Hi Wez & Jani,
Following snippet causes double free of memory, corrupts the symbol
table.
<?php
$pk=false;//As openssl_get_publickey($nonsense) can give false
openssl_public_encrypt("Test",$encrypted,$pk);
$pk=false;
?>The culprit is php_openssl_evp_from_zval which is called by openssl_public_encrypt. openssl_public_encrypt reduces the refcount of $pk from 2 to 1. zend_ptr_stack_clear_multiple reduces it again to 0 as a normal cleanup upon return from openssl_public_encrypt. And hence zval associated with $pk is getting freed. But symbol table still refers to freed pointer. The patch for 5.0 Tree is available at, http://puggy.symonds.net/~kameshj/openssl.c.patch.5.0 With regards Kamesh Jayachandran -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
