php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #49292 infinite recursive call in ob_011.phpt
Submitted: 2009-08-19 08:45 UTC Modified: 2009-09-25 01:00 UTC
Votes:4
Avg. Score:5.0 ± 0.0
Reproduced:4 of 4 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (25.0%)
From: dmendolia@php.net Assigned:
Status: No Feedback Package: Output Control
PHP Version: 5.2.11RC1 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: dmendolia@php.net
New email:
PHP Version: OS:

 

 [2009-08-19 08:45 UTC] dmendolia@php.net
Description:
------------
When you call :

make test TESTS=./tests/output/ob_011.phpt

see : http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/tests/output/ob_011.phpt?view=markup

The execution don't fail anymore, consequence a infinite recursive call.

1) ob_start having a function in call back with ob_get_flush inside.
2) ob_get_flush invoking the callback function of ob_start


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-08-20 11:22 UTC] jani@php.net
Exactly how does it end up in infinite loop? It fails as expected for me, just as it has since it was added..
 [2009-08-20 13:53 UTC] dmendolia@php.net
With valgrind, I have more or less the same output than :

http://gcov.php.net/viewer.php?version=PHP_5_2&func=valgrind&file=tests%2Foutput%2Fob_011.phpt


==26235== Stack overflow in thread 1: can't grow stack to 0xBE763FF8
==26235==
==26235== Process terminating with default action of signal 11 (SIGSEGV)
==26235==  Access not within mapped region at address 0xBE763FF8
==26235==    at 0x8371CC0: zend_hash_quick_find (zend_hash.c:903)
==26235== Stack overflow in thread 1: can't grow stack to 0xBE763FEC
==26235==
==26235== Process terminating with default action of signal 11 (SIGSEGV)
==26235==  Access not within mapped region at address 0xBE763FEC
==26235==    at 0x401E200: _vgnU_freeres (vg_preloaded.c:56)

And the diff is : 
001+ Segmentation fault
001- Fatal error: ob_get_flush(): Cannot use output buffering in output buffering display handlers in %sob_011.php on line %d
 [2009-08-20 15:05 UTC] jani@php.net
Yes, the test is expected to fail. What is the bug here?
 [2009-08-20 15:45 UTC] dmendolia@php.net
Yes you are right, I was not clear. The problem isn't that it fail.

Is that when, I do "make test" the execution never stop if i don't kill the execution.

if I use "run-tests.php", it produce a 
Expected fail   :    1 (100.0%) (100.0%)

Like expected
 [2009-09-17 15:44 UTC] jani@php.net
Please try using this snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/

And if it still crashes, provide the full configure line you used.
 [2009-09-20 09:36 UTC] PromyLOPh at lavabit dot com
Snapshot (php5.2-200909200830) still crashes.

Valgrind report:
$ valgrind ./sapi/cli/php tests/output/ob_011.phpt
==2561== Memcheck, a memory error detector.
==2561== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==2561== Using LibVEX rev 1854, a library for dynamic binary translation.
==2561== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==2561== Using valgrind-3.3.1-Debian, a dynamic binary instrumentation framework.
==2561== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==2561== For more details, rerun with: -v
==2561== 
--TEST--
output buffering - fatalism
--XFAIL--
This test will fail until the fix in version 1.178 of ext/main/output.c
is backported from php 6
--FILE--
==2561== Stack overflow in thread 1: can't grow stack to 0x7FE801FD8
==2561== 
==2561== Process terminating with default action of signal 11 (SIGSEGV)
==2561==  Access not within mapped region at address 0x7FE801FD8
==2561==    at 0x720CA2: ZEND_RECV_SPEC_HANDLER (zend_execute.c:276)
==2561== Stack overflow in thread 1: can't grow stack to 0x7FE801FD0
==2561== 
==2561== Process terminating with default action of signal 11 (SIGSEGV)
==2561==  Access not within mapped region at address 0x7FE801FD0
==2561==    at 0x4A1D310: _vgnU_freeres (vg_preloaded.c:56)
==2561== 
==2561== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 27 from 3)
==2561== malloc/free: in use at exit: 8,537,327 bytes in 14,555 blocks.
==2561== malloc/free: 15,101 allocs, 546 frees, 9,428,515 bytes allocated.
==2561== For counts of detected errors, rerun with: -v
==2561== searching for pointers to 14,555 not-freed blocks.
==2561== checked 12,431,728 bytes.
==2561== 
==2561== LEAK SUMMARY:
==2561==    definitely lost: 0 bytes in 0 blocks.
==2561==      possibly lost: 0 bytes in 0 blocks.
==2561==    still reachable: 8,537,327 bytes in 14,555 blocks.
==2561==         suppressed: 0 bytes in 0 blocks.
==2561== Rerun with --leak-check=full to see details of leaked memory.
Speicherzugriffsfehler

Configure args:
$ ./configure --with-config-file-path=/home/www-data/conf --prefix=/home/promyloph/testenv/php --without-openssl --with-curl=/usr --without-pear --with-gd --with-jpeg-dir=/usr --with-png-dir=/usr --with-freetype-dir=/usr --with-gettext=/usr --with-mcrypt --with-mysql=/usr/local/mysql --with-mysqli --with-pdo-mysql=/usr/local/mysql --with-zlib=/usr --with-bz2=/usr --disable-ipv6 --enable-cli --disable-safe-mode --enable-exif --enable-libxml --with-libxml-dir=/usr --enable-session --enable-magic-quotes --disable-sigchild --enable-mbstring --enable-gd-jis-conv --enable-gd-native-ttf --enable-fastcgi --enable-force-cgi-redirect --disable-debug --with-pcre-regex=/usr --disable-posix

$ uname -a
Linux * 2.6.26-2-amd64 #1 SMP Wed Aug 19 22:33:18 UTC 2009 x86_64 GNU/Linux

$ gcc -v
Using built-in specs.
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Debian 4.3.2-1.1' --with-bugurl=file:///usr/share/doc/gcc-4.3/README.Bugs --enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr --enable-shared --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --enable-nls --with-gxx-include-dir=/usr/include/c++/4.3 --program-suffix=-4.3 --enable-clocale=gnu --enable-libstdcxx-debug --enable-objc-gc --enable-mpfr --enable-cld --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu
Thread model: posix
gcc version 4.3.2 (Debian 4.3.2-1.1)
 [2009-09-25 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2009-12-27 12:38 UTC] michael at schmidt2 dot de
I'm running Solaris 10. On that system it's worse ! Whole system 
freezes. You cannot be serious to let THIS happen.

Please remove this test.

balrog.# php -v
PHP 5.3.1 (cli) (built: Dec 27 2009 12:23:33)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2009 Zend Technologies
balrog.# uname -a
SunOS balrog 5.10 Generic_139555-08 sun4u sparc SUNW,UltraSPARC-IIi-
cEngine
 [2010-09-12 22:59 UTC] thepixeldeveloper at googlemail dot com
Had this problem recently. The test went into an infinite loop, the machine ran 
out of RAM and died.

Here is the Makefile: http://pastebin.com/inMt4AFX
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 12:01:31 2024 UTC