|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2017-11-02 20:26 UTC] nikic@php.net
-Status: Open
+Status: Closed
-Assigned To:
+Assigned To: nikic
[2017-11-02 20:26 UTC] nikic@php.net
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Fri Jul 04 17:01:35 2025 UTC |
Description: ------------ PHP version: 5.6.30 Configure line: ./configure --disable-rpath --with-layout=GNU --with-pic --enable-static=no --prefix=/usr --with-pear=/usr/lib/pear --datarootdir=/usr/share --with-config-file-path=/usr/etc --with-config-file-scan-dir=/usr/etc/conf.d I'd like to report possible bug in Zend MM, which causes crash on request shutdown. This issue is easily reproducible if you try to allocate more memory than specified in memory_limit directive. Tested also on Mac OS X 10.12.4 (Sierra) with same result. Test script: --------------- <?php error_reporting(E_ALL); ini_set('display_errors', 0); ini_set('memory_limit', '512M'); for($x=0;$x<100000000;$x++) $array[$x]=$x; ?> Expected result: ---------------- No output on stdout Script exited with code 0 Actual result: -------------- Output on stdout: Segmentation fault Script exited with code 139 Valgrind output: ==28140== Invalid read of size 4 ==28140== at 0xA8C634: zval_delref_p (zend.h:411) ==28140== by 0xA8C634: i_zval_ptr_dtor (zend_execute.h:76) ==28140== by 0xA8C634: _zval_ptr_dtor (zend_execute_API.c:424) ==28140== by 0xAAFB4F: i_zend_hash_bucket_delete (zend_hash.c:182) ==28140== by 0xAAFB4F: zend_hash_bucket_delete (zend_hash.c:192) ==28140== by 0xAAFB4F: zend_hash_graceful_reverse_destroy (zend_hash.c:613) ==28140== by 0xA8CC55: shutdown_executor (zend_execute_API.c:244) ==28140== by 0xA9EE55: zend_deactivate (zend.c:960) ==28140== by 0xA2EB6F: php_request_shutdown (main.c:1899) ==28140== by 0xB5807E: do_cli (php_cli.c:1181) ==28140== by 0x463542: main (php_cli.c:1382) ==28140== Address 0x2a1ec220 is 261,984 bytes inside a block of size 262,144 free'd ==28140== at 0x4C2C14B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==28140== by 0xA71740: zend_mm_del_segment (zend_alloc.c:928) ==28140== by 0xA71740: _zend_mm_free_int (zend_alloc.c:2115) ==28140== by 0xA71740: _efree (zend_alloc.c:2440) ==28140== by 0xAAF7FD: zend_hash_destroy (zend_hash.c:553) ==28140== by 0xA9DD8A: _zval_dtor_func (zend_variables.c:45) ==28140== by 0xA8C67F: _zval_dtor (zend_variables.h:35) ==28140== by 0xA8C67F: i_zval_ptr_dtor (zend_execute.h:79) ==28140== by 0xA8C67F: _zval_ptr_dtor (zend_execute_API.c:424) ==28140== by 0xAAFB4F: i_zend_hash_bucket_delete (zend_hash.c:182) ==28140== by 0xAAFB4F: zend_hash_bucket_delete (zend_hash.c:192) ==28140== by 0xAAFB4F: zend_hash_graceful_reverse_destroy (zend_hash.c:613) ==28140== by 0xA8CC55: shutdown_executor (zend_execute_API.c:244) ==28140== by 0xA9EE55: zend_deactivate (zend.c:960) ==28140== by 0xA2EB6F: php_request_shutdown (main.c:1899) ==28140== by 