I do GC after error_handler execution, because GC stack has limited size
and if I will try to link old garbage with garbage from error_handler I
can overflow it.
Okay, so it seems my patch was not sufficient as it's still possible GC stack will overflow.
Then, could you take a look at the 4.3 branch also? It still seems to have the same problem as HEAD. Besides operations on undefined object properties lead to the same situation with ZE1. (I wasn't able to verify it with ZE2.)
<?php
function custom_err_hdlr($errno, $errstr, $errfile, $errline, $context)
{
echo __FUNCTION__ . "($errstr)\n";
}function foo($x) { return "foo"; }
set_error_handler('custom_err_hdlr');
$a->b[foo("bar")]++;
?>With the above snippet, valgrind reported the following leaks:
==2279== Memcheck, a.k.a. Valgrind, a memory error detector for x86-linux.
==2279== Copyright (C) 2002-2003, and GNU GPL'd, by Julian Seward.
==2279== Using valgrind-2.0.0, a program supervision framework for x86-linux.
==2279== Copyright (C) 2000-2003, and GNU GPL'd, by Julian Seward.
==2279== Estimated CPU clock rate is 1001 MHz
==2279== For more details, rerun with: -v
==2279==
==2279== Conditional jump or move depends on uninitialised value(s)
==2279== at 0x40009520: _dl_relocate_object (in /lib/ld-2.3.2.so)
==2279== by 0x407E1E25: (within /lib/libc-2.3.2.so)
==2279== by 0x4000BF15: _dl_catch_error (in /lib/ld-2.3.2.so)
==2279== by 0x407E20A8: _dl_open (in /lib/libc-2.3.2.so)
==2279==
==2279== Conditional jump or move depends on uninitialised value(s)
==2279== at 0x40009575: _dl_relocate_object (in /lib/ld-2.3.2.so)
==2279== by 0x407E1E25: (within /lib/libc-2.3.2.so)
==2279== by 0x4000BF15: _dl_catch_error (in /lib/ld-2.3.2.so)
==2279== by 0x407E20A8: _dl_open (in /lib/libc-2.3.2.so)
==2279==
==2279== Invalid read of size 1
==2279== at 0x81CCB53: zend_hash_add_or_update (zend_hash.c:238)
==2279== by 0x81DF3E7: zend_fetch_dimension_address_inner (zend_execute.c:648)
==2279== by 0x81D6BEA: zend_fetch_dimension_address (zend_execute.c:787)
==2279== by 0x81D8A3B: execute (zend_execute.c:1290)
==2279== Address 0x42334F14 is 36 bytes inside a block of size 48 free'd
==2279== at 0x4002D07F: realloc (vg_replace_malloc.c:310)
==2279== by 0x81B6662: _erealloc (zend_alloc.c:323)
==2279== by 0x81C44B7: add_string_to_string (zend_operators.c:1017)
==2279== by 0x81D9C1D: execute (zend_execute.c:1483)
==2279==
==2279== Invalid read of size 1
==2279== at 0x81CCB5E: zend_hash_add_or_update (zend_hash.c:238)
==2279== by 0x81DF3E7: zend_fetch_dimension_address_inner (zend_execute.c:648)
==2279== by 0x81D6BEA: zend_fetch_dimension_address (zend_execute.c:787)
==2279== by 0x81D8A3B: execute (zend_execute.c:1290)
==2279== Address 0x42334F14 is 36 bytes inside a block of size 48 free'd
==2279== at 0x4002D07F: realloc (vg_replace_malloc.c:310)
==2279== by 0x81B6662: _erealloc (zend_alloc.c:323)
==2279== by 0x81C44B7: add_string_to_string (zend_operators.c:1017)
==2279== by 0x81D9C1D: execute (zend_execute.c:1483)
==2279==
==2279== Invalid read of size 1
==2279== at 0x81CFE99: zend_inline_hash_func (zend_hash.h:198)
==2279== by 0x81CCCA4: zend_hash_add_or_update (zend_hash.c:240)
==2279== by 0x81DF3E7: zend_fetch_dimension_address_inner (zend_execute.c:648)
==2279== by 0x81D6BEA: zend_fetch_dimension_address (zend_execute.c:787)
==2279== Address 0x42334F14 is 36 bytes inside a block of size 48 free'd
