Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:89059
Return-Path: <dmitry@zend.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 90215 invoked from network); 3 Nov 2015 19:58:18 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 3 Nov 2015 19:58:18 -0000
Authentication-Results: pb1.pair.com smtp.mail=dmitry@zend.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=dmitry@zend.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain zend.com designates 209.85.223.178 as permitted sender)
X-PHP-List-Original-Sender: dmitry@zend.com
X-Host-Fingerprint: 209.85.223.178 mail-io0-f178.google.com  
Received: from [209.85.223.178] ([209.85.223.178:35858] helo=mail-io0-f178.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id BC/C8-13519-9D119365 for <internals@lists.php.net>; Tue, 03 Nov 2015 14:58:18 -0500
Received: by ioll68 with SMTP id l68so31150080iol.3
        for <internals@lists.php.net>; Tue, 03 Nov 2015 11:58:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=zend_com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:date:message-id:subject:from:to:cc:content-type;
        bh=MCG7yJPtKqSxLkiKwIGO9s+TpCpUj0HKENf6YBAG7Ko=;
        b=LP6c5p8zsqjBLi/xQ5DVqhA1HH9P0w7dpgTnGjCNd1EMMT8658wn35GsYoWzcVztTU
         IWj+dJa+JoDMKFP+R6J2feOxxhb07dwN+zzP43rZ3HfnDMBc0O+P9VsypWEJCLbG7L1m
         teHB6CccpguTN/rcdVh9pJ4zFjcKODG4yhUWQu8boMx0+qwtHgAj1YB8bZOF22Ej43ku
         OffyS+/sul52O+az7sdPLusBqOIqeUwy5ysb/V22fR8gUo96LJRCou4deEkQ/i3tduF9
         YgKJDfr982oq6pXpBHD/XkWGZv0PV6Bjjg3IxRkxhBx/j1mjc/UrSv7fdcPgEVMeKJW0
         7Suw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:date:message-id:subject:from:to:cc
         :content-type;
        bh=MCG7yJPtKqSxLkiKwIGO9s+TpCpUj0HKENf6YBAG7Ko=;
        b=SPXrUTehDqwtFaDpRa0XTH52p3ruzifFSG5FOwqtjlZ3DS6c9CLj+TlRMFykvHx+sY
         B7NJSPcxdenQzTzz5JCK2iUv8o68Bfc8ZWu6fIbu0uo/llKN582Jbr30DLg+zpHl95k8
         5PnzPjYRpIT6un+UuyUnG9cW7VO1pcV2nZ6X/M6sGkoXGTXHGxyCWsBG1SaWiLjrADoi
         VAh0VgOAMXrHDegp8mIERhgmy9kaM61br6+y1oVOzJXBQVH6bl+dvRUxdL1wWrdQ6ew0
         jVNd0lvMSiJGm7s5DsZ6a8IJ4Qw50HYkUmswJ8PbIY+MroajeSMco3fWSrI0XLp3QbV2
         +Z0g==
X-Gm-Message-State: ALoCoQlrmvYSDvnQgmkoQoXpkVSFUTC8hXTZrmoOEvMxefa0OwiGpTOAs0Avkvo9tEN5nYygx14Z6rKPHBQ77KHiA8GMqi+fXMHUmpaaVT2rZAq+AavIK68BllbnvpfFYRW7zLkqxRCKsRjR+4ULZ/K+JuhcHVWtrRH0eBreM55yS/olsHqV9kM=
MIME-Version: 1.0
X-Received: by 10.107.15.17 with SMTP id x17mr30193565ioi.196.1446580694137;
 Tue, 03 Nov 2015 11:58:14 -0800 (PST)
Received: by 10.50.73.166 with HTTP; Tue, 3 Nov 2015 11:58:14 -0800 (PST)
Date: Tue, 3 Nov 2015 22:58:14 +0300
Message-ID: <CA+9eiLvPy_bp6djdw902i=cfaLq94-9-KDQVBWhgCYoWeWX1JA@mail.gmail.com>
To: Xinchen Hui <xinchen.h@zend.com>, Anatol Belski <ab@php.net>, Nikita Popov <nikita.ppv@gmail.com>
Cc: PHP Internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a113f1e2069dbec0523a850ed
Subject: Bug #70805 (Segmentation faults whilst running Drupal 8 test suite)
From: dmitry@zend.com (Dmitry Stogov)

--001a113f1e2069dbec0523a850ed
Content-Type: text/plain; charset=UTF-8

Hi,

I think, I found the root problem of https://bugs.php.net/bug.php?id=70805

unset($a) or unser($GLOBAL["a"]) triggered GC and destructors calls that
tried to release the same global variable $a  once again. As result it's
reference counter was decremented twice and this caused use-after-free,
double-free, etc.

The proposed cumulative fix for all related problems:

https://gist.github.com/dstogov/7aa9d24876e2b3fce8c5

Xinchen, could you please review and verify this once again,
then add necessary tests and commit.

Thanks. Dmitry.

--001a113f1e2069dbec0523a850ed--