php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75636 Stack overflow during garbage collection
Submitted: 2017-12-06 05:49 UTC Modified: 2018-03-10 17:21 UTC
Votes:4
Avg. Score:3.8 ± 0.8
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:0 (0.0%)
From: benoit dot david at free dot fr Assigned:
Status: Open Package: Reproducible crash
PHP Version: 7.2.0 OS: Docker Version 17.09.0
Private report: No CVE-ID: None
 [2017-12-06 05:49 UTC] benoit dot david at free dot fr
Description:
------------
The test script below works fine for 10 iterations but crashes (Segmentation fault) for 400000 iterations while it shouldn't crash.

Uses Php 7.2 on docker (Version 17.09.0-ce-mac35 (19611))
with no extension.

Test script:
---------------
<?php
class Lim {
  public $id;
  public $inv;
  public $fi;
  function __construct($id) { $this->id = $id; $this->inv = new Inv($this); }
};

class Inv {
  public $inv;
  public $fi;
  function __construct($inv) { $this->inv = $inv; }
}

$max = 400000;
//$max = 10;

$lim0 = new Lim(0);
$limp = $lim0;
for ($i=1; $i<$max; $i++) {
  $lim = new Lim($i);
  $lim->fi = $limp->inv;
  $limp->inv->fi = $lim;
  $limp = $lim;
}



Expected result:
----------------
The above script should not crash for 400000 iterations.

Actual result:
--------------
The above script crashes for 400000 iterations.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-12-08 18:47 UTC] ab@php.net
-Status: Open +Status: Feedback
 [2017-12-08 18:47 UTC] ab@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2017-12-10 09:04 UTC] benoit dot david at free dot fr
-Status: Feedback +Status: Open
 [2017-12-10 09:04 UTC] benoit dot david at free dot fr
Here is the backtrace from gdb:
#0  0x0000563b94600d95 in gc_mark_grey (
    ref=<error reading variable: Cannot access memory at address 0x7ffd2031bfe8>)
    at /usr/local/src/php-7.2.0/Zend/zend_gc.c:477
#1  0x0000563b94600efc in gc_mark_grey (ref=0x7f1bed1b2460)
    at /usr/local/src/php-7.2.0/Zend/zend_gc.c:511
 [2017-12-16 21:10 UTC] nikic@php.net
Stack overflow in GC -- we should have a duplicate for this somewhere. The closest I could find is bug #68606, which is not quite the same.
 [2018-03-10 17:21 UTC] nikic@php.net
-Summary: php crashes with too many objects +Summary: Stack overflow during garbage collection
 [2022-11-28 06:26 UTC] barrykaauamo125 at gmail dot com
This article is truly astounding. Appreciative for sharing such mind blowing information. (https://www.my-loyola.com/)github.com
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Oct 31 23:01:28 2024 UTC