#29116 [NEW]: Zend constant warning uses memory after free

Tue, 13 Jul 2004 05:17:23 -0700 

From:             jdolecek at NetBSD dot org
Operating system: NetBSD 2.0G
PHP version:      4.3.7
PHP Bug Type:     Scripting Engine problem
Bug description:  Zend constant warning uses memory after free

Description:
------------
If a constant in a define() call is already defined, Zend engine issues a
warning with E_NOTICE set. This warning code might use memory after it's
freed. This can cause interpreter crash, especially under threaded Apache
2.x.

Following fixes the problem (this patch is in NetBSD pkgsrc ATM):

--- Zend/zend_constants.c.orig  2004-07-13 14:01:27.000000000 +0200
+++ Zend/zend_constants.c       2004-07-13 14:01:54.000000000 +0200
@@ -265,11 +265,11 @@
        }

        if (zend_hash_add(EG(zend_constants), name, c->name_len, (void *)
c, sizeof(zend_constant), NULL)==FAILURE) {
+               zend_error(E_NOTICE,"Constant %s already defined", name);
                free(c->name);
                if (!(c->flags & CONST_PERSISTENT)) {
                        zval_dtor(&c->value);
                }
-               zend_error(E_NOTICE,"Constant %s already defined", name);
                ret = FAILURE;
        }
        if (lowercase_name) {


Reproduce code:
---------------
Under NetBSD, switch on extended malloc() debugging, by telling malloc to
fill free()d values with junk:

ln -s J /etc/malloc.conf

then, run:

php -r 'error_reporting(E_ALL); define("foo", "j"); define("foo", "j");'

see something along:

PHP Notice:  Constant
ÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐ
in Command line code on line 1


-- 
Edit bug report at http://bugs.php.net/?id=29116&edit=1
-- 
Try a CVS snapshot (php4):  http://bugs.php.net/fix.php?id=29116&r=trysnapshot4
Try a CVS snapshot (php5):  http://bugs.php.net/fix.php?id=29116&r=trysnapshot5
Fixed in CVS:               http://bugs.php.net/fix.php?id=29116&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=29116&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=29116&r=needtrace
Need Reproduce Script:      http://bugs.php.net/fix.php?id=29116&r=needscript
Try newer version:          http://bugs.php.net/fix.php?id=29116&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=29116&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=29116&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=29116&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=29116&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=29116&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=29116&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=29116&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=29116&r=isapi
Install GNU Sed:            http://bugs.php.net/fix.php?id=29116&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=29116&r=float

Reply via email to