Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:10246 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 62921 invoked by uid 1010); 2 Jun 2004 12:57:49 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 62843 invoked from network); 2 Jun 2004 12:57:48 -0000 Received: from unknown (HELO e-matters.de) (217.69.76.213) by pb1.pair.com with SMTP; 2 Jun 2004 12:57:48 -0000 Received: (qmail 394 invoked by uid 0); 2 Jun 2004 12:53:27 -0000 Received: from p508d7424.dip.t-dialin.net (HELO ?192.168.1.77?) (80.141.116.36) by /var/run/qmail-smtp.pid with SMTP; 2 Jun 2004 12:53:27 -0000 Message-ID: <40BDCF45.3010203@php.net> Date: Wed, 02 Jun 2004 14:59:49 +0200 User-Agent: Mozilla Thunderbird 0.6 (Windows/20040502) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Stanislav Malyshev , internals@lists.php.net References: <40BDBD4D.4050905@php.net> <40BDC6F4.2070109@php.net> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] ZendEngine 2 - Double Free BUG From: sesser@php.net (Stefan Esser) Stanislav Malyshev wrote: > I think you are right, it should be fixed in zend_post_incdec_property. Do > you have reproducing code example so it can be tested? No it cannot be tested. In the default configuration Zend_MM is activated. This will catch double frees. No violation will happen when it is activated. This is why valgrind etc... do not catch it. And I think there is another bug with simple classes on termination of a request. class xy { function a() { } } $y = new xy(); crashes over here with Hardened-PHP applied AND maintainer-zts activated. It crashs in a llist destruction from within zend_deactivate. The reason for the crash seems that the memory pointed to by TRMS_ls is already freed. Stefan