PHP  
 PHP_5_5
downloads | QA | documentation | faq | getting help | mailing lists | reporting bugs | php.net sites | links | my php.net 
 

Valgrind Report for Zend/tests/bug64896.phpt ('Bug #64896 (Segfault with gc_collect_cycles using unserialize on certain objects)')

Script

1: <?php
2: $bar 
NULL;
3: class 
bad
4:
{
5:     private 
$_private = array();
6:
7:     public function 
__construct()
8:     {
9:         
$this->_private[] = 'php';
10:     }
11:
12:     public function 
__destruct()
13:     {
14:         global 
$bar;
15:         
$bar $this;
16:     }
17: }
18:
19:
$foo = new stdclass;
20:
$foo->foo $foo;
21:
$foo->bad = new bad;
22:
23:
gc_disable();
24:
25:
unserialize(serialize($foo));
26:
gc_collect_cycles();
27:
var_dump($bar); 
28:
/*  will output:
29: object(bad)#4 (1) {
30:   ["_private":"bad":private]=>
31:   &UNKNOWN:0
32: }
33: */
34:
?>
35:

Report

==14954== Invalid read of size 1
==14954==    at 0xC95201: php_var_dump (var.c:99)
==14954==    by 0xC95171: php_object_property_dump (var.c:82)
==14954==    by 0xEBF8C2: zend_hash_apply_with_arguments (zend_hash.c:772)
==14954==    by 0xC95AEE: php_var_dump (var.c:146)
==14954==    by 0xC95E00: zif_var_dump (var.c:183)
==14954==    by 0xF0A84D: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==14954==    by 0xF14987: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2336)
==14954==    by 0xF0849C: execute_ex (zend_vm_execute.h:363)
==14954==    by 0xF0902E: zend_execute (zend_vm_execute.h:388)
==14954==    by 0xEA4940: zend_execute_scripts (zend.c:1327)
==14954==    by 0xDC71AA: php_execute_script (main.c:2525)
==14954==    by 0x108E86D: do_cli (php_cli.c:994)
==14954==  Address 0x153b8734 is 20 bytes inside a block of size 32 free'd
==14954==    at 0x4C27C24: free (vg_replace_malloc.c:473)
==14954==    by 0xE4F87C: _efree (zend_alloc.c:2437)
==14954==    by 0xEE6E33: gc_collect_cycles (zend_gc.c:846)
==14954==    by 0xEC4CD1: zif_gc_collect_cycles (zend_builtin_functions.c:361)
==14954==    by 0xF0A84D: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==14954==    by 0xF14987: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2336)
==14954==    by 0xF0849C: execute_ex (zend_vm_execute.h:363)
==14954==    by 0xF0902E: zend_execute (zend_vm_execute.h:388)
==14954==    by 0xEA4940: zend_execute_scripts (zend.c:1327)
==14954==    by 0xDC71AA: php_execute_script (main.c:2525)
==14954==    by 0x108E86D: do_cli (php_cli.c:994)
==14954==    by 0x109001A: main (php_cli.c:1378)
==14954== 
==14954== Invalid read of size 1
==14954==    at 0xC952F4: zval_isref_p (zend.h:413)
==14954==    by 0xC952F4: php_var_dump (var.c:104)
==14954==    by 0xC95171: php_object_property_dump (var.c:82)
==14954==    by 0xEBF8C2: zend_hash_apply_with_arguments (zend_hash.c:772)
==14954==    by 0xC95AEE: php_var_dump (var.c:146)
==14954==    by 0xC95E00: zif_var_dump (var.c:183)
==14954==    by 0xF0A84D: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==14954==    by 0xF14987: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2336)
