#33389 [Asn->Csd]: double free() when exporting a ReflectionClass
ID: 33389 Updated by: [EMAIL PROTECTED] Reported By: antony at zend dot com -Status: Assigned +Status: Closed Bug Type: Scripting Engine problem Operating System: * PHP Version: 5CVS-2005-06-19 Assigned To: helly New Comment: Seems to be fixed, I can't reproduce any of the things anymore which Dmitry mentioned. (and we don't really care if it exists in PHP_5_0) Previous Comments: [2005-06-21 18:00:38] [EMAIL PROTECTED] assigned back to Marcus. [2005-06-21 16:01:43] [EMAIL PROTECTED] The bug is not completly fixed. 1) It is still exists in PHP_5_0. 2) The test file in HEAD fails because constant is substituted by its value. 3) Array argument give a memory leak b)) {} } Reflection::export(new ReflectionClass('Test')); ?> /home/dmitry/php/php5/Zend/zend.c(214) : Freeing 0x084384CC (6 bytes) [2005-06-20 03:38:24] [EMAIL PROTECTED] This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. [2005-06-18 03:08:31] [EMAIL PROTECTED] constants are shown by their value, not name (expected?) booleans are not shown at all. [2005-06-18 02:00:53] [EMAIL PROTECTED] This only happens when there is an optional parameter in a method and ONLY if that optional value for the parameter is null or any constant. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/33389 -- Edit this bug report at http://bugs.php.net/?id=33389&edit=1
#33389 [Asn->Csd]: double free() when exporting a ReflectionClass
ID: 33389 Updated by: [EMAIL PROTECTED] Reported By: antony at zend dot com -Status: Assigned +Status: Closed Bug Type: Zend Engine 2 problem -Operating System: Linux +Operating System: * PHP Version: 5CVS-2005-06-19 Assigned To: helly New Comment: This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: [2005-06-18 03:08:31] [EMAIL PROTECTED] constants are shown by their value, not name (expected?) booleans are not shown at all. [2005-06-18 02:00:53] [EMAIL PROTECTED] This only happens when there is an optional parameter in a method and ONLY if that optional value for the parameter is null or any constant. [2005-06-18 00:32:49] antony at zend dot com Description: Memory related errors while freeing resources after export()ing certain ReflectionClass object. Tested with latest 5.1-CVS and 5.0.5-CVS. See details below. Reproduce code: --- Expected result: . Actual result: -- With Zend MM enabled: Warning: String is not zero-terminated (Z*Z*) (source: /usr/src/dev/php-src_head/Zend/zend_variables.h:35) in Unknown on line 0 [Sat Jun 18 02:20:58 2005] Script: 'index.php' --- /usr/src/dev/php-src_head/Zend/zend_variables.h(35) : Block 0x0845EAE8 status: /usr/src/dev/php-src_head/Zend/zend_variables.c(36) : Actual location (location was relayed) Beginning: Cached (allocated on /usr/src/dev/php-src_head/Zend/zend.c:205, 1 bytes) End: OK --- With Zend MM disabled: Warning: String is not zero-terminated ��@) (source: /usr/src/dev/clean/php-src_head/Zend/zend_variables.h:35) in Unknown on line 0 *** glibc detected *** double free or corruption (!prev): 0x08382470 *** Valgrind output: ==17469== Invalid read of size 1 ==17469==at 0x81AC287: _zval_dtor_func (zend_variables.c:35) ==17469==by 0x81A5ED0: _zval_dtor (zend_variables.h:35) ==17469==by 0x81A58B4: destroy_op_array (zend_opcode.c:236) ==17469==by 0x81A54ED: destroy_zend_function (zend_opcode.c:109) ==17469==by 0x81A5503: zend_function_dtor (zend_opcode.c:121) ==17469==by 0x81B4FCB: zend_hash_destroy (zend_hash.c:519) ==17469==by 0x81A5628: destroy_zend_class (zend_opcode.c:164) ==17469==by 0x81B4F05: zend_hash_del_key_or_index (zend_hash.c:490) ==17469==by 0x81B55C6: zend_hash_reverse_apply (zend_hash.c:736) ==17469==by 0x81A1828: shutdown_executor (zend_execute_API.c:264) ==17469== Address 0x1BDA99C5 is 5 bytes inside a block of size 6 free'd ==17469==at 0x1B9060B1: free (in /usr/lib/valgrind/vgpreload_memcheck.so) ==17469==by 0x81A1DBD: zval_update_constant (zend_execute_API.c:442) ==17469==by 0x81C76D9: _parameter_string (zend_reflection_api.c:565) ==17469==by 0x81C7884: _function_parameter_string (zend_reflection_api.c:601) ==17469==by 0x81C7B39: _function_string (zend_reflection_api.c:670) ==17469==by 0x81C741D: _class_string (zend_reflection_api.c:486) ==17469==by 0x81CC8FF: zif_reflection_class___toString (zend_reflection_api.c:2477) ==17469==by 0x81A31BE: zend_call_function (zend_execute_API.c:867) ==17469==by 0x81A2279: call_user_function_ex (zend_execute_API.c:555) ==17469==by 0x81C8E62: zif_reflection_export (zend_reflection_api.c:1127) ==17469== ==17469== Invalid free() / delete / delete[] ==17469==at 0x1B9060B1: free (in /usr/lib/valgrind/vgpreload_memcheck.so) ==17469==by 0x81AC2BD: _zval_dtor_func (zend_variables.c:36) ==17469==by 0x81A5ED0: _zval_dtor (zend_variables.h:35) ==17469==by 0x81A58B4: destroy_op_array (zend_opcode.c:236) ==17469==by 0x81A54ED: destroy_zend_function (zend_opcode.c:109) ==17469==by 0x81A5503: zend_function_dtor (zend_opcode.c:121) ==17469==by 0x81B4FCB: zend_hash_destroy (zend_hash.c:519) ==17469==by 0x81A5628: destroy_zend_class (zend_opcode.c:164) ==17469==by 0x81B4F05: zend_hash_del_key_or_index (zend_hash.c:490) ==17469==by 0x81B55C6: zend_hash_reverse_apply (zend_hash.c:736) ==17469== Address 0x1BDA99C0 is 0 bytes inside a block of size 6 free'd ==17469==at 0x1B9060B1: free (in /usr/lib/valgrind/vgpreload_memcheck.so) ==17469==by 0x81A1DBD: zval_update_constant (zend_execute_API.c:442) ==17469==by 0x81C76D9: _parameter_string (zend_reflection_api.c:565) ==17469==by 0x81C7884: _function_parameter_string (zend_reflection_api.c:601) ==17469==by 0x81C7B39: _function_string (zend_reflection_api.c:670) ==17469==by 0x81C741D: