php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #75636 Stack overflow during garbage collection
Submitted: 2017-12-06 05:49 UTC Modified: 2018-03-10 17:21 UTC
Votes:4
Avg. Score:3.8 ± 0.8
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:0 (0.0%)
From: benoit dot david at free dot fr Assigned:
Status: Open Package: Reproducible crash
PHP Version: 7.2.0 OS: Docker Version 17.09.0
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: benoit dot david at free dot fr
New email:
PHP Version: OS:

 

 [2017-12-06 05:49 UTC] benoit dot david at free dot fr 
Description:
------------
The test script below works fine for 10 iterations but crashes (Segmentation fault) for 400000 iterations while it shouldn't crash.

Uses Php 7.2 on docker (Version 17.09.0-ce-mac35 (19611))
with no extension.

Test script:
---------------
<?php
class Lim {
  public $id;
  public $inv;
  public $fi;
  function __construct($id) { $this->id = $id; $this->inv = new Inv($this); }
};

class Inv {
  public $inv;
  public $fi;
  function __construct($inv) { $this->inv = $inv; }
}

$max = 400000;
//$max = 10;

$lim0 = new Lim(0);
$limp = $lim0;
for ($i=1; $i<$max; $i++) {
  $lim = new Lim($i);
  $lim->fi = $limp->inv;
  $limp->inv->fi = $lim;
  $limp = $lim;
}



Expected result:
----------------
The above script should not crash for 400000 iterations.

Actual result:
--------------
The above script crashes for 400000 iterations.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-12-08 18:47 UTC] ab@php.net
-Status: Open +Status: Feedback
 [2017-12-08 18:47 UTC] ab@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.
 [2017-12-10 09:04 UTC] benoit dot david at free dot fr
-Status: Feedback +Status: Open
 [2017-12-10 09:04 UTC] benoit dot david at free dot fr 
Here is the backtrace from gdb:
#0  0x0000563b94600d95 in gc_mark_grey (
    ref=<error reading variable: Cannot access memory at address 0x7ffd2031bfe8>)
    at /usr/local/src/php-7.2.0/Zend/zend_gc.c:477
#1  0x0000563b94600efc in gc_mark_grey (ref=0x7f1bed1b2460)
    at /usr/local/src/php-7.2.0/Zend/zend_gc.c:511
 [2017-12-16 21:10 UTC] nikic@php.net 
Stack overflow in GC -- we should have a duplicate for this somewhere. The closest I could find is bug #68606, which is not quite the same.
 [2018-03-10 17:21 UTC] nikic@php.net
-Summary: php crashes with too many objects +Summary: Stack overflow during garbage collection
 [2018-03-10 17:22 UTC] nikic@php.net 
Related To: Bug #76080
 [2022-11-28 06:26 UTC] barrykaauamo125 at gmail dot com 
This article is truly astounding. Appreciative for sharing such mind blowing information. (https://www.my-loyola.com/)github.com
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Nov 23 10:01:28 2024 UTC