php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68611 Segmentation fault with deep linked list
Submitted: 2014-12-15 13:16 UTC Modified: 2016-05-06 14:55 UTC
Votes:2
Avg. Score:3.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: reen at alphacomm dot nl Assigned:
Status: Duplicate Package: Reproducible crash
PHP Version: 5.6.3 OS: Ubuntu
Private report: No CVE-ID: None
 [2014-12-15 13:16 UTC] reen at alphacomm dot nl
Description:
------------
Tested against:

PHP 5.6.3 (cli) (built: Nov 20 2014 10:45:50) 
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2014 Zend Technologies
with Xdebug v2.2.6, Copyright (c) 2002-2014, by Derick Rethans

AND

PHP 5.5.9-1ubuntu4.5 (cli) (built: Oct 29 2014 11:59:10) 
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2014 Zend Technologies
    with Zend OPcache v7.0.3, Copyright (c) 1999-2014, by Zend Technologies
    with Xdebug v2.2.3, Copyright (c) 2002-2013, by Derick Rethans

Test script:
---------------
<?php
class A {
    public $next;
}

$first = $a = new A();
for ($i = 0; $i < 100000; $i++) {
    $a = $a->next = new A();
}

echo 'Complete'.PHP_EOL;

Expected result:
----------------
Complete

Actual result:
--------------
Complete
Segmentation fault: 11



Complete
Segmentation fault (core dumped)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-12-15 14:11 UTC] derick@php.net
Note: this also happens without opcache and without xdebug
 [2014-12-15 14:13 UTC] derick@php.net
It looks like a stack overflow to me on shutdown:

...
...
#83762 0x0000000000a49b53 in _zval_dtor_func (zvalue=0x7ffff7f9d3d8, __zend_filename=0xfd99b8 "/home/derick/dev/php/php-src.git/Zend/zend_execute.h", __zend_lineno=81)
    at /home/derick/dev/php/php-src.git/Zend/zend_variables.c:54
#83763 0x0000000000a362be in _zval_dtor (zvalue=0x7ffff7f9d3d8, __zend_filename=0xfd99b8 "/home/derick/dev/php/php-src.git/Zend/zend_execute.h", __zend_lineno=81)
    at /home/derick/dev/php/php-src.git/Zend/zend_variables.h:35
#83764 0x0000000000a36385 in i_zval_ptr_dtor (zval_ptr=0x7ffff7f9d3d8, __zend_filename=0xfdba20 "/home/derick/dev/php/php-src.git/Zend/zend_variables.c", __zend_lineno=183)
    at /home/derick/dev/php/php-src.git/Zend/zend_execute.h:81
#83765 0x0000000000a375c6 in _zval_ptr_dtor (zval_ptr=0x7ffff7fa05c8, __zend_filename=0xfdba20 "/home/derick/dev/php/php-src.git/Zend/zend_variables.c", __zend_lineno=183)
    at /home/derick/dev/php/php-src.git/Zend/zend_execute_API.c:426
#83766 0x0000000000a49f5c in _zval_ptr_dtor_wrapper (zval_ptr=0x7ffff7fa05c8) at /home/derick/dev/php/php-src.git/Zend/zend_variables.c:183
#83767 0x0000000000a5f63e in zend_hash_apply_deleter (ht=0x1565ee8 <executor_globals+360>, p=0x7ffff7fa05b0) at /home/derick/dev/php/php-src.git/Zend/zend_hash.c:650
#83768 0x0000000000a5fcaf in zend_hash_reverse_apply (ht=0x1565ee8 <executor_globals+360>, apply_func=0xa36c7e <zval_call_destructor>)
    at /home/derick/dev/php/php-src.git/Zend/zend_hash.c:804
#83769 0x0000000000a36d30 in shutdown_destructors () at /home/derick/dev/php/php-src.git/Zend/zend_execute_API.c:217
#83770 0x0000000000a4c08b in zend_call_destructors () at /home/derick/dev/php/php-src.git/Zend/zend.c:933
#83771 0x00000000009b9c35 in php_request_shutdown (dummy=0x0) at /home/derick/dev/php/php-src.git/main/main.c:1750
#83772 0x0000000000afc046 in do_cli (argc=3, argv=0x1585130) at /home/derick/dev/php/php-src.git/sapi/cli/php_cli.c:1177
#83773 0x0000000000afc73a in main (argc=3, argv=0x1585130) at /home/derick/dev/php/php-src.git/sapi/cli/php_cli.c:1378
 [2014-12-15 18:27 UTC] requinix@php.net
Duplicate of bug #68606.
 [2016-05-06 14:55 UTC] nikic@php.net
-Status: Open +Status: Duplicate
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Oct 31 23:01:28 2024 UTC