PHP :: Bug #62825 :: php carshed OR return PHP Fatal error when used apc_bin_dump after apc

Bug #62825	php carshed OR return PHP Fatal error when used apc_bin_dump after apc_store
Submitted:	2012-08-15 11:12 UTC	Modified:	2012-08-15 16:55 UTC
From:	cfc4n at cnxct dot com	Assigned:	laruence (profile)
Status:	Closed	Package:	APC (PECL)
PHP Version:	5.3.15	OS:	ubuntu 12.04
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	cfc4n at cnxct dot com
New email:
PHP Version:		OS:

New Comment:

[2012-08-15 11:12 UTC] cfc4n at cnxct dot com

Description:
------------
apc.serializer=php

1,Save a array use apc_store function .
2,Dump bin file with apc_bin_dumpfile .

It's return a fatal error like this:
Fatal error: apc_bin_dumpfile(): Exceeded bounds check in apc_bd_alloc_ex by 
-389486716 bytes. in /home/cfc4n/a.php on line 3

Some times it's carshed.But it can not be reproduced.

Test script:
---------------
1.php
<?php
$array = array('aa'=>'xxxxx','bb'=>'sasdasdasd');
apc_store('arr',$array);
?>


a.php
<?php
$array = array('aa'=>'xxxxx','bb'=>'sasdasdasd');
apc_store('arr',$array);
$arr = array('1.php');
apc_bin_dumpfile($arr,null,'1.bin');
?>

Expected result:
----------------
working.

Actual result:
--------------
#0  0xb70e0429 in ?? () from /lib/i386-linux-gnu/libc.so.6
#1  0xb6b32c8d in my_copy_hashtable_ex (dst=0xb36ec814, src=0xb54007e0, 
copy_fn=0xb6b3d0a0 <my_copy_zval_ptr>, holds_ptrs=1, ctxt=0xbf9848a8, 
check_fn=0) at /usr/include/i386-linux-gnu/bits/string3.h:85
#2  0xb6b33038 in my_copy_zval (dst=0xb36ec804, src=0xb54005f8, ctxt=0xbf9848a8) 
at /data/htdocs/release/pecl_apc/apc_compile.c:357
#3  0xb6b4821a in apc_bin_dump (files=0x967fd3c, user_vars=0x0) at 
/data/htdocs/release/pecl_apc/apc_bin.c:737
#4  0xb6b3883b in zif_apc_bin_dumpfile (ht=3, return_value=0x9682968, 
return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at 
/data/htdocs/release/pecl_apc/php_apc.c:1426
#5  0x0839614a in ?? ()
#6  0x083454fe in execute ()
#7  0x0831e1c9 in zend_execute_scripts ()
#8  0x082c48ae in php_execute_script ()
#9  0x0806a7e6 in ?? ()
#10 0xb6fc94d3 in __libc_start_main () from /lib/i386-linux-gnu/libc.so.6
#11 0x0806afa1 in _start ()
(gdb) f 1
#1  0xb6b32c8d in my_copy_hashtable_ex (dst=0xb36ec814, src=0xb54007e0, 
copy_fn=0xb6b3d0a0 <my_copy_zval_ptr>, holds_ptrs=1, ctxt=0xbf9848a8, 
check_fn=0) at /usr/include/i386-linux-gnu/bits/string3.h:85
85        return __builtin___memset_chk (__dest, __ch, __len, __bos0 (__dest));

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-08-15 11:19 UTC] laruence@php.net

assign to me. it's a big work...

[2012-08-15 11:19 UTC] laruence@php.net

-Assigned To: +Assigned To: laruence

[2012-08-15 16:40 UTC] laruence@php.net

Automatic comment from SVN on behalf of laruence
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=327136
Log: Refactor apc_bin_dump with user cache data(which should never works well with complex data type before)
This also fixed bug #62825 (php carshed OR return PHP Fatal error when used apc_bin_dump after apc_store)
Add myself as maintainer(author) of apc_bin.c

[2012-08-15 16:55 UTC] laruence@php.net

-Status: Assigned +Status: Closed

[2012-08-15 16:55 UTC] laruence@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 17:01:32 2024 UTC