==14954==    by 0xF0849C: execute_ex (zend_vm_execute.h:363)
==14954==    by 0xF0902E: zend_execute (zend_vm_execute.h:388)
==14954==    by 0xEA4940: zend_execute_scripts (zend.c:1327)
==14954==    by 0xDC71AA: php_execute_script (main.c:2525)
==14954==    by 0x108E86D: do_cli (php_cli.c:994)
==14954==  Address 0x153b8735 is 21 bytes inside a block of size 32 free'd
==14954==    at 0x4C27C24: free (vg_replace_malloc.c:473)
==14954==    by 0xE4F87C: _efree (zend_alloc.c:2437)
==14954==    by 0xEE6E33: gc_collect_cycles (zend_gc.c:846)
==14954==    by 0xEC4CD1: zif_gc_collect_cycles (zend_builtin_functions.c:361)
==14954==    by 0xF0A84D: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==14954==    by 0xF14987: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2336)
==14954==    by 0xF0849C: execute_ex (zend_vm_execute.h:363)
==14954==    by 0xF0902E: zend_execute (zend_vm_execute.h:388)
==14954==    by 0xEA4940: zend_execute_scripts (zend.c:1327)
==14954==    by 0xDC71AA: php_execute_script (main.c:2525)
==14954==    by 0x108E86D: do_cli (php_cli.c:994)
==14954==    by 0x109001A: main (php_cli.c:1378)
==14954== 
==14954== Invalid read of size 4
==14954==    at 0xE81050: zval_delref_p (zend.h:409)
==14954==    by 0xE81050: i_zval_ptr_dtor (zend_execute.h:76)
==14954==    by 0xE81050: _zval_ptr_dtor (zend_execute_API.c:423)
==14954==    by 0xEBEBA9: zend_hash_destroy (zend_hash.c:560)
==14954==    by 0xEECDE4: zend_object_std_dtor (zend_objects.c:44)
==14954==    by 0xEED548: zend_objects_free_object_storage (zend_objects.c:137)
==14954==    by 0xEFCB92: zend_objects_store_del_ref_by_handle_ex (zend_objects_API.c:226)
==14954==    by 0xEFC72C: zend_objects_store_del_ref (zend_objects_API.c:178)
==14954==    by 0xE9F339: _zval_dtor_func (zend_variables.c:54)
==14954==    by 0xE810F2: _zval_dtor (zend_variables.h:35)
==14954==    by 0xE810F2: i_zval_ptr_dtor (zend_execute.h:81)
==14954==    by 0xE810F2: _zval_ptr_dtor (zend_execute_API.c:423)
==14954==    by 0xEBF10A: zend_hash_apply_deleter (zend_hash.c:650)
==14954==    by 0xEBFAF8: zend_hash_reverse_apply (zend_hash.c:804)
==14954==    by 0xE801E9: shutdown_destructors (zend_execute_API.c:214)
==14954==    by 0xEA2C14: zend_call_destructors (zend.c:930)
==14954==  Address 0x153b8730 is 16 bytes inside a block of size 32 free'd
==14954==    at 0x4C27C24: free (vg_replace_malloc.c:473)
==14954==    by 0xE4F87C: _efree (zend_alloc.c:2437)
==14954==    by 0xEE6E33: gc_collect_cycles (zend_gc.c:846)
==14954==    by 0xEC4CD1: zif_gc_collect_cycles (zend_builtin_functions.c:361)
==14954==    by 0xF0A84D: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==14954==    by 0xF14987: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2336)
==14954==    by 0xF0849C: execute_ex (zend_vm_execute.h:363)
==14954==    by 0xF0902E: zend_execute (zend_vm_execute.h:388)
==14954==    by 0xEA4940: zend_execute_scripts (zend.c:1327)
==14954==    by 0xDC71AA: php_execute_script (main.c:2525)
