php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #38543 shutdown_executor() may segfault when memory_limit is too low
Submitted: 2006-08-22 09:58 UTC Modified: 2006-08-22 12:05 UTC
From: tony2001@php.net Assigned: dmitry (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 5.2.0RC2 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: tony2001@php.net
New email:
PHP Version: OS:

 

 [2006-08-22 09:58 UTC] tony2001@php.net
Description:
------------
PHP segfaults when memory_limit is too low (like 1 byte).
The problem is that shutdown_executor() doesn't expect global hashes to be NULL and tries to destroy/free them, which leads to segfault.
It's not a problem to add required if()'s, but we'd have to add them in places which are used very often (like zend_hash_*() funcs) and this may affect performance.
Reproducible with both 5_2 and HEAD branches.

Reproduce code:
---------------
php.ini:
memory_limit=1

php -r 'echo "ok\n";'

Expected result:
----------------
ok

Actual result:
--------------
Fatal error: Allowed memory size of 1 bytes exhausted at /local/dev/php-src_5_2/Zend/zend_ini.c:246 (tried to allocate 2 bytes) in Unknown on line 0
[Tue Aug 22 13:51:18 2006]  Script:  '-'
---------------------------------------
/local/dev/php-src_5_2/Zend/zend_hash.c(646) : Block 0x00000000 status:
NULL
---------------------------------------

Program received signal SIGSEGV, Segmentation fault.
0x08180729 in _zend_is_inconsistent (ht=0x0, file=0x8259438 "/local/dev/php-src_5_2/Zend/zend_hash.c", line=727) at /local/dev/php-src_5_2/Zend/zend_hash.c:53
53              if (ht->inconsistent==HT_OK) {
(gdb) bt
#0  0x08180729 in _zend_is_inconsistent (ht=0x0, file=0x8259438 "/local/dev/php-src_5_2/Zend/zend_hash.c", line=727) at /local/dev/php-src_5_2/Zend/zend_hash.c:53
#1  0x08182468 in zend_hash_reverse_apply (ht=0x0, apply_func=0x816efa7 <zend_cleanup_function_data>) at /local/dev/php-src_5_2/Zend/zend_hash.c:727
#2  0x0816a988 in shutdown_executor () at /local/dev/php-src_5_2/Zend/zend_execute_API.c:275
#3  0x08177d1b in zend_deactivate () at /local/dev/php-src_5_2/Zend/zend.c:839
#4  0x08130e35 in php_request_shutdown (dummy=0x0) at /local/dev/php-src_5_2/main/main.c:1300
#5  0x081de00c in main (argc=3, argv=0xbfffefe4) at /local/dev/php-src_5_2/sapi/cli/php_cli.c:1250


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-08-22 12:05 UTC] dmitry@php.net
Fixed in CVS HEAD and PHP_5_2.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 10:01:29 2024 UTC