0xB5807E: do_cli (php_cli.c:1181) ==28140== by 0x463542: main (php_cli.c:1382) ==28140== Block was alloc'd at ==28140== at 0x4C2AF1F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==28140== by 0xA6E8FF: _zend_mm_alloc_int (zend_alloc.c:1982) ==28140== by 0xAE7DDA: ZEND_POST_INC_SPEC_CV_HANDLER (zend_vm_execute.h:30867) ==28140== by 0xADFA1D: execute_ex (zend_vm_execute.h:363) ==28140== by 0x167162E6: zend_oe (in /usr/local/php56/modules/ZendGuardLoader.so) ==28140== by 0x164B3BEB: ??? (in /usr/local/php56/modules/ioncube_loader_lin_5.6.so) ==28140== by 0xAA0770: zend_execute_scripts (zend.c:1341) ==28140== by 0xA2FFF2: php_execute_script (main.c:2613) ==28140== by 0xB58D2E: do_cli (php_cli.c:998) ==28140== by 0x463542: main (php_cli.c:1382) ==28140== ==28140== Invalid write of size 4 ==28140== at 0xA8C63C: zval_delref_p (zend.h:411) ==28140== by 0xA8C63C: i_zval_ptr_dtor (zend_execute.h:76) ==28140== by 0xA8C63C: _zval_ptr_dtor (zend_execute_API.c:424) ==28140== by 0xAAFB4F: i_zend_hash_bucket_delete (zend_hash.c:182) ==28140== by 0xAAFB4F: zend_hash_bucket_delete (zend_hash.c:192) ==28140== by 0xAAFB4F: zend_hash_graceful_reverse_destroy (zend_hash.c:613) ==28140== by 0xA8CC55: shutdown_executor (zend_execute_API.c:244) ==28140== by 0xA9EE55: zend_deactivate (zend.c:960) ==28140== by 0xA2EB6F: php_request_shutdown (main.c:1899) ==28140== by 0xB5807E: do_cli (php_cli.c:1181) ==28140== by 0x463542: main (php_cli.c:1382) ==28140== Address 0x2a1ec220 is 261,984 bytes inside a block of size 262,144 free'd ==28140== at 0x4C2C14B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==28140== by 0xA71740: zend_mm_del_segment (zend_alloc.c:928) ==28140== by 0xA71740: _zend_mm_free_int (zend_alloc.c:2115) ==28140== by 0xA71740: _efree (zend_alloc.c:2440) ==28140== by 0xAAF7FD: zend_hash_destroy (zend_hash.c:553) ==28140== by 0xA9DD8A: _zval_dtor_func (zend_variables.c:45) ==28140== by 0xA8C67F: _zval_dtor (zend_variables.h:35) ==28140== by 0xA8C67F: i_zval_ptr_dtor (zend_execute.h:79) ==28140== by 0xA8C67F: _zval_ptr_dtor (zend_execute_API.c:424) ==28140== by 0xAAFB4F: i_zend_hash_bucket_delete (zend_hash.c:182) ==28140== by 0xAAFB4F: zend_hash_bucket_delete (zend_hash.c:192) ==28140== by 0xAAFB4F: zend_hash_graceful_reverse_destroy (zend_hash.c:613) ==28140== by 0xA8CC55: shutdown_executor (zend_execute_API.c:244) ==28140== by 0xA9EE55: zend_deactivate (zend.c:960) ==28140== by 0xA2EB6F: php_request_shutdown (main.c:1899) ==28140== by 0xB5807E: do_cli (php_cli.c:1181) ==28140== by 0x463542: main (php_cli.c:1382) ==28140== Block was alloc'd at ==28140== at 0x4C2AF1F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==28140== by 0xA6E8FF: _zend_mm_alloc_int (zend_alloc.c:1982) ==28140== by 0xAE7DDA: ZEND_POST_INC_SPEC_CV_HANDLER (zend_vm_execute.h:30867) ==28140== by 0xADFA1D: execute_ex (zend_vm_execute.h:363) ==28140== by 