#24834 [NEW]: Memory corruption bug in object destructor

Sun, 27 Jul 2003 22:16:38 -0700 

From:             vma1 at abv dot bg
Operating system: Slackware Linux 9.0
PHP version:      5CVS-2003-07-28 (dev)
PHP Bug Type:     Zend Engine 2 problem
Bug description:  Memory corruption bug in object destructor

Description:
------------
The following script causes memory corruption when run from the command
line like:

php -f ./bug.php

There are variants of the script that show the bug when run from the web
browser, but these scripts are bigger.
Even small changes in the sample script hide the bug.
Notice that several bytes in the output string get overwritten.


Reproduce code:
---------------
<?
class database
{
}

$a = new database;
$b = new database;

class broken
{
        public function __construct ()
        {
        }

        public function __destruct ()
        {
                $this->show (array (
                        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
                        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
                        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
                        "", "", "", "", "", "", "", "", "", "", "", "", "", ""
                ));
        }
        
        private function show ($values)
        {
                $values_string = "";
                foreach ($values as $val) {
                        $values_string .= $val;
                }
                printf ("%s\n", $values_string);
        }
}

$brk = new broken ();
?>


Expected result:
----------------
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

Actual result:
--------------
aaaaaaaaaaaaë˙żaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

-- 
Edit bug report at http://bugs.php.net/?id=24834&edit=1
-- 
Try a CVS snapshot (php4):  http://bugs.php.net/fix.php?id=24834&r=trysnapshot4
Try a CVS snapshot (php5):  http://bugs.php.net/fix.php?id=24834&r=trysnapshot5
Fixed in CVS:               http://bugs.php.net/fix.php?id=24834&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=24834&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=24834&r=needtrace
Try newer version:          http://bugs.php.net/fix.php?id=24834&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=24834&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=24834&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=24834&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=24834&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=24834&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=24834&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=24834&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=24834&r=isapi
Install GNU Sed:            http://bugs.php.net/fix.php?id=24834&r=gnused

Reply via email to