|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2014-08-27 20:17 UTC] nikic@php.net
[2014-08-27 20:17 UTC] nikic@php.net
-Status: Open
+Status: Closed
[2014-08-27 20:24 UTC] nikic@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Nov 21 13:01:29 2024 UTC |
Description: ------------ PHP version was from a pull of the 5.6 branch this morning. sapi/cli/php -v PHP 5.6.1-dev (cli) (built: Aug 27 2014 11:35:34) (DEBUG) Configured with --disable-all --enable-debug --enable-bcmath and --with-gmp I believe there may be a refcount issue with either the shift-left-assign or or-assign operators. I can reliably exhaust available memory with a function using these operators. In the provided script import() works as intended and does not use the assign-ops, whereas import2() uses assign-ops and causes memory exhaustion. Test script: --------------- function import($bin) { $c = unpack('C*', $bin); $i = count($c); $ret = gmp_init($c[$i--]); while ($i > 0) { $ret = ($ret << 8) | $c[$i--]; } return $ret; } function import2($bin) { $c = unpack('C*', $bin); $i = count($c); $ret = gmp_init($c[$i--]); while ($i > 0) { $ret <<= 8; $ret |= $c[$i--]; } return $ret; } print "import 1 x 10000\n"; for ($i = 0; $i < 10000; $i++) { import(str_repeat('a', 100)); } print "import 2 x 10000\n"; for ($i = 0; $i < 10000; $i++) { import2(str_repeat('a', 100)); } Expected result: ---------------- import 1 x 10000 import 2 x 10000 Process finished with exit code 0 Actual result: -------------- import 1 x 10000 import 2 x 10000 Fatal error: Allowed memory size of 134217728 bytes exhausted at gmp.c:384 (tried to allocate 48 bytes) in test.php on line 24 Process finished with exit code 255