0x167162E6: zend_oe (in /usr/local/php56/modules/ZendGuardLoader.so) ==28140== by 0x164B3BEB: ??? (in /usr/local/php56/modules/ioncube_loader_lin_5.6.so) ==28140== by 0xAA0770: zend_execute_scripts (zend.c:1341) ==28140== by 0xA2FFF2: php_execute_script (main.c:2613) ==28140== by 0xB58D2E: do_cli (php_cli.c:998) ==28140== by 0x463542: main (php_cli.c:1382) ==28140== ==28140== Invalid read of size 1 ==28140== at 0xA8C665: gc_zval_check_possible_root (zend_gc.h:182) ==28140== by 0xA8C665: i_zval_ptr_dtor (zend_execute.h:86) ==28140== by 0xA8C665: _zval_ptr_dtor (zend_execute_API.c:424) ==28140== by 0xAAFB4F: i_zend_hash_bucket_delete (zend_hash.c:182) ==28140== by 0xAAFB4F: zend_hash_bucket_delete (zend_hash.c:192) ==28140== by 0xAAFB4F: zend_hash_graceful_reverse_destroy (zend_hash.c:613) ==28140== by 0xA8CC55: shutdown_executor (zend_execute_API.c:244) ==28140== by 0xA9EE55: zend_deactivate (zend.c:960) ==28140== by 0xA2EB6F: php_request_shutdown (main.c:1899) ==28140== by 0xB5807E: do_cli (php_cli.c:1181) ==28140== by 0x463542: main (php_cli.c:1382) ==28140== Address 0x2a1ec224 is 261,988 bytes inside a block of size 262,144 free'd ==28140== at 0x4C2C14B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==28140== by 0xA71740: zend_mm_del_segment (zend_alloc.c:928) ==28140== by 0xA71740: _zend_mm_free_int (zend_alloc.c:2115) ==28140== by 0xA71740: _efree (zend_alloc.c:2440) ==28140== by 0xAAF7FD: zend_hash_destroy (zend_hash.c:553) ==28140== by 0xA9DD8A: _zval_dtor_func (zend_variables.c:45) ==28140== by 0xA8C67F: _zval_dtor (zend_variables.h:35) ==28140== by 0xA8C67F: i_zval_ptr_dtor (zend_execute.h:79) ==28140== by 0xA8C67F: _zval_ptr_dtor (zend_execute_API.c:424) ==28140== by 0xAAFB4F: i_zend_hash_bucket_delete (zend_hash.c:182) ==28140== by 0xAAFB4F: zend_hash_bucket_delete (zend_hash.c:192) ==28140== by 0xAAFB4F: zend_hash_graceful_reverse_destroy (zend_hash.c:613) ==28140== by 0xA8CC55: shutdown_executor (zend_execute_API.c:244) ==28140== by 0xA9EE55: zend_deactivate (zend.c:960) ==28140== by 0xA2EB6F: php_request_shutdown (main.c:1899) ==28140== by 0xB5807E: do_cli (php_cli.c:1181) ==28140== by 0x463542: main (php_cli.c:1382) ==28140== Block was alloc'd at ==28140== at 0x4C2AF1F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==28140== by 0xA6E8FF: _zend_mm_alloc_int (zend_alloc.c:1982) ==28140== by 0xAE7DDA: ZEND_POST_INC_SPEC_CV_HANDLER (zend_vm_execute.h:30867) ==28140== by 0xADFA1D: execute_ex (zend_vm_execute.h:363) ==28140== by 0x167162E6: zend_oe (in /usr/local/php56/modules/ZendGuardLoader.so) ==28140== by 0x164B3BEB: ??? (in /usr/local/php56/modules/ioncube_loader_lin_5.6.so) ==28140== by 0xAA0770: zend_execute_scripts (zend.c:1341) ==28140== by 0xA2FFF2: php_execute_script (main.c:2613) ==28140== by 0xB58D2E: do_cli (php_cli.c:998) ==28140== by 0x463542: main (php_cli.c:1382)