2C51A5: php_extract_prefix_
 [2019-02-26 15:08 UTC] profic at gmail dot com 
It got truncated, here is the rest:

==19654== Invalid read of size 8
==19654==    at 0x433610: zend_assign_to_variable (zend_execute.h:117)
==19654==    by 0x433610: ZEND_FE_FETCH_R_SPEC_VAR_HANDLER (zend_vm_execute.h:16970)
==19654==    by 0x458604: execute_ex (zend_vm_execute.h:60833)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Address 0x16c7b6a8 is 8 bytes inside a block of size 264 free'd
==19654==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x3BC7E9: zend_array_destroy (zend_hash.c:1330)
==19654==    by 0x3BC850: i_zval_ptr_dtor (zend_variables.h:49)
==19654==    by 0x3BC850: zend_array_destroy (zend_hash.c:1306)
==19654==    by 0x2C51A5: php_extract_prefix_invalid (array.c:2357)
==19654==    by 0x2C51A5: zif_extract (array.c:2554)
==19654==    by 0x45A641: ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:738)
==19654==    by 0x45A641: execute_ex (zend_vm_execute.h:59759)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Block was alloc'd at
==19654==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x37EE88: __zend_malloc (zend_alloc.c:2829)
==19654==    by 0x3BA5A0: zend_hash_real_init_ex (zend_hash.c:135)
==19654==    by 0x3BA5A0: zend_hash_check_init (zend_hash.c:163)
==19654==    by 0x3BA5A0: _zend_hash_index_add_or_update_i (zend_hash.c:715)
==19654==    by 0x3BA5A0: _zend_hash_index_add_new (zend_hash.c:829)
==19654==    by 0x3F4BC6: zend_fetch_dimension_address_inner (zend_execute.c:1517)
==19654==    by 0x3F4BC6: zend_fetch_dimension_address_inner_W (zend_execute.c:1604)
==19654==    by 0x43CC50: ZEND_ASSIGN_DIM_SPEC_CV_TMPVAR_OP_DATA_VAR_HANDLER (zend_vm_execute.h:47310)
==19654==    by 0x45577D: execute_ex (zend_vm_execute.h:63077)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==
==19654== Invalid read of size 4
==19654==    at 0x3FE125: _zval_ptr_dtor_nogc (zend_variables.h:39)
==19654==    by 0x3FE125: ZEND_FE_FREE_SPEC_TMPVAR_HANDLER (zend_vm_execute.h:48511)
==19654==    by 0x4559F2: execute_ex (zend_vm_execute.h:63140)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Address 0x16c7aa70 is 0 bytes inside a block of size 56 free'd
==19654==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x3BC850: i_zval_ptr_dtor (zend_variables.h:49)
==19654==    by 0x3BC850: zend_array_destroy (zend_hash.c:1306)
==19654==    by 0x2C51A5: php_extract_prefix_invalid (array.c:2357)
==19654==    by 0x2C51A5: zif_extract (array.c:2554)
==19654==    by 0x45A641: ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:738)
==19654==    by 0x45A641: execute_ex (zend_vm_execute.h:59759)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Block was alloc'd at
==19654==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x37EE88: __zend_malloc (zend_alloc.c:2829)
==19654==    by 0x3BDEC1: zend_array_dup (zend_hash.c:1764)
==19654==    by 0x43CDEF: ZEND_ASSIGN_DIM_SPEC_CV_TMPVAR_OP_DATA_VAR_HANDLER (zend_vm_execute.h:47298)
==19654==    by 0x45577D: execute_ex (zend_vm_execute.h:63077)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==
==19654== Invalid read of size 4
==19654==    at 0x3BCBF1: i_zval_ptr_dtor (zend_variables.h:48)
==19654==    by 0x3BCBF1: zend_symtable_clean (zend_hash.c:1416)
==19654==    by 0x452614: zend_clean_and_cache_symbol_table (zend_execute.c:2093)
==19654==    by 0x452A5D: zend_leave_helper_SPEC (zend_vm_execute.h:468)
==19654==    by 0x4582B6: ZEND_RETURN_SPEC_VAR_HANDLER (zend_vm_execute.h:15997)
==19654==    by 0x4582B6: execute_ex (zend_vm_execute.h:60785)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Address 0x16c7aa70 is 0 bytes inside a block of size 56 free'd
==19654==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x3BC850: i_zval_ptr_dtor (zend_variables.h:49)
==19654==    by 0x3BC850: zend_array_destroy (zend_hash.c:1306)
==19654==    by 0x2C51A5: php_extract_prefix_invalid (array.c:2357)
==19654==    by 0x2C51A5: zif_extract (array.c:2554)
==19654==    by 0x45A641: ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:738)
==19654==    by 0x45A641: execute_ex (zend_vm_execute.h:59759)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Block was alloc'd at
==19654==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x37EE88: __zend_malloc (zend_alloc.c:2829)
