php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #49292 infinite recursive call in ob_011.phpt
Submitted: 2009-08-19 08:45 UTC Modified: 2009-09-25 01:00 UTC
Votes:4
Avg. Score:5.0 ± 0.0
Reproduced:4 of 4 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (25.0%)
From: dmendolia@php.net Assigned:
Status: No Feedback Package: Output Control
PHP Version: 5.2.11RC1 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: dmendolia@php.net
New email:
PHP Version: OS:

 

 [2009-08-19 08:45 UTC] dmendolia@php.net 
Description:
------------
When you call :

make test TESTS=./tests/output/ob_011.phpt

see : http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/tests/output/ob_011.phpt?view=markup

The execution don't fail anymore, consequence a infinite recursive call.

1) ob_start having a function in call back with ob_get_flush inside.
2) ob_get_flush invoking the callback function of ob_start

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-08-20 11:22 UTC] jani@php.net 
Exactly how does it end up in infinite loop? It fails as expected for me, just as it has since it was added..
 [2009-08-20 13:53 UTC] dmendolia@php.net 
With valgrind, I have more or less the same output than :

http://gcov.php.net/viewer.php?version=PHP_5_2&func=valgrind&file=tests%2Foutput%2Fob_011.phpt


==26235== Stack overflow in thread 1: can't grow stack to 0xBE763FF8
==26235==
==26235== Process terminating with default action of signal 11 (SIGSEGV)
==26235==  Access not within mapped region at address 0xBE763FF8
==26235==    at 0x8371CC0: zend_hash_quick_find (zend_hash.c:903)
==26235== Stack overflow in thread 1: can't grow stack to 0xBE763FEC
==26235==
==26235== Process terminating with default action of signal 11 (SIGSEGV)
==26235==  Access not within mapped region at address 0xBE763FEC
==26235==    at 0x401E200: _vgnU_freeres (vg_preloaded.c:56)

And the diff is : 
001+ Segmentation fault
001- Fatal error: ob_get_flush(): Cannot use output buffering in output buffering display handlers in %sob_011.php on line %d
 [2009-08-20 15:05 UTC] jani@php.net 
Yes, the test is expected to fail. What is the bug here?
 [2009-08-20 15:45 UTC] dmendolia@php.net 
Yes you are right, I was not clear. The problem isn't that it fail.

Is that when, I do "make test" the execution never stop if i don't kill the execution.

if I use "run-tests.php", it produce a 
Expected fail   :    1 (100.0%) (100.0%)

Like expected
 [2009-09-17 15:44 UTC] jani@php.net 
Please try using this snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/

And if it still crashes, provide the full configure line you used.
 [2009-09-20 09:36 UTC] PromyLOPh at lavabit dot com 
Snapshot (php5.2-200909200830) still crashes.

Valgrind report:
$ valgrind ./sapi/cli/php tests/output/ob_011.phpt
==2561== Memcheck, a memory error detector.
==2561== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==2561== Using LibVEX rev 1854, a library for dynamic binary translation.
==2561== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==2561== Using valgrind-3.3.1-Debian, a dynamic binary instrumentation framework.
==2561== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==2561== For more details, rerun with: -v
==2561== 
--TEST--
output buffering - fatalism
--XFAIL--
This test will fail until the fix in version 1.178 of ext/main/output.c
is backported from php 6
--FILE--
==2561== Stack overflow in thread 1: can't grow stack to 0x7FE801FD8
==2561== 
==2561== Process terminating with default action of signal 11 (SIGSEGV)
==2561==  Access not within mapped region at address 0x7FE801FD8
==2561==    at 0x720CA2: ZEND_RECV_SPEC_HANDLER (zend_execute.c:276)
==2561== Stack overflow in thread 1: can't grow stack to 0x7FE801FD0
==2561== 
==2561== Process terminating with default action of signal 11 (SIGSEGV)
==2561==  Access not within mapped region at address 0x7FE801FD0
==2561==    at 0x4A1D310: _vgnU_freeres (vg_preloaded.c:56)
==2561== 
==2561== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 27 from 3)
==2561== malloc/free: in use at exit: 8,537,327 bytes in 14,555 blocks.
==2561== malloc/free: 15,101 allocs, 546 frees, 9,428,515 bytes allocated.
==2561== For counts of detected errors, rerun with: -v
==2561== searching for pointers to 14,555 not-freed blocks.
==2561== checked 12,431,728 bytes.
==2561== 
==2561== LEAK SUMMARY:
==2561==    definitely lost: 0 bytes in 0 blocks.
==2561==      possibly lost: 0 bytes in 0 blocks.
==2561==    still reachable: 8,537,327 bytes in 14,555 blocks.
==2561==         suppressed: 0 bytes in 0 blocks.
==2561== Rerun with --leak-check=full to see details of leaked memory.
Speicherzugriffsfehler

Configure args:
$ ./configure --with-config-file-path=/home/www-data/conf --prefix=/home/promyloph/testenv/php --without-openssl --with-curl=/usr --without-pear --with-gd --with-jpeg-dir=/usr --with-png-dir=/usr --with-freetype-dir=/usr --with-gettext=/usr --with-mcrypt --with-mysql=/usr/local/mysql --with-mysqli --with-pdo-mysql=/usr/local/mysql --with-zlib=/usr --with-bz2=/usr --disable-ipv6 --enable-cli --disable-safe-mode --enable-exif --enable-libxml --with-libxml-dir=/usr --enable-session --enable-magic-quotes --disable-sigchild --enable-mbstring --enable-gd-jis-conv --enable-gd-native-ttf --enable-fastcgi --enable-force-cgi-redirect --disable-debug --with-pcre-regex=/usr --disable-posix

$ uname -a
Linux * 2.6.26-2-amd64 #1 SMP Wed Aug 19 22:33:18 UTC 2009 x86_64 GNU/Linux

$ gcc -v
Using built-in specs.
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Debian 4.3.2-1.1' --with-bugurl=file:///usr/share/doc/gcc-4.3/README.Bugs --enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr --enable-shared --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --enable-nls --with-gxx-include-dir=/usr/include/c++/4.3 --program-suffix=-4.3 --enable-clocale=gnu --enable-libstdcxx-debug --enable-objc-gc --enable-mpfr --enable-cld --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu
Thread model: posix
gcc version 4.3.2 (Debian 4.3.2-1.1)
 [2009-09-25 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2009-12-27 12:38 UTC] michael at schmidt2 dot de 
I'm running Solaris 10. On that system it's worse ! Whole system 
freezes. You cannot be serious to let THIS happen.

Please remove this test.

balrog.# php -v
PHP 5.3.1 (cli) (built: Dec 27 2009 12:23:33)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2009 Zend Technologies
balrog.# uname -a
SunOS balrog 5.10 Generic_139555-08 sun4u sparc SUNW,UltraSPARC-IIi-
cEngine
 [2010-09-12 22:59 UTC] thepixeldeveloper at googlemail dot com 
Had this problem recently. The test went into an infinite loop, the machine ran 
out of RAM and died.

Here is the Makefile: http://pastebin.com/inMt4AFX
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 15:01:29 2024 UTC