Hi Dmitry:
zend gc was introducted in 5.3
thinking of a zval which is a Hashtable allocated by a extension in persistent,
and it also has hashtable children in it,
then , if the extension return this to php script:
array_init(return_value);
zend_hash_copy(Z_ARRVAL_P(return_value), Z_ARRVAL_P(persitent_zval_hashtable),
***)..
since zval_copy_ctor does shallow copy, so the persistent array return to the
php
script.
then if it happen to be parsed by zval_ptr_dtor, then the persistent array will
be
parsed by gc_zval_possible_root,
ZEND_API void gc_zval_possible_root(zval *zv TSRMLS_DC)
{
..................
if (GC_ZVAL_GET_COLOR(zv) != GC_PURPLE) {
GC_ZVAL_SET_PURPLE(zv);
..................
then the malloc info of the block(not sure before or after) will be polluted.
then when the extension try to free the block, a warning will be show like:
munmap_chunk(): invalid pointer 0x*******
I have make a patch for this(https://bugs.php.net/bug.php?id=61649),
if you think it's okey, I will commit it to all branches,
thanks
