PHP :: Bug #63434 :: Segfault if apc.shm_strings_buffer excceed apc.shm

Bug #63434	Segfault if apc.shm_strings_buffer excceed apc.shm_size
Submitted:	2012-11-04 05:47 UTC	Modified:	2014-02-11 10:19 UTC
From:	laruence@php.net	Assigned:	laruence (profile)
Status:	Closed	Package:	APC (PECL)
PHP Version:	5.4.8	OS:
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	laruence@php.net
New email:
PHP Version:		OS:

New Comment:

[2012-11-04 05:47 UTC] laruence@php.net

Description:
------------
if apc.shm_strings_buffer excceed apc.shm_size  

then interned_strings will fail at memory allocating.

but apc_new_interned_string dosen't check that


Test script:
---------------
php54 -d apc.shm_size=1M -d apc.shm_strings_buffer=2M index.php

index.php
----------------
<?php
file_put_contents(__FILE__ . ".tmp", "<?php return array('xxx' => 'xxx'); ?>");
include(__FILE__ . ".tmp");

Expected result:
----------------
no seg

Actual result:
--------------
#0  0x00002b53f9e54c98 in apc_new_interned_string (arKey=0x2b53f67464d0 
"/tmp/1.php", nKeyLength=11)
    at /home/huixinchen/opensource/pecl/apc/apc_string.c:77
77	    if (arKey >= APCSG(interned_strings_start) && arKey < 
APCSG(interned_strings_end)) {
(gdb) bt
#0  0x00002b53f9e54c98 in apc_new_interned_string (arKey=0x2b53f67464d0 
"/tmp/1.php", nKeyLength=11)
    at /home/huixinchen/opensource/pecl/apc/apc_string.c:77
#1  0x00002b53f9e42657 in apc_string_pmemcpy (str=0x2b53f67464d0 "/tmp/1.php", 
len=11, pool=0x2b53fa6da268)
    at /home/huixinchen/opensource/pecl/apc/apc_compile.c:292
#2  0x00002b53f9e42929 in my_copy_zval (dst=0x2b53fa6da400, src=0x2b53f670b108, 
ctxt=0x7fff7b39db20)
    at /home/huixinchen/opensource/pecl/apc/apc_compile.c:349
#3  0x00002b53f9e44ba9 in apc_copy_op_array (dst=0x2b53fa6da2f8, 
src=0x2b53f6709c40, ctxt=0x7fff7b39db20)
    at /home/huixinchen/opensource/pecl/apc/apc_compile.c:1215

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-11-04 06:23 UTC] laruence@php.net

Automatic comment from SVN on behalf of laruence
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=328229
Log: Fixed bug #63434 (Segfault if apc.shm_strings_buffer excceed apc.shm_size)

It's a little weird, I can not make a expect segfault phpt.

[2012-11-04 06:23 UTC] laruence@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: laruence

[2012-11-04 06:23 UTC] laruence@php.net

The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

[2012-11-05 06:44 UTC] laruence@php.net

Automatic comment from SVN on behalf of laruence
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=328241
Log: Add test for #63434
Add warning message for interned string buffer startup failed

however, I am not sure whether the warning message is proper. could somebody confirm that?

thanks

[2012-11-05 06:47 UTC] laruence@php.net

I Add warning message for interned string buffer startup failed

however, I am not sure whether the warning message is proper. could somebody 
confirm that?

thanks

http://svn.php.net/viewvc?view=revision&revision=328241

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri May 09 13:01:28 2025 UTC