==14954==    by 0x108E86D: do_cli (php_cli.c:994)
==14954==    by 0x109001A: main (php_cli.c:1378)
==14954== 
==14954== Invalid write of size 4
==14954==    at 0xE8105A: zval_delref_p (zend.h:409)
==14954==    by 0xE8105A: i_zval_ptr_dtor (zend_execute.h:76)
==14954==    by 0xE8105A: _zval_ptr_dtor (zend_execute_API.c:423)
==14954==    by 0xEBEBA9: zend_hash_destroy (zend_hash.c:560)
==14954==    by 0xEECDE4: zend_object_std_dtor (zend_objects.c:44)
==14954==    by 0xEED548: zend_objects_free_object_storage (zend_objects.c:137)
==14954==    by 0xEFCB92: zend_objects_store_del_ref_by_handle_ex (zend_objects_API.c:226)
==14954==    by 0xEFC72C: zend_objects_store_del_ref (zend_objects_API.c:178)
==14954==    by 0xE9F339: _zval_dtor_func (zend_variables.c:54)
==14954==    by 0xE810F2: _zval_dtor (zend_variables.h:35)
==14954==    by 0xE810F2: i_zval_ptr_dtor (zend_execute.h:81)
==14954==    by 0xE810F2: _zval_ptr_dtor (zend_execute_API.c:423)
==14954==    by 0xEBF10A: zend_hash_apply_deleter (zend_hash.c:650)
==14954==    by 0xEBFAF8: zend_hash_reverse_apply (zend_hash.c:804)
==14954==    by 0xE801E9: shutdown_destructors (zend_execute_API.c:214)
==14954==    by 0xEA2C14: zend_call_destructors (zend.c:930)
==14954==  Address 0x153b8730 is 16 bytes inside a block of size 32 free'd
==14954==    at 0x4C27C24: free (vg_replace_malloc.c:473)
==14954==    by 0xE4F87C: _efree (zend_alloc.c:2437)
==14954==    by 0xEE6E33: gc_collect_cycles (zend_gc.c:846)
==14954==    by 0xEC4CD1: zif_gc_collect_cycles (zend_builtin_functions.c:361)
==14954==    by 0xF0A84D: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==14954==    by 0xF14987: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2336)
==14954==    by 0xF0849C: execute_ex (zend_vm_execute.h:363)
==14954==    by 0xF0902E: zend_execute (zend_vm_execute.h:388)
==14954==    by 0xEA4940: zend_execute_scripts (zend.c:1327)
==14954==    by 0xDC71AA: php_execute_script (main.c:2525)
==14954==    by 0x108E86D: do_cli (php_cli.c:994)
==14954==    by 0x109001A: main (php_cli.c:1378)
==14954== 
==14954== Invalid read of size 4
==14954==    at 0xE81061: zval_delref_p (zend.h:409)
==14954==    by 0xE81061: i_zval_ptr_dtor (zend_execute.h:76)
==14954==    by 0xE81061: _zval_ptr_dtor (zend_execute_API.c:423)
==14954==    by 0xEBEBA9: zend_hash_destroy (zend_hash.c:560)
==14954==    by 0xEECDE4: zend_object_std_dtor (zend_objects.c:44)
==14954==    by 0xEED548: zend_objects_free_object_storage (zend_objects.c:137)
==14954==    by 0xEFCB92: zend_objects_store_del_ref_by_handle_ex (zend_objects_API.c:226)
==14954==    by 0xEFC72C: zend_objects_store_del_ref (zend_objects_API.c:178)
==14954==    by 0xE9F339: _zval_dtor_func (zend_variables.c:54)
==14954==    by 0xE810F2: _zval_dtor (zend_variables.h:35)
==14954==    by 0xE810F2: i_zval_ptr_dtor (zend_execute.h:81)
==14954==    by 0xE810F2: _zval_ptr_dtor (zend_execute_API.c:423)
==14954==    by 0xEBF10A: zend_hash_apply_deleter (zend_hash.c:650)
