PHP :: Bug #39640 :: Segfault with "Allowed memory size exhausted"

Bug #39640	Segfault with "Allowed memory size exhausted"
Submitted:	2006-11-26 18:55 UTC	Modified:	2006-12-01 13:55 UTC
From:	phpbugs at thequod dot de	Assigned:	dmitry (profile)
Status:	Closed	Package:	Reproducible crash
PHP Version:	5CVS-2006-11-26 (CVS)	OS:	Ubuntu Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	phpbugs at thequod dot de
New email:
PHP Version:		OS:

New Comment:

[2006-11-26 18:55 UTC] phpbugs at thequod dot de

Description:
------------
If the memory limit gets exhausted in a line like:
        $a = new stdClass;
PHP segfaults during shutdown.


Reproduce code:
---------------
<?php

$o = new stdClass;

$i = 0;
while( ++$i )
{
        $a = new stdClass;
        $a->foo = rand(1000, 9999);
        $a->bar = rand(1000, 9999);
        $o->a[$i] = $a;
}
?>

Expected result:
----------------
No segmentation fault.

Actual result:
--------------
Fatal error: Allowed memory size of 16777216 bytes 
exhausted (tried to allocate 40 bytes) 
in /X/memory_usage1.php on line 8

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1218541376 (LWP 549)]
_zend_mm_free_int (heap=0x8606160, p=0x860624c) 
at /PHP_5_2/Zend/zend_alloc.c:1332
1332    /PHP_5_2/Zend/zend_alloc.c: No such file or 
directory.
        in /PHP_5_2/Zend/zend_alloc.c
(gdb) bt
#0  _zend_mm_free_int (heap=0x8606160, p=0x860624c) 
at /PHP_5_2/Zend/zend_alloc.c:1332
#1  0x0831a5e2 in zend_object_std_dtor (object=0xb6586ff0) 
at /PHP_5_2/Zend/zend_objects.c:45
#2  0x0831a60a in zend_objects_free_object_storage 
(object=0xb6586ff0) at /PHP_5_2/Zend/zend_objects.c:122
#3  0x0831d4ef in zend_objects_store_free_object_storage 
(objects=0x8605988) at /PHP_5_2/Zend/zend_objects_API.c:89
#4  0x082f9b75 in shutdown_executor () 
at /PHP_5_2/Zend/zend_execute_API.c:299
#5  0x08304cf4 in zend_deactivate () 
at /PHP_5_2/Zend/zend.c:841
#6  0x082c9290 in php_request_shutdown (dummy=0x0) 
at /PHP_5_2/main/main.c:1306
#7  0x083882ad in main (argc=3, argv=0xbf8aef94) 
at /PHP_5_2/sapi/cgi/cgi_main.c:1792

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-11-27 09:52 UTC] tony2001@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

[2006-11-27 20:15 UTC] phpbugs at thequod dot de

There's only a sqlite related fix, if I do "cvs diff"?!

[2006-11-27 21:33 UTC] iliaa@php.net

Is your PHP build with --enable-debug? If it is on out-of-
memory error PHP dies with a segv.

[2006-11-27 22:06 UTC] phpbugs at thequod dot de

No debug build.

It does not happen always, only if the memory gets 
exhausted in line 8 ("$a = new stdClass;"), not if it gets 
exhausted in a line like "$a->foo = rand(1000, 9999);".


Here's a backtrace from CLI:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1219950928 (LWP 535)]
_zend_mm_free_int (heap=0x85ff1d8, p=<value optimized 
out>) at /usr/local/src/PHP_5_2/Zend/zend_alloc.c:1332
1332                    if 
(ZEND_MM_IS_FREE_BLOCK(next_block)) {
(gdb) bt
#0  _zend_mm_free_int (heap=0x85ff1d8, p=<value optimized 
out>) at /usr/local/src/PHP_5_2/Zend/zend_alloc.c:1332
#1  0x08325073 in zend_object_std_dtor (object=0xb2352ff0) 
at /usr/local/src/PHP_5_2/Zend/zend_objects.c:45
#2  0x083250a2 in zend_objects_free_object_storage 
(object=0xb2352ff0) 
at /usr/local/src/PHP_5_2/Zend/zend_objects.c:122
#3  0x08327e6d in zend_objects_store_free_object_storage 
(objects=0x85fedc8) 
at /usr/local/src/PHP_5_2/Zend/zend_objects_API.c:89
#4  0x083035d1 in shutdown_executor () 
at /usr/local/src/PHP_5_2/Zend/zend_execute_API.c:299
#5  0x0830e3a3 in zend_deactivate () 
at /usr/local/src/PHP_5_2/Zend/zend.c:841
#6  0x082cf36c in php_request_shutdown (dummy=0x0) 
at /usr/local/src/PHP_5_2/main/main.c:1306
#7  0x0838482d in main (argc=2, argv=0xbfd22424) 
at /usr/local/src/PHP_5_2/sapi/cli/php_cli.c:1259


$ php -v
PHP 5.2.1-dev (cli) (built: Nov 27 2006 03:16:44)
Copyright (c) 1997-2006 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2006 Zend 
Technologies

[2006-11-27 22:28 UTC] tony2001@php.net

Thanks for the last hint, now I can replicate it. 
It happens when an object is not initialized properly (because of the memory limit).
Please give me some time, I'll try to find a solution..

[2006-11-28 10:26 UTC] tony2001@php.net

Reassigned to Dmitry, he said he'll take a look at it along with other memory manager related problems.

[2006-12-01 13:55 UTC] dmitry@php.net

Fixed in CVS HEAD and PHP_5_2.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 13:01:29 2024 UTC