-
Type: Bug
-
Resolution: Fixed
-
Priority: Critical - P2
-
Affects Version/s: 1.5.2
-
Component/s: None
-
None
Running the attached script with USE_ZEND_ALLOC=0 valgrind php test.php produces:
==1458== Invalid write of size 8 ==1458== at 0xA0E2764: php_phongo_field_path_pop (bson.c:164) ==1458== by 0xA0E3BB9: php_phongo_bson_visit_document (bson.c:956) ==1458== by 0xA05DD89: bson_iter_visit_all (bson-iter.c:1975) ==1458== by 0xA0E392F: php_phongo_bson_visit_document (bson.c:872) ==1458== by 0xA05DD89: bson_iter_visit_all (bson-iter.c:1975) ==1458== by 0xA0E392F: php_phongo_bson_visit_document (bson.c:872) ==1458== by 0xA05DD89: bson_iter_visit_all (bson-iter.c:1975) ==1458== by 0xA0E3CD4: php_phongo_bson_visit_array (bson.c:989) ==1458== by 0xA05DE21: bson_iter_visit_all (bson-iter.c:1987) ==1458== by 0xA0E392F: php_phongo_bson_visit_document (bson.c:872) ==1458== by 0xA05DD89: bson_iter_visit_all (bson-iter.c:1975) ==1458== by 0xA0E392F: php_phongo_bson_visit_document (bson.c:872) ==1458== Address 0xaa6a800 is 0 bytes after a block of size 64 alloc'd ==1458== at 0x48356EF: malloc (vg_replace_malloc.c:298) ==1458== by 0x4837A34: realloc (vg_replace_malloc.c:785) ==1458== by 0x949283: __zend_realloc (zend_alloc.c:2845) ==1458== by 0x94864F: _erealloc (zend_alloc.c:2459) ==1458== by 0xA0E2577: php_phongo_field_path_ensure_allocation (bson.c:124) ==1458== by 0xA0E263E: php_phongo_field_path_write_item_at_current_level (bson.c:136) ==1458== by 0xA0E2719: php_phongo_field_path_push (bson.c:154) ==1458== by 0xA0E38A7: php_phongo_bson_visit_document (bson.c:858) ==1458== by 0xA05DD89: bson_iter_visit_all (bson-iter.c:1975) ==1458== by 0xA0E4222: php_phongo_bson_to_zval_ex (bson.c:1153) ==1458== by 0xA0F62FC: zif_MongoDB_BSON_toPHP (functions.c:75) ==1458== by 0x9DECC7: execute_internal (zend_execute.c:2078) ==1458== ==1458== Invalid write of size 4 ==1458== at 0xA0E2782: php_phongo_field_path_pop (bson.c:165) ==1458== by 0xA0E3BB9: php_phongo_bson_visit_document (bson.c:956) ==1458== by 0xA05DD89: bson_iter_visit_all (bson-iter.c:1975) ==1458== by 0xA0E392F: php_phongo_bson_visit_document (bson.c:872) ==1458== by 0xA05DD89: bson_iter_visit_all (bson-iter.c:1975) ==1458== by 0xA0E392F: php_phongo_bson_visit_document (bson.c:872) ==1458== by 0xA05DD89: bson_iter_visit_all (bson-iter.c:1975) ==1458== by 0xA0E3CD4: php_phongo_bson_visit_array (bson.c:989) ==1458== by 0xA05DE21: bson_iter_visit_all (bson-iter.c:1987) ==1458== by 0xA0E392F: php_phongo_bson_visit_document (bson.c:872) ==1458== by 0xA05DD89: bson_iter_visit_all (bson-iter.c:1975) ==1458== by 0xA0E392F: php_phongo_bson_visit_document (bson.c:872) ==1458== Address 0xaa6a860 is 0 bytes after a block of size 32 alloc'd ==1458== at 0x48356EF: malloc (vg_replace_malloc.c:298) ==1458== by 0x4837A34: realloc (vg_replace_malloc.c:785) ==1458== by 0x949283: __zend_realloc (zend_alloc.c:2845) ==1458== by 0x94864F: _erealloc (zend_alloc.c:2459) ==1458== by 0xA0E25B9: php_phongo_field_path_ensure_allocation (bson.c:125) ==1458== by 0xA0E263E: php_phongo_field_path_write_item_at_current_level (bson.c:136) ==1458== by 0xA0E2719: php_phongo_field_path_push (bson.c:154) ==1458== by 0xA0E38A7: php_phongo_bson_visit_document (bson.c:858) ==1458== by 0xA05DD89: bson_iter_visit_all (bson-iter.c:1975) ==1458== by 0xA0E4222: php_phongo_bson_to_zval_ex (bson.c:1153) ==1458== by 0xA0F62FC: zif_MongoDB_BSON_toPHP (functions.c:75) ==1458== by 0x9DECC7: execute_internal (zend_execute.c:2078)
- links to