PHP :: Bug #49823 :: Segmentation fault after infinite recursion loop, affects <= 5.2.11

Bug #49823	Segmentation fault after infinite recursion loop, affects <= 5.2.11
Submitted:	2009-10-09 14:27 UTC	Modified:	2009-10-09 14:31 UTC
From:	radek dot karpowicz at gmail dot com	Assigned:
Status:	Not a bug	Package:	Reproducible crash
PHP Version:	5.2.11	OS:	Gentoo/Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	radek dot karpowicz at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2009-10-09 14:27 UTC] radek dot karpowicz at gmail dot com

Description:
------------
After running php into infinite recursion loop by defining function and executing it, binary will output segmentation fault.

Same bug here: #15522

http://bugs.php.net/bug.php?id=15522

Why it's not patched since 4.1.1?

Reproduce code:
---------------
<?php
function foo() {

  foo();
}

foo();
?>

Expected result:
----------------
Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 261900 bytes) in /bug.php on line 4

Actual result:
--------------
Segmentation fault

GDB Trace:

Starting program: /php-5.2.11/sapi/cli/php -f /bug.php
[Thread debugging using libthread_db enabled]
[New Thread 0xb7be16c0 (LWP 832)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7be16c0 (LWP 832)]
0x082d8a25 in zend_mm_check_ptr (heap=0x845f1d8, ptr=0x852040c, silent=1, __zend_filename=0x8432a34 "/php-5.2.11/Zend/zend_vm_execute.h", __zend_lineno=766, __zend_orig_filename=0x0, __zend_orig_lineno=0)
    at /home/radekk/tmp/php-5.2.11/Zend/zend_alloc.c:1439
1439			if (memcmp(end_magic, &_mem_block_end_magic, END_MAGIC_SIZE)==0) {

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-10-09 14:28 UTC] pajoye@php.net

See the other bug reports about that to get an explanation > bogus.

[2009-10-09 14:31 UTC] radek dot karpowicz at gmail dot com

There should be something like max_depth_level for functions... In php 5.3 it works fine.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Apr 03 11:01:30 2025 UTC