From: vma1 at abv dot bg Operating system: Slackware Linux 9.0 PHP version: 5CVS-2003-07-28 (dev) PHP Bug Type: Zend Engine 2 problem Bug description: Memory corruption bug in object destructor
Description: ------------ The following script causes memory corruption when run from the command line like: php -f ./bug.php There are variants of the script that show the bug when run from the web browser, but these scripts are bigger. Even small changes in the sample script hide the bug. Notice that several bytes in the output string get overwritten. Reproduce code: --------------- <? class database { } $a = new database; $b = new database; class broken { public function __construct () { } public function __destruct () { $this->show (array ( "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "", "", "", "", "", "", "", "", "", "", "", "", "", "" )); } private function show ($values) { $values_string = ""; foreach ($values as $val) { $values_string .= $val; } printf ("%s\n", $values_string); } } $brk = new broken (); ?> Expected result: ---------------- aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Actual result: -------------- aaaaaaaaaaaaë˙żaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa -- Edit bug report at http://bugs.php.net/?id=24834&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=24834&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=24834&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=24834&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=24834&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=24834&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=24834&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=24834&r=support Expected behavior: http://bugs.php.net/fix.php?id=24834&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=24834&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=24834&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=24834&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=24834&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=24834&r=dst IIS Stability: http://bugs.php.net/fix.php?id=24834&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=24834&r=gnused