I've had some trouble with large arrays in my PHP programs causing corruption of the heap. I tracked the problem back to PHP 4's 16-bit reference count. If you have more than 64K references to a given zval, the counter will overflow, then when the references are freed, the object will be double-freed, causing a segfault. Dangling references are also possible, allowing reading and writing of subsequently allocated blocks.
No doubt the PHP dev team are aware of this already, since it was fixed in PHP 5, by using a 32-bit type instead. My question is: is there any intention to backport this simple but important bugfix to PHP 4? Many PHP users are still using PHP 4, and it's not a very well advertised fact that it does not properly support arrays with more than 64K entries. -- Tim Starling -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
