-
Type:
Bug
-
Status: Closed
-
Priority:
Critical
-
Resolution: Fixed
-
Affects Version/s: 0.10.0
-
Fix Version/s: 0.11.0
-
Component/s: PHP - Library
-
Labels:None
I cant offer a script to reproduce segfault because it not happens everytime.
PHP7 extension use ZVAL_STR to wrap zend_string to zval struct,and later use zval_dtor try to free it.
The method_name parameter is pass from PHP script, and zval_dtor decrement the gc reference count, thus would free the zend_string object but it is still referenced in the script.
I changed ZVAL_STR to ZVAL_STR_COPY, which will add reference count by 1 to the zend_string object , apply this patch in our production environment and segfault never happen again
Another place use ZVAL_STR is here. Both this two place need to be fixed
- links to