You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@thrift.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2017/02/23 14:15:44 UTC

[jira] [Commented] (THRIFT-3984) PHP7 extension causes segfault

    [ https://issues.apache.org/jira/browse/THRIFT-3984?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15880491#comment-15880491 ] 

ASF GitHub Bot commented on THRIFT-3984:
----------------------------------------

Github user zhaakhi commented on the issue:

    https://github.com/apache/thrift/pull/1152
  
    Ping. It would be nice to get this fix in since the double free is potentially a data corrupting bug.


> PHP7 extension causes segfault
> ------------------------------
>
>                 Key: THRIFT-3984
>                 URL: https://issues.apache.org/jira/browse/THRIFT-3984
>             Project: Thrift
>          Issue Type: Bug
>          Components: PHP - Library
>    Affects Versions: 0.10.0
>            Reporter: Fei Dong
>            Priority: Critical
>
> I cant offer a script to reproduce segfault because it  not happens everytime. 
> PHP7 extension use ZVAL_STR to wrap zend_string to zval struct，and later use zval_dtor try to free it.
> https://github.com/apache/thrift/blob/master/lib/php/src/ext/thrift_protocol/php_thrift_protocol7.cpp#L825
> The method_name parameter is pass from PHP script,  and zval_dtor decrement the gc reference count, thus would free the zend_string object but it is still referenced in the script.
> I  changed  ZVAL_STR to ZVAL_STR_COPY, which will add reference count by 1 to the zend_string object ,  apply this patch in our production environment and segfault never happen again
> Another place use ZVAL_STR is [here|https://github.com/apache/thrift/blob/master/lib/php/src/ext/thrift_protocol/php_thrift_protocol7.cpp#L668]. Both this two place need to be fixed 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)