From: dmitry at zend dot com
Operating system: *
PHP version: 5.3CVS-2008-01-15 (CVS)
PHP Bug Type: Scripting Engine problem
Bug description: Memory corrution on reuse of assigned value
Description:
------------
Run the following script with valgrind and USE_ZEND_ALLOC=0.
$ USE_ZEND_ALLOC=0 valgrind sapi/cli/php foo.php
Reproduce code:
---------------
<?php
foo();
function foo() {
global $LAST;
($LAST = $LAST + 0) * 1;
echo "ok\n";
}
?>
Expected result:
----------------
ok
Actual result:
--------------
==24239== Conditional jump or move depends on uninitialised value(s)
==24239== at 0x83ED944: zend_pzval_unlock_func (zend_execute.c:69)
==24239== by 0x83EFE9A: _get_zval_ptr_var (zend_execute.c:187)
==24239== by 0x8405823: ZEND_MUL_SPEC_VAR_CONST_HANDLER
(zend_vm_execute.h:8581)
==24239== by 0x83EC05B: execute (zend_vm_execute.h:87)
==24239== by 0x83EC6B4: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:221)
==24239== by 0x83ED270: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(zend_vm_execute.h:309)
==24239== by 0x83EC05B: execute (zend_vm_execute.h:87)
==24239== by 0x83C493D: zend_execute_scripts (zend.c:1139)
==24239== by 0x836B15D: php_execute_script (main.c:2010)
==24239== by 0x844BEBB: main (php_cli.c:1140)
==24239==
==24239== Conditional jump or move depends on uninitialised value(s)
==24239== at 0x83ED994: zend_pzval_unlock_func (zend_execute.c:76)
==24239== by 0x83EFE9A: _get_zval_ptr_var (zend_execute.c:187)
==24239== by 0x8405823: ZEND_MUL_SPEC_VAR_CONST_HANDLER
(zend_vm_execute.h:8581)
==24239== by 0x83EC05B: execute (zend_vm_execute.h:87)
==24239== by 0x83EC6B4: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:221)
==24239== by 0x83ED270: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(zend_vm_execute.h:309)
==24239== by 0x83EC05B: execute (zend_vm_execute.h:87)
==24239== by 0x83C493D: zend_execute_scripts (zend.c:1139)
==24239== by 0x836B15D: php_execute_script (main.c:2010)
==24239== by 0x844BEBB: main (php_cli.c:1140)
==24239==
==24239== Conditional jump or move depends on uninitialised value(s)
==24239== at 0x83ED9A5: zend_pzval_unlock_func (zend_execute.c:76)
==24239== by 0x83EFE9A: _get_zval_ptr_var (zend_execute.c:187)
==24239== by 0x8405823: ZEND_MUL_SPEC_VAR_CONST_HANDLER
(zend_vm_execute.h:8581)
==24239== by 0x83EC05B: execute (zend_vm_execute.h:87)
==24239== by 0x83EC6B4: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:221)
==24239== by 0x83ED270: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(zend_vm_execute.h:309)
==24239== by 0x83EC05B: execute (zend_vm_execute.h:87)
==24239== by 0x83C493D: zend_execute_scripts (zend.c:1139)
==24239== by 0x836B15D: php_execute_script (main.c:2010)
==24239== by 0x844BEBB: main (php_cli.c:1140)
--
Edit bug report at http://bugs.php.net/?id=43851&edit=1
--
Try a CVS snapshot (PHP 4.4):
http://bugs.php.net/fix.php?id=43851&r=trysnapshot44
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=43851&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=43851&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=43851&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=43851&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=43851&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=43851&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=43851&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=43851&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=43851&r=support
Expected behavior: http://bugs.php.net/fix.php?id=43851&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=43851&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=43851&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=43851&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=43851&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=43851&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=43851&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=43851&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=43851&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=43851&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=43851&r=mysqlcfg
