|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2014-11-07 07:00 UTC] dmitry@php.net
-Status: Open
+Status: Closed
-Assigned To:
+Assigned To: dmitry
[2014-11-07 07:00 UTC] dmitry@php.net
[2014-11-07 07:40 UTC] remi@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Wed Oct 29 10:00:01 2025 UTC |
Description: ------------ In some (hard to reproduce) run conditions, if memory limit is triggered during zend_hash_copy, zend_mm_heap can be corrupted (and can segfault during shutdown). I think the problem occurs in _zend_hash_index_update_or_next_insert, on p = (Bucket *) pemalloc_rel(sizeof(Bucket), ht->persistent); 5.6 also affected Test script: --------------- <?php error_reporting(E_ALL); set_time_limit(5); ini_set('memory_limit', '256M'); $arrayLarge = array_fill(0, 1010911, '*'); echo "Running 5/50 (get_defined_vars).\n"; $array_get_defined_vars_5 = get_defined_vars(); echo "Running 14/50 (array_merge).\n"; $array_array_merge_14 = array_merge($arrayLarge, $array_get_defined_vars_5); echo "Running 30/50 (exec).\n"; $string_exec_30 = exec(false, $arrayLarge); Expected result: ---------------- Running 5/50 (get_defined_vars). Running 14/50 (array_merge). Running 30/50 (exec). PHP Fatal error: Allowed memory size of 268435456 bytes exhausted (tried to allocate 72 bytes) in /home/rcollet/work/0d22753b8b97c56a401d760b9580a08b.php on line 11 zend_mm_heap corrupted Actual result: -------------- Running 5/50 (get_defined_vars). Running 14/50 (array_merge). Running 30/50 (exec). PHP Fatal error: Allowed memory size of 268435456 bytes exhausted (tried to allocate 72 bytes) in /home/rcollet/work/0d22753b8b97c56a401d760b9580a08b.php on line 11 zend_mm_heap corrupted