|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #24184 PHP crashes/hangs webserver
Submitted: 2003-06-14 10:24 UTC Modified: 2003-06-16 10:55 UTC
From: blueroom at digitalmente dot net Assigned: zeev (profile)
Status: Closed Package: Reproducible crash
PHP Version: 4.3.2 OS: Windows 2000
Private report: No CVE-ID: None
 [2003-06-14 10:24 UTC] blueroom at digitalmente dot net
PHP crashes/hangs webserver for unkown reason (hitting a memory limit?)

Reproduce code:
This problem was accidentaly found when trying to 
find the fastest method of filling up an array (using [], array_push, etcetera). When lowering the number of objects in the array (60000, 50000), the crash doesn't occur.
class object {
	var $var1;
	var $var2;
	var $var3;

	function object() {
		$var1= 'blah';
		$var2= 'bleh';
		$var3= 'blih';

$object= new object;

for($index= 0; $index<70000; $index++) $array[]= $object;

Expected result:
Well, I'd expect it not to crash :)

Actual result:
When using Apache, you get a "apache.exe has generated errors blablabla error" for the current request. Apache still functions for any other subsequent requests.

When using IIS, it simply hangs dead, not returning any data.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2003-06-14 10:42 UTC]
Please try it with exactly 65534, 65535, 65536 and 65537 entries.
 [2003-06-14 11:31 UTC]
Here on Linux, it's fine with $index<65535, but with $index<65536, I get:

[Sat Jun 14 18:27:36 2003]  Script:  '/home/elmicha/php/bug24184.php'
/usr/local/src/php-4.3.2/Zend/zend_execute.h(44) : Block 0x084E4298 status:
Beginning:  	Overrun (magic=0x084D9D88, expected=0x7312F8DC)
      End:	Unknown

No core dump, though. The same happens without a class involved:

$no_object = "abc";
for($index= 0; $index<65536; $index++) 
  $array[] = $no_object;

No problems here with:

for($index= 0; $index<65536; $index++) 
  $array[] = "abc";

And no problems with:

for($index= 0; $index<65536; $index++) 
  $array[] = $index;

 [2003-06-14 12:38 UTC] blueroom at digitalmente dot net
$index < ...

65534 - OK
65535 - OK
65536 - Crash/hang
66537 - Crash/hang

(using the original code with the object)

Integer overflow problem, it seems :)
 [2003-06-14 13:01 UTC]
With PHP 5.0.0-dev (ZE2) it doesn't seem to leak,
propably won't even crash either (on win32).

 [2003-06-14 13:28 UTC]
See bug #23132. (Actually in ZE2 you can just have more entries.. :)

 [2003-06-16 09:24 UTC] blueroom at digitalmente dot net
Well, I can understand that the bug is marked as bugs and won't be fixed until the release of PHP 5, but shouldn't at least an exception be added to throw a fatal error instead of crashing upon meeting the >64K references condition?
 [2003-06-16 10:27 UTC]
Good point. Zeev, is it possible..?

 [2003-06-16 10:55 UTC]
No, not possible...
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Thu Feb 02 18:04:01 2023 UTC