FAQ
Hi Dmitry:

zend gc was introducted in 5.3

thinking of a zval which is a Hashtable allocated by a extension in persistent,
and it also has hashtable children in it,

then , if the extension return this to php script:

array_init(return_value);
zend_hash_copy(Z_ARRVAL_P(return_value), Z_ARRVAL_P(persitent_zval_hashtable),
***)..

since zval_copy_ctor does shallow copy, so the persistent array return to the
php
script.


then if it happen to be parsed by zval_ptr_dtor, then the persistent array will
be
parsed by gc_zval_possible_root,

ZEND_API void gc_zval_possible_root(zval *zv TSRMLS_DC)
{

..................

if (GC_ZVAL_GET_COLOR(zv) != GC_PURPLE) {
GC_ZVAL_SET_PURPLE(zv);
..................

then the malloc info of the block(not sure before or after) will be polluted.

then when the extension try to free the block, a warning will be show like:

munmap_chunk(): invalid pointer 0x*******


I have make a patch for this(https://bugs.php.net/bug.php?id=61649),
if you think it's okey, I will commit it to all branches,

thanks

--
Laruence  Xinchen Hui
http://www.laruence.com/

Search Discussions

Discussion Posts

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 1 of 4 | next ›
Discussion Overview
groupphp-internals @
categoriesphp
postedApr 6, '12 at 12:21p
activeApr 9, '12 at 10:56a
posts4
users2
websitephp.net

2 users in discussion

Laruence: 3 posts Dmitry Stogov: 1 post

People

Translate

site design / logo © 2022 Grokbase