PHP :: Bug #3393 :: crash on break

Bug #3393	crash on break
Submitted:	2000-02-03 05:17 UTC	Modified:	2000-02-12 18:06 UTC
From:	stas at zend dot com	Assigned:
Status:	Closed	Package:	Other
PHP Version:	4.0 Latest CVS (03/02/2000)	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	stas at zend dot com
New email:
PHP Version:		OS:

New Comment:

[2000-02-03 05:17 UTC] stas at zend dot com

Script crashes with:

Program received signal SIGSEGV, Segmentation fault.
0x1fe4e1 in __kill () from /lib/libc.so.6
(gdb) where
#0  0x1fe4e1 in __kill () from /lib/libc.so.6
#1  0x808bc5e in _erealloc (ptr=0x83af684, size=1515873057, allow_failure=0, 
    __zend_filename=0x8139880 "../../Zend/zend_operators.c", 
    __zend_lineno=854, __zend_orig_filename=0x0, __zend_orig_lineno=0)
    at ../../Zend/zend_alloc.c:230
#2  0x8094171 in add_string_to_string (result=0xbfffcb20, op1=0xbfffcb20, 
    op2=0xbfffce98) at ../../Zend/zend_operators.c:854
#3  0x80dd3da in execute (op_array=0x82cb938) at ../../Zend/zend_execute.c:1406
#4  0x80ddb3e in execute (op_array=0x8354454) at ../../Zend/zend_execute.c:1574
#5  0x80ddb3e in execute (op_array=0x835459c) at ../../Zend/zend_execute.c:1574
#6  0x80ddb3e in execute (op_array=0x821b6a8) at ../../Zend/zend_execute.c:1574
#7  0x80ddb3e in execute (op_array=0x81ce59c) at ../../Zend/zend_execute.c:1574
#8  0x8086dcc in php_execute_script (primary_file=0xbffffb4c)
    at /home/php/php4/./main.c:1206
#9  0x809ea21 in apache_php_module_main (r=0x81c11ec, fd=19, 
    display_source_mode=0) at /home/php/php4/sapi/apache/sapi_apache.c:86
#10 0x80835b3 in send_php (r=0x81c11ec, display_source_mode=0, 
    filename=0x81c1d14 "/home/httpd/html/zend/apps.php") at mod_php4.c:419
#11 0x80835f8 in send_parsed_php (r=0x81c11ec) at mod_php4.c:431
#12 0x80e77f3 in ap_invoke_handler (r=0x81c11ec) at http_config.c:508
#13 0x80faa99 in process_request_internal (r=0x81c11ec) at http_request.c:1214
#14 0x80faafc in ap_process_request (r=0x81c11ec) at http_request.c:1230
#15 0x80f24fe in child_main (child_num_arg=0) at http_main.c:4035


In the log, there's additional weird line:
FATAL:  erealloc():  Unable to allocate 1515873057 bytes

The crash point is the script is statement like this:

$ret = <<ENDDOC
<text>
ENDDOC;
return $ret;

where text is some 5K of text. This function crashes on the second call. If I disable "return" statement, crash doesn't happen. Also it doesn't happen if I insert var_dump(strlen($ret)) before return statement. If I insert "print strlen($ret)", it does crash, but on fourth call of the function.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2000-02-04 17:54 UTC] joey at cvs dot php dot net

Try changing the first line to
$ret = <<<ENDDOC

3 <'s...2 is the bitshift operator.
Does this fix your problem?

[2000-02-05 15:28 UTC] andi at cvs dot php dot net

Please try and cut the problem down to a test script which can be run and will still crash.

[2000-02-12 18:06 UTC] andi at cvs dot php dot net

Was fixed by Zeev.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Jul 01 17:01:34 2025 UTC