Re: 16-bit reference count in PHP 4's zval

From:	Marcus Boerger	Date:	Sat, 07 Jan 2006 11:24:39 +0000
Subject:	Re: 16-bit reference count in PHP 4's zval
References:	1	Groups:	php.internals
Request:	Send a blank email to internals+get-21442@lists.php.net to get a copy of this message

Hello Tim,

  that's a major API break so we would need to make that 4.5. Which is kind
of out of question atm. Just change to 5.

marcus

Saturday, January 7, 2006, 5:47:27 AM, you wrote:

> I've had some trouble with large arrays in my PHP programs causing
> corruption of the heap. I tracked the problem back to PHP 4's 16-bit
> reference count. If you have more than 64K references to a given zval, the
> counter will overflow, then when the references are freed, the object will
> be double-freed, causing a segfault. Dangling references are also possible,
> allowing reading and writing of subsequently allocated blocks.

> No doubt the PHP dev team are aware of this already, since it was fixed in
> PHP 5, by using a 32-bit type instead. My question is: is there any
> intention to backport this simple but important bugfix to PHP 4? Many PHP
> users are still using PHP 4, and it's not a very well advertised fact that
> it does not properly support arrays with more than 64K entries.

> -- Tim Starling




Best regards,
 Marcus


   

Thread (8 messages)

• Tim StarlingSat, 07 Jan 2006 04:47:27 +0000
  • Marcus BoergerSat, 07 Jan 2006 11:24:39 +0000
  • Zeev SuraskiSun, 08 Jan 2006 15:12:35 +0000
    • Tim StarlingSun, 08 Jan 2006 22:00:41 +0000
      • Zeev SuraskiMon, 09 Jan 2006 07:52:13 +0000
      • Alan PinsteinMon, 09 Jan 2006 18:57:32 +0000
        • Tim StarlingTue, 10 Jan 2006 01:33:29 +0000
          • Jani TaskinenTue, 10 Jan 2006 07:40:39 +0000