==14954==    by 0xEBFAF8: zend_hash_reverse_apply (zend_hash.c:804)
==14954==    by 0xE801E9: shutdown_destructors (zend_execute_API.c:214)
==14954==    by 0xEA2C14: zend_call_destructors (zend.c:930)
==14954==  Address 0x153b8730 is 16 bytes inside a block of size 32 free'd
==14954==    at 0x4C27C24: free (vg_replace_malloc.c:473)
==14954==    by 0xE4F87C: _efree (zend_alloc.c:2437)
==14954==    by 0xEE6E33: gc_collect_cycles (zend_gc.c:846)
==14954==    by 0xEC4CD1: zif_gc_collect_cycles (zend_builtin_functions.c:361)
==14954==    by 0xF0A84D: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==14954==    by 0xF14987: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2336)
==14954==    by 0xF0849C: execute_ex (zend_vm_execute.h:363)
==14954==    by 0xF0902E: zend_execute (zend_vm_execute.h:388)
==14954==    by 0xEA4940: zend_execute_scripts (zend.c:1327)
==14954==    by 0xDC71AA: php_execute_script (main.c:2525)
==14954==    by 0x108E86D: do_cli (php_cli.c:994)
==14954==    by 0x109001A: main (php_cli.c:1378)
==14954== 
==14954== Invalid read of size 4
==14954==    at 0xE81146: zval_refcount_p (zend.h:397)
==14954==    by 0xE81146: i_zval_ptr_dtor (zend_execute.h:86)
==14954==    by 0xE81146: _zval_ptr_dtor (zend_execute_API.c:423)
==14954==    by 0xEBEBA9: zend_hash_destroy (zend_hash.c:560)
==14954==    by 0xEECDE4: zend_object_std_dtor (zend_objects.c:44)
==14954==    by 0xEED548: zend_objects_free_object_storage (zend_objects.c:137)
==14954==    by 0xEFCB92: zend_objects_store_del_ref_by_handle_ex (zend_objects_API.c:226)
==14954==    by 0xEFC72C: zend_objects_store_del_ref (zend_objects_API.c:178)
==14954==    by 0xE9F339: _zval_dtor_func (zend_variables.c:54)
==14954==    by 0xE810F2: _zval_dtor (zend_variables.h:35)
==14954==    by 0xE810F2: i_zval_ptr_dtor (zend_execute.h:81)
==14954==    by 0xE810F2: _zval_ptr_dtor (zend_execute_API.c:423)
==14954==    by 0xEBF10A: zend_hash_apply_deleter (zend_hash.c:650)
==14954==    by 0xEBFAF8: zend_hash_reverse_apply (zend_hash.c:804)
==14954==    by 0xE801E9: shutdown_destructors (zend_execute_API.c:214)
==14954==    by 0xEA2C14: zend_call_destructors (zend.c:930)
==14954==  Address 0x153b8730 is 16 bytes inside a block of size 32 free'd
==14954==    at 0x4C27C24: free (vg_replace_malloc.c:473)
==14954==    by 0xE4F87C: _efree (zend_alloc.c:2437)
==14954==    by 0xEE6E33: gc_collect_cycles (zend_gc.c:846)
==14954==    by 0xEC4CD1: zif_gc_collect_cycles (zend_builtin_functions.c:361)
==14954==    by 0xF0A84D: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==14954==    by 0xF14987: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2336)
==14954==    by 0xF0849C: execute_ex (zend_vm_execute.h:363)
==14954==    by 0xF0902E: zend_execute (zend_vm_execute.h:388)
==14954==    by 0xEA4940: zend_execute_scripts (zend.c:1327)
==14954==    by 0xDC71AA: php_execute_script (main.c:2525)
==14954==    by 0x108E86D: do_cli (php_cli.c:994)
==14954==    by 0x109001A: main (php_cli.c:1378)
==14954== 