==2279== at 0x4002D07F: realloc (vg_replace_malloc.c:310)
==2279== by 0x81B6662: _erealloc (zend_alloc.c:323)
==2279== by 0x81C44B7: add_string_to_string (zend_operators.c:1017)
==2279== by 0x81D9C1D: execute (zend_execute.c:1483)
==2279==
==2279== Invalid read of size 1
==2279== at 0x4002433F: memcpy (mac_replace_strmem.c:258)
==2279== by 0x81CCF57: zend_hash_add_or_update (zend_hash.c:276)
==2279== by 0x81DF3E7: zend_fetch_dimension_address_inner (zend_execute.c:648)
==2279== by 0x81D6BEA: zend_fetch_dimension_address (zend_execute.c:787)
==2279== Address 0x42334F17 is 39 bytes inside a block of size 48 free'd
==2279== at 0x4002D07F: realloc (vg_replace_malloc.c:310)
==2279== by 0x81B6662: _erealloc (zend_alloc.c:323)
==2279== by 0x81C44B7: add_string_to_string (zend_operators.c:1017)
==2279== by 0x81D9C1D: execute (zend_execute.c:1483)
==2279==
==2279== Invalid read of size 1
==2279== at 0x40024346: memcpy (mac_replace_strmem.c:259)
==2279== by 0x81CCF57: zend_hash_add_or_update (zend_hash.c:276)
==2279== by 0x81DF3E7: zend_fetch_dimension_address_inner (zend_execute.c:648)
==2279== by 0x81D6BEA: zend_fetch_dimension_address (zend_execute.c:787)
==2279== Address 0x42334F16 is 38 bytes inside a block of size 48 free'd
==2279== at 0x4002D07F: realloc (vg_replace_malloc.c:310)
==2279== by 0x81B6662: _erealloc (zend_alloc.c:323)
==2279== by 0x81C44B7: add_string_to_string (zend_operators.c:1017)
==2279== by 0x81D9C1D: execute (zend_execute.c:1483)
==2279==
==2279== Invalid read of size 1
==2279== at 0x4002434D: memcpy (mac_replace_strmem.c:260)
==2279== by 0x81CCF57: zend_hash_add_or_update (zend_hash.c:276)
==2279== by 0x81DF3E7: zend_fetch_dimension_address_inner (zend_execute.c:648)
==2279== by 0x81D6BEA: zend_fetch_dimension_address (zend_execute.c:787)
==2279== Address 0x42334F15 is 37 bytes inside a block of size 48 free'd
==2279== at 0x4002D07F: realloc (vg_replace_malloc.c:310)
==2279== by 0x81B6662: _erealloc (zend_alloc.c:323)
==2279== by 0x81C44B7: add_string_to_string (zend_operators.c:1017)
==2279== by 0x81D9C1D: execute (zend_execute.c:1483)
==2279==
==2279== Invalid read of size 1
==2279== at 0x40024354: memcpy (mac_replace_strmem.c:261)
==2279== by 0x81CCF57: zend_hash_add_or_update (zend_hash.c:276)
==2279== by 0x81DF3E7: zend_fetch_dimension_address_inner (zend_execute.c:648)
==2279== by 0x81D6BEA: zend_fetch_dimension_address (zend_execute.c:787)
==2279== Address 0x42334F14 is 36 bytes inside a block of size 48 free'd
==2279== at 0x4002D07F: realloc (vg_replace_malloc.c:310)
==2279== by 0x81B6662: _erealloc (zend_alloc.c:323)
==2279== by 0x81C44B7: add_string_to_string (zend_operators.c:1017)
==2279== by 0x81D9C1D: execute (zend_execute.c:1483)
==2279== discard syms in /lib/libnss_db-2.2.so due to munmap()
==2279== discard syms in /usr/lib/libdb3.so.3.0.2 due to munmap()
==2279== discard syms in /lib/libnss_files-2.3.2.so due to munmap()
==2279==
==2279== ERROR SUMMARY: 16 errors from 9 contexts (suppressed: 2 from 2)
==2279== malloc/free: in use at exit: 384 bytes in 6 blocks.
==2279== malloc/free: 6085 allocs, 6079 frees, 421559 bytes allocated.
==2279== For a detailed leak analysis, rerun with: --leak-check=yes
==2279== For counts of detected errors, rerun with: -v
Thanks, Moriyoshi
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
