Segfault while using `Ds\Set`

[MarioHoberg]

While debugging a segfault in a rather complex PHP application, I was able to reproduce the segfault with the following PHP code:

<?php

use Ds\Set;

class x {
  private function __construct(private string $x) {}
  public static function make(string $x): self { return new static($x); }
  public function __toString(): string { return $this->x; }
}

$strings = ["z", "abcdefghijklmnopqrstuvwx"];
$set = (new Set($strings))->map(x::make(...));

var_dump($set);
echo $set->join(', ');
var_dump($set);

// var_dump($set->map(fn (x $s) => $s->__toString()));
// will throw zend_mm_heap corrupted

The problem was first observed on Debian Bookworm running PHP 8.2
The issue also exists using recent PHP 8.5 docker and the following wrapper script

#!/bin/sh

pecl install ds
docker-php-ext-enable ds
php test.php

called as docker run -it --rm -v "$PWD":/app -w /app php:cli ./test.sh

Output:

bject(Ds\Set)#5 (2) {
  [0]=>
  object(x)#3 (1) {
    ["x":"x":private]=>
    string(1) "z"
  }
  [1]=>
  object(x)#4 (1) {
    ["x":"x":private]=>
    string(24) "abcdefghijklmnopqrstuvwx"
  }
}
z, abcdefghijklmnopqrstuvwxobject(Ds\Set)#5 (2) {
  [0]=>
  object(x)#3 (1) {
    ["x":"x":private]=>
    string(1) "z"
  }
  [1]=>
  object(x)#4 (1) {
    ["x":"x":private]=>
    string(139669686027048) "Segmentation fault (core dumped)

[ndossche]

Filed #225 to fix this, it already broke a php debug build prior to your commented out code.

[taisph]

FWIW I've been getting segfaults using Ds\Deque and Ds\Queue lately. Building the extension from latest master seems to solve this.

[ndossche]

I think the last release is missing out on some fixes. We could kindly request @rtheunissen to make a new release.