0002339: Trying to throw an exception can cause a zend_mm_heap corrupted error under specific circumstances

ID	Project	Category	View Status	Date Submitted	Last Update

0002339	Xdebug	Uncategorized	public	2025-04-16 18:42	2025-04-17 16:04

Reporter	RetrowareDavid	Assigned To	derick
Priority	normal	Severity	crash	Reproducibility	always
Status	confirmed	Resolution	open
Platform	macOS	OS	Sequoia	OS Version	15.4 (24E248)
Product Version	3.4.2
Target Version	3.4dev

Summary	0002339: Trying to throw an exception can cause a zend_mm_heap corrupted error under specific circumstances
Description	Modifying a variable in multiple files can cause a `zend_mm_heap corrupted` crash you try to throw an Exception.
Steps To Reproduce	Create two files: File one (`index.php`): `<?php $var = "1234567890123456789012"; $var .= "3"; require_once realpath(__DIR__ . "/second-file.php"); ?>` File two (`second-file.php`): `<?php $var .= "4"; throw new Exception(); ?>` Open the first file with `php index.php` on the command line ---> PHP crashes with a zend_mm_heap corrupted
Additional Information	For the crash to occur: The code needs to be in two files. A variable needs to be created, then modified in the first file, then modified again in the second file. The variable needs to be of a certain size/length at the end of the modifications. I'm not sure if this issue only happens with strings, but in the case of strings, the final length must be at least 24 characters long. It appears that any modification will work, e.g. `substr()`, `strtolower()`, or simple concatenation. This was checked against via Terminal on macOS 15.4 (24E248) using PHP 8.4.5 and 8.4.6 and via Command Prompt on Windows 10 Pro (19045.5737) using PHP 8.4.6. I was not able to reliably reproduce the issue with `USE_ZEND_ALLOC` off, but I am including a crash report from macOS (`php-2025-04-15-144626.ips`). While trying to isolate the problem, though, I did have an `EXC_BAD_ACCESS (SIGSEGV)` crash while `USE_ZEND_ALLOC` was disabled, which is also included just in case (`php-2025-04-11-124429.ips`). I was not able to get a GDB backtrace: When I got to the `run` step, it failed with the error `Don't know how to run. Try "help target".`
Tags	No tags attached.
Attached Files	php-2025-04-15-144626.ips (22,066 bytes) php-2025-04-11-124429.ips (21,894 bytes)

Operating System	macOS 15.4 (24E248) & Windows 10 Pro (19045.5737)
PHP Version	8.4-dev

Date Modified	Username	Field	Change
2025-04-16 18:42	RetrowareDavid	New Issue
2025-04-16 18:42	RetrowareDavid	File Added: php-2025-04-15-144626.ips
2025-04-16 18:42	RetrowareDavid	File Added: php-2025-04-11-124429.ips
2025-04-17 16:04	derick	Assigned To	=> derick
2025-04-17 16:04	derick	Status	new => confirmed
2025-04-17 16:04	derick	Note Added: 0007251
2025-04-17 16:04	derick	Target Version	=> 3.4dev

View Issue Details

Activities

Issue History

derick 2025-04-17 16:04 administrator ~0007251	I can easily reproduce this. Instead of needing the more specific constraints (special length or content), the problem shows up with valgrind regardless.