php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78335 Static properties/variables containing cycles report as leak
Submitted: 2019-07-25 16:27 UTC Modified: 2019-08-28 10:14 UTC
From: kelunik@php.net Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 7.3.7 OS: Ubuntu 19.04
Private report: No CVE-ID: None
 [2019-07-25 16:27 UTC] kelunik@php.net
Description:
------------
PHP segfaults in debug builds inside the memory leak detection code.

Test script:
---------------
<?php

// https://github.com/amphp/hpack/issues/2
// Commit: 0c16dfb577458dd3527167c0cb4807f5ccf76b59

require __DIR__ . '/vendor/autoload.php';

(function () {
    var_dump(count(static::$huffmanLookup));
})->bindTo(new Amp\Http\HPack, Amp\Http\HPack::class)();



Expected result:
----------------
No segfault.

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.

#0  0x0000555555dfa121 in zend_mm_find_leaks_small (p=0x7ffff3600000, i=509, j=38, leak=0x7fffffffbb80) at /home/kelunik/.php-build/release/Zend/zend_alloc.c:2056
#1  0x0000555555dfa285 in zend_mm_find_leaks (heap=0x7ffff4000040, p=0x7ffff3600000, i=509, leak=0x7fffffffbb80) at /home/kelunik/.php-build/release/Zend/zend_alloc.c:2084
#2  0x0000555555dfa768 in zend_mm_check_leaks (heap=0x7ffff4000040) at /home/kelunik/.php-build/release/Zend/zend_alloc.c:2188
#3  0x0000555555dfaa49 in zend_mm_shutdown (heap=0x7ffff4000040, full=0, silent=0) at /home/kelunik/.php-build/release/Zend/zend_alloc.c:2253
#4  0x0000555555dfb852 in shutdown_memory_manager (silent=0, full_shutdown=0) at /home/kelunik/.php-build/release/Zend/zend_alloc.c:2668
#5  0x0000555555d98468 in php_request_shutdown (dummy=0x0) at /home/kelunik/.php-build/release/main/main.c:1949
#6  0x0000555555f128c7 in do_cli (argc=2, argv=0x55555697cde0) at /home/kelunik/.php-build/release/sapi/cli/php_cli.c:1164
#7  0x0000555555f13141 in main (argc=2, argv=0x55555697cde0) at /home/kelunik/.php-build/release/sapi/cli/php_cli.c:1389

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-07-29 11:18 UTC] nikic@php.net
-Status: Open +Status: Verified
 [2019-07-29 11:18 UTC] nikic@php.net
Leak messages reproduce on 7.3 and master, segfault only on 7.3.
 [2019-07-29 12:32 UTC] nikic@php.net
Repro for leaks turned out to be quite simple:

<?php  
class Test {
    public static $test;
}
$foo = [&$foo];
Test::$test = $foo;
 [2019-07-29 12:58 UTC] nikic@php.net
The problem here is that we're doing the final GC run prior to class destruction, which means that the static property still holds the cycle at that point.

We could move the final GC run until after class destruction (this should be safe as we call free_obj handlers before that, so the class entries will no longer be accessed), but I think that will break other things. In particular I moved the GC run earlier for 7.4 in https://github.com/php/php-src/commit/178dcd47490f7d7842c6c412e2331ed160e55809 to make sure that leaks aren't hidden by the combination of forced free_obj + a GC run.

Not sure what to do here...
 [2019-08-28 10:14 UTC] nikic@php.net
-Summary: Segfault in zend_mm_find_leaks_small +Summary: Static properties/variables containing cycles report as leak
 [2019-08-28 10:32 UTC] nikic@php.net
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=ec9a96dc60c3fd2cccf5b21033a0e87807366bdb
Log: Fixed bug #78335
 [2019-08-28 10:32 UTC] nikic@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Mon Dec 09 06:01:25 2019 UTC