php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #50481 Storing many SPLFixedArray in an array crashes
Submitted: 2009-12-15 14:23 UTC Modified: 2010-08-09 01:56 UTC
Votes:6
Avg. Score:5.0 ± 0.0
Reproduced:5 of 5 (100.0%)
Same Version:3 (60.0%)
Same OS:3 (60.0%)
From: simon dot nuttall at gmail dot com Assigned: felipe (profile)
Status: Closed Package: SPL related
PHP Version: 5.3.1 OS: Debian Linux www 2.6.26.2
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: simon dot nuttall at gmail dot com
New email:
PHP Version: OS:

 

 [2009-12-15 14:23 UTC] simon dot nuttall at gmail dot com 
Description:
------------
The script generates a segmentation fault when $count > 9992.

I have tried it on three machines, and on one the problem only occurs when $count > 9995.


Reproduce code:
---------------
$count = 9993;

$cache = array();

for($i = 0; $i < $count ; $i++) {

  $cache[$i] = new SplFixedArray(1);

}

echo 'Cache count: ' . count($cache);


Expected result:
----------------
Cache count: 9993

Actual result:
--------------
[Tue Dec 15 13:42:57 2009] [notice] child pid 10685 exit signal Segmentation fault (11)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-12-15 14:58 UTC] felipe@php.net 
Program received signal SIGSEGV, Segmentation fault.
0x08543bad in gc_remove_from_buffer (zv=0x892722e, tsrm_ls=0x8925078) at /home/felipe/dev/php5/Zend/zend_gc.h:189
189		root->next->prev = root->prev;
(gdb) bt
#0  0x08543bad in gc_remove_from_buffer (zv=0x892722e, tsrm_ls=0x8925078) at /home/felipe/dev/php5/Zend/zend_gc.h:189
#1  gc_remove_zval_from_buffer (zv=0x892722e, tsrm_ls=0x8925078) at /home/felipe/dev/php5/Zend/zend_gc.c:265
#2  0x0850c5f4 in _zval_ptr_dtor (zval_ptr=0x8ac8d2c, __zend_filename=0x88f20d4 "/home/felipe/dev/php5/Zend/zend_variables.c", __zend_lineno=175)
    at /home/felipe/dev/php5/Zend/zend_execute_API.c:434
#3  0x0851bfbb in _zval_ptr_dtor_wrapper (zval_ptr=0x8ac8d2c) at /home/felipe/dev/php5/Zend/zend_variables.c:175
#4  0x0852da55 in _zend_hash_index_update_or_next_insert (ht=0x8ac9d08, h=0, pData=0x892723c, nDataSize=4, pDest=0x0, flag=1, 
    __zend_filename=0x889aa4c "/home/felipe/dev/php5/ext/spl/spl_fixedarray.c", __zend_lineno=161) at /home/felipe/dev/php5/Zend/zend_hash.c:374
#5  0x083487b9 in spl_fixedarray_object_get_properties (obj=0x8ac9b90, tsrm_ls=0x8925078) at /home/felipe/dev/php5/ext/spl/spl_fixedarray.c:161
#6  0x08543d21 in zval_scan_black (pz=0x8ac9b90, tsrm_ls=0x8925078) at /home/felipe/dev/php5/Zend/zend_gc.c:285
#7  0x08543de4 in zval_scan_black (pz=0x8ac9b90, tsrm_ls=0x8925078) at /home/felipe/dev/php5/Zend/zend_gc.c:302
#8  0x08544453 in zval_scan (pz=0x8ac85ac, tsrm_ls=0x8925078) at /home/felipe/dev/php5/Zend/zend_gc.c:435
#9  0x085447c8 in gc_scan_roots (tsrm_ls=0x8925078) at /home/felipe/dev/php5/Zend/zend_gc.c:511
#10 0x08544d87 in gc_collect_cycles (tsrm_ls=0x8925078) at /home/felipe/dev/php5/Zend/zend_gc.c:629
#11 0x085436d3 in gc_zval_possible_root (zv=0x8ac5618, tsrm_ls=0x8925078) at /home/felipe/dev/php5/Zend/zend_gc.c:166
#12 0x0850c6ad in gc_zval_check_possible_root (zval_ptr=0x892adb0, __zend_filename=0x88dd638 "/home/felipe/dev/php5/main/main.c", __zend_lineno=1590)
    at /home/felipe/dev/php5/Zend/zend_gc.h:183
#13 _zval_ptr_dtor (zval_ptr=0x892adb0, __zend_filename=0x88dd638 "/home/felipe/dev/php5/main/main.c", __zend_lineno=1590)
    at /home/felipe/dev/php5/Zend/zend_execute_API.c:445
#14 0x08498f88 in php_request_shutdown (dummy=0x0) at /home/felipe/dev/php5/main/main.c:1590
#15 0x085fecc5 in main (argc=2, argv=0xbffff6a4) at /home/felipe/dev/php5/sapi/cli/php_cli.c:1373
 [2010-04-25 06:32 UTC] colder@php.net
-Status: Verified +Status: Feedback
 [2010-04-25 06:32 UTC] colder@php.net 
Please try using this snapshot:

  http://snaps.php.net/php5.3-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/
 [2010-06-11 00:32 UTC] jan-phpbug at kantert dot net 
I can verify this on php 5.3.2 (Stock Ubuntu 10.04) and in php 5.3 latest (10.06.2010) on amd64. 2.6.32-22-server.
 [2010-08-09 01:56 UTC] felipe@php.net 
Automatic comment from SVN on behalf of felipe
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=302011
Log: - Fixed bug #50481 (Storing many SPLFixedArray in an array crashes)
 [2010-08-09 01:56 UTC] felipe@php.net
-Status: Feedback +Status: Closed -Assigned To: +Assigned To: felipe
 [2010-08-09 01:56 UTC] felipe@php.net 
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 14:01:29 2024 UTC