==14954== Invalid write of size 1
==14954==    at 0xE8115A: zval_unset_isref_p (zend.h:421)
==14954==    by 0xE8115A: i_zval_ptr_dtor (zend_execute.h:87)
==14954==    by 0xE8115A: _zval_ptr_dtor (zend_execute_API.c:423)
==14954==    by 0xEBEBA9: zend_hash_destroy (zend_hash.c:560)
==14954==    by 0xEECDE4: zend_object_std_dtor (zend_objects.c:44)
==14954==    by 0xEED548: zend_objects_free_object_storage (zend_objects.c:137)
==14954==    by 0xEFCB92: zend_objects_store_del_ref_by_handle_ex (zend_objects_API.c:226)
==14954==    by 0xEFC72C: zend_objects_store_del_ref (zend_objects_API.c:178)
==14954==    by 0xE9F339: _zval_dtor_func (zend_variables.c:54)
==14954==    by 0xE810F2: _zval_dtor (zend_variables.h:35)
==14954==    by 0xE810F2: i_zval_ptr_dtor (zend_execute.h:81)
==14954==    by 0xE810F2: _zval_ptr_dtor (zend_execute_API.c:423)
==14954==    by 0xEBF10A: zend_hash_apply_deleter (zend_hash.c:650)
==14954==    by 0xEBFAF8: zend_hash_reverse_apply (zend_hash.c:804)
==14954==    by 0xE801E9: shutdown_destructors (zend_execute_API.c:214)
==14954==    by 0xEA2C14: zend_call_destructors (zend.c:930)
==14954==  Address 0x153b8735 is 21 bytes inside a block of size 32 free'd
==14954==    at 0x4C27C24: free (vg_replace_malloc.c:473)
==14954==    by 0xE4F87C: _efree (zend_alloc.c:2437)
==14954==    by 0xEE6E33: gc_collect_cycles (zend_gc.c:846)
==14954==    by 0xEC4CD1: zif_gc_collect_cycles (zend_builtin_functions.c:361)
==14954==    by 0xF0A84D: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==14954==    by 0xF14987: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2336)
==14954==    by 0xF0849C: execute_ex (zend_vm_execute.h:363)
==14954==    by 0xF0902E: zend_execute (zend_vm_execute.h:388)
==14954==    by 0xEA4940: zend_execute_scripts (zend.c:1327)
==14954==    by 0xDC71AA: php_execute_script (main.c:2525)
==14954==    by 0x108E86D: do_cli (php_cli.c:994)
==14954==    by 0x109001A: main (php_cli.c:1378)
==14954== 
==14954== Invalid read of size 1
==14954==    at 0xE8117C: gc_zval_check_possible_root (zend_gc.h:182)
==14954==    by 0xE8117C: i_zval_ptr_dtor (zend_execute.h:90)
==14954==    by 0xE8117C: _zval_ptr_dtor (zend_execute_API.c:423)
==14954==    by 0xEBEBA9: zend_hash_destroy (zend_hash.c:560)
==14954==    by 0xEECDE4: zend_object_std_dtor (zend_objects.c:44)
==14954==    by 0xEED548: zend_objects_free_object_storage (zend_objects.c:137)
==14954==    by 0xEFCB92: zend_objects_store_del_ref_by_handle_ex (zend_objects_API.c:226)
==14954==    by 0xEFC72C: zend_objects_store_del_ref (zend_objects_API.c:178)
==14954==    by 0xE9F339: _zval_dtor_func (zend_variables.c:54)
==14954==    by 0xE810F2: _zval_dtor (zend_variables.h:35)
==14954==    by 0xE810F2: i_zval_ptr_dtor (zend_execute.h:81)
==14954==    by 0xE810F2: _zval_ptr_dtor (zend_execute_API.c:423)
==14954==    by 0xEBF10A: zend_hash_apply_deleter (zend_hash.c:650)
==14954==    by 0xEBFAF8: zend_hash_reverse_apply (zend_hash.c:804)
==14954==    by 0xE801E9: shutdown_destructors (zend_execute_API.c:214)