==19654==    by 0x3BDEC1: zend_array_dup (zend_hash.c:1764)
==19654==    by 0x43CDEF: ZEND_ASSIGN_DIM_SPEC_CV_TMPVAR_OP_DATA_VAR_HANDLER (zend_vm_execute.h:47298)
==19654==    by 0x45577D: execute_ex (zend_vm_execute.h:63077)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==
==19654== Invalid read of size 1
==19654==    at 0x3A88E0: _zval_dtor_func (zend_variables.c:33)
==19654==    by 0x3BCD90: i_zval_ptr_dtor (zend_variables.h:49)
==19654==    by 0x3BCD90: zend_symtable_clean (zend_hash.c:1416)
==19654==    by 0x452614: zend_clean_and_cache_symbol_table (zend_execute.c:2093)
==19654==    by 0x452A5D: zend_leave_helper_SPEC (zend_vm_execute.h:468)
==19654==    by 0x4582B6: ZEND_RETURN_SPEC_VAR_HANDLER (zend_vm_execute.h:15997)
==19654==    by 0x4582B6: execute_ex (zend_vm_execute.h:60785)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Address 0x16c7aa74 is 4 bytes inside a block of size 56 free'd
==19654==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x3BC850: i_zval_ptr_dtor (zend_variables.h:49)
==19654==    by 0x3BC850: zend_array_destroy (zend_hash.c:1306)
==19654==    by 0x2C51A5: php_extract_prefix_invalid (array.c:2357)
==19654==    by 0x2C51A5: zif_extract (array.c:2554)
==19654==    by 0x45A641: ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:738)
==19654==    by 0x45A641: execute_ex (zend_vm_execute.h:59759)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==  Block was alloc'd at
==19654==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19654==    by 0x37EE88: __zend_malloc (zend_alloc.c:2829)
==19654==    by 0x3BDEC1: zend_array_dup (zend_hash.c:1764)
==19654==    by 0x43CDEF: ZEND_ASSIGN_DIM_SPEC_CV_TMPVAR_OP_DATA_VAR_HANDLER (zend_vm_execute.h:47298)
==19654==    by 0x45577D: execute_ex (zend_vm_execute.h:63077)
==19654==    by 0x45C3A6: zend_execute (zend_vm_execute.h:63776)
==19654==    by 0x3AAD91: zend_execute_scripts (zend.c:1498)
==19654==    by 0x464D59: php_cli_server_dispatch_router.isra.10 (php_cli_server.c:2117)
==19654==    by 0x46574A: php_cli_server_dispatch (php_cli_server.c:2156)
==19654==    by 0x46574A: php_cli_server_recv_event_read_request (php_cli_server.c:2379)
==19654==    by 0x46608D: php_cli_server_do_event_for_each_fd_callback (php_cli_server.c:2457)
==19654==    by 0x466C0D: php_cli_server_poller_iter_on_active (php_cli_server.c:846)
==19654==    by 0x466C0D: php_cli_server_do_event_for_each_fd (php_cli_server.c:2480)
==19654==    by 0x466C0D: php_cli_server_do_event_loop (php_cli_server.c:2490)
==19654==    by 0x466C0D: do_cli_server (php_cli_server.c:2612)
==19654==    by 0x1F44D1: main (php_cli.c:1406)
==19654==
^C==19654==
==19654== HEAP SUMMARY:
==19654==     in use at exit: 100,556 bytes in 1,544 blocks
==19654==   total heap usage: 206,894 allocs, 205,350 frees, 33,961,003 bytes allocated
==19654==
==19654== LEAK SUMMARY:
==19654==    definitely lost: 7,032 bytes in 13 blocks
==19654==    indirectly lost: 5,332 bytes in 42 blocks
==19654==      possibly lost: 0 bytes in 0 blocks
==19654==    still reachable: 88,192 bytes in 1,489 blocks
==19654==         suppressed: 0 bytes in 0 blocks
==19654== Rerun with --leak-check=full to see details of leaked memory
==19654==
==19654== For counts of detected and suppressed errors, rerun with: -v
==19654== Use --track-origins=yes to see where uninitialised values come from
==19654== ERROR SUMMARY: 142 errors from 26 contexts (suppressed: 0 from 0)
u7n@ags:/srv/zags-broadcast/web$
 [2019-02-28 08:40 UTC] nikic@php.net
-Assigned To: +Assigned To: nikic
 [2019-02-28 08:40 UTC] nikic@php.net 
Thanks for the valgrind log, it's very helpful. The problem is that extract() overwrites the same array it is currently extracting. There is protection for this, but apparently it is only being applied to one extract mode, not all of them ...
 [2019-02-28 08:56 UTC] nikic@php.net
-Summary: A crash in zend_mm_alloc_small +Summary: Crash in extract() when overwriting extracted array
 [2019-02-28 08:59 UTC] nikic@php.net 
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9ad9cc71ff3bb45532b22b4145ea3af90692b364
Log: Fixed bug #77669
 [2019-02-28 08:59 UTC] nikic@php.net
-Status: Assigned +Status: Closed
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Oct 23 09:00:02 2025 UTC