|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78335 Static properties/variables containing cycles report as leak
Submitted: 2019-07-25 16:27 UTC Modified: 2019-08-28 10:14 UTC
From: Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 7.3.7 OS: Ubuntu 19.04
Private report: No CVE-ID: None
 [2019-07-25 16:27 UTC]
PHP segfaults in debug builds inside the memory leak detection code.

Test script:

// Commit: 0c16dfb577458dd3527167c0cb4807f5ccf76b59

require __DIR__ . '/vendor/autoload.php';

(function () {
})->bindTo(new Amp\Http\HPack, Amp\Http\HPack::class)();

Expected result:
No segfault.

Actual result:
Program received signal SIGSEGV, Segmentation fault.

#0  0x0000555555dfa121 in zend_mm_find_leaks_small (p=0x7ffff3600000, i=509, j=38, leak=0x7fffffffbb80) at /home/kelunik/.php-build/release/Zend/zend_alloc.c:2056
#1  0x0000555555dfa285 in zend_mm_find_leaks (heap=0x7ffff4000040, p=0x7ffff3600000, i=509, leak=0x7fffffffbb80) at /home/kelunik/.php-build/release/Zend/zend_alloc.c:2084
#2  0x0000555555dfa768 in zend_mm_check_leaks (heap=0x7ffff4000040) at /home/kelunik/.php-build/release/Zend/zend_alloc.c:2188
#3  0x0000555555dfaa49 in zend_mm_shutdown (heap=0x7ffff4000040, full=0, silent=0) at /home/kelunik/.php-build/release/Zend/zend_alloc.c:2253
#4  0x0000555555dfb852 in shutdown_memory_manager (silent=0, full_shutdown=0) at /home/kelunik/.php-build/release/Zend/zend_alloc.c:2668
#5  0x0000555555d98468 in php_request_shutdown (dummy=0x0) at /home/kelunik/.php-build/release/main/main.c:1949
#6  0x0000555555f128c7 in do_cli (argc=2, argv=0x55555697cde0) at /home/kelunik/.php-build/release/sapi/cli/php_cli.c:1164
#7  0x0000555555f13141 in main (argc=2, argv=0x55555697cde0) at /home/kelunik/.php-build/release/sapi/cli/php_cli.c:1389


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2019-07-29 11:18 UTC]
-Status: Open +Status: Verified
 [2019-07-29 11:18 UTC]
Leak messages reproduce on 7.3 and master, segfault only on 7.3.
 [2019-07-29 12:32 UTC]
Repro for leaks turned out to be quite simple:

class Test {
    public static $test;
$foo = [&$foo];
Test::$test = $foo;
 [2019-07-29 12:58 UTC]
The problem here is that we're doing the final GC run prior to class destruction, which means that the static property still holds the cycle at that point.

We could move the final GC run until after class destruction (this should be safe as we call free_obj handlers before that, so the class entries will no longer be accessed), but I think that will break other things. In particular I moved the GC run earlier for 7.4 in to make sure that leaks aren't hidden by the combination of forced free_obj + a GC run.

Not sure what to do here...
 [2019-08-28 10:14 UTC]
-Summary: Segfault in zend_mm_find_leaks_small +Summary: Static properties/variables containing cycles report as leak
 [2019-08-28 10:32 UTC]
Automatic comment on behalf of
Log: Fixed bug #78335
 [2019-08-28 10:32 UTC]
-Status: Verified +Status: Closed
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Apr 25 09:01:29 2024 UTC