php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70258 Segfault if do_resize fails to allocated memory
Submitted: 2015-08-13 03:57 UTC Modified: -
From: laruence@php.net Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 7.0.0beta3 OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: laruence@php.net
New email:
PHP Version: OS:

 

 [2015-08-13 03:57 UTC] laruence@php.net
Description:
------------
none

Test script:
---------------
<?php
class A {
    public $arr;
    public function core() {
        $i = 0;
        while (1) {
            $this->arr[$i++ . "xxx"] = 1;
        }
    }
}

$a = new A;
$a->core();

Expected result:
----------------
non segfault

Actual result:
--------------
$ sapi/cli/php /tmp/1.php
PHP Fatal error:  Allowed memory size of 134217728 bytes exhausted at /home/huixinchen/opensource/trunk/Zend/zend_hash.c:804 (tried to allocate 75497472 bytes) in /tmp/1.php on line 7

Fatal error: Allowed memory size of 134217728 bytes exhausted at /home/huixinchen/opensource/trunk/Zend/zend_hash.c:804 (tried to allocate 75497472 bytes) in /tmp/1.php on line 7
zend_mm_heap corrupted
Segmentation fault (core dumped)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-08-13 04:15 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a089ce0cc6e0bade9bf94399a13bbd63448874b0
Log: Fixed bug #70258 and #70253
 [2015-08-13 04:15 UTC] laruence@php.net
-Status: Open +Status: Closed
 [2015-08-18 16:24 UTC] ab@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a089ce0cc6e0bade9bf94399a13bbd63448874b0
Log: Fixed bug #70258 and #70253
 [2016-07-20 11:37 UTC] davey@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a089ce0cc6e0bade9bf94399a13bbd63448874b0
Log: Fixed bug #70258 and #70253
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 15:01:30 2024 UTC