==14954==    by 0xEA2C14: zend_call_destructors (zend.c:930)
==14954==  Address 0x153b8734 is 20 bytes inside a block of size 32 free'd
==14954==    at 0x4C27C24: free (vg_replace_malloc.c:473)
==14954==    by 0xE4F87C: _efree (zend_alloc.c:2437)
==14954==    by 0xEE6E33: gc_collect_cycles (zend_gc.c:846)
==14954==    by 0xEC4CD1: zif_gc_collect_cycles (zend_builtin_functions.c:361)
==14954==    by 0xF0A84D: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==14954==    by 0xF14987: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2336)
==14954==    by 0xF0849C: execute_ex (zend_vm_execute.h:363)
==14954==    by 0xF0902E: zend_execute (zend_vm_execute.h:388)
==14954==    by 0xEA4940: zend_execute_scripts (zend.c:1327)
==14954==    by 0xDC71AA: php_execute_script (main.c:2525)
==14954==    by 0x108E86D: do_cli (php_cli.c:994)
==14954==    by 0x109001A: main (php_cli.c:1378)
==14954== 
==14954== Invalid read of size 1
==14954==    at 0xE8119A: gc_zval_check_possible_root (zend_gc.h:182)
==14954==    by 0xE8119A: i_zval_ptr_dtor (zend_execute.h:90)
==14954==    by 0xE8119A: _zval_ptr_dtor (zend_execute_API.c:423)
==14954==    by 0xEBEBA9: zend_hash_destroy (zend_hash.c:560)
==14954==    by 0xEECDE4: zend_object_std_dtor (zend_objects.c:44)
==14954==    by 0xEED548: zend_objects_free_object_storage (zend_objects.c:137)
==14954==    by 0xEFCB92: zend_objects_store_del_ref_by_handle_ex (zend_objects_API.c:226)
==14954==    by 0xEFC72C: zend_objects_store_del_ref (zend_objects_API.c:178)
==14954==    by 0xE9F339: _zval_dtor_func (zend_variables.c:54)
==14954==    by 0xE810F2: _zval_dtor (zend_variables.h:35)
==14954==    by 0xE810F2: i_zval_ptr_dtor (zend_execute.h:81)
==14954==    by 0xE810F2: _zval_ptr_dtor (zend_execute_API.c:423)
==14954==    by 0xEBF10A: zend_hash_apply_deleter (zend_hash.c:650)
==14954==    by 0xEBFAF8: zend_hash_reverse_apply (zend_hash.c:804)
==14954==    by 0xE801E9: shutdown_destructors (zend_execute_API.c:214)
==14954==    by 0xEA2C14: zend_call_destructors (zend.c:930)
==14954==  Address 0x153b8734 is 20 bytes inside a block of size 32 free'd
==14954==    at 0x4C27C24: free (vg_replace_malloc.c:473)
==14954==    by 0xE4F87C: _efree (zend_alloc.c:2437)
==14954==    by 0xEE6E33: gc_collect_cycles (zend_gc.c:846)
==14954==    by 0xEC4CD1: zif_gc_collect_cycles (zend_builtin_functions.c:361)
==14954==    by 0xF0A84D: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==14954==    by 0xF14987: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2336)
==14954==    by 0xF0849C: execute_ex (zend_vm_execute.h:363)
==14954==    by 0xF0902E: zend_execute (zend_vm_execute.h:388)
==14954==    by 0xEA4940: zend_execute_scripts (zend.c:1327)
==14954==    by 0xDC71AA: php_execute_script (main.c:2525)
==14954==    by 0x108E86D: do_cli (php_cli.c:994)
==14954==    by 0x109001A: main (php_cli.c:1378)
==14954== 

 

Generated at Sun, 23 Aug 2015 03:59:42 +0000 (4 days ago)

Copyright © 2005-2015 The PHP Group
All rights reserved.