php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #24184 PHP crashes/hangs webserver
Submitted: 2003-06-14 10:24 UTC Modified: 2003-06-16 10:55 UTC
From: blueroom at digitalmente dot net Assigned: zeev (profile)
Status: Closed Package: Reproducible crash
PHP Version: 4.3.2 OS: Windows 2000
Private report: No CVE-ID: None
 [2003-06-14 10:24 UTC] blueroom at digitalmente dot net
Description:
------------
PHP crashes/hangs webserver for unkown reason (hitting a memory limit?)

Reproduce code:
---------------
/*
This problem was accidentaly found when trying to 
find the fastest method of filling up an array (using [], array_push, etcetera). When lowering the number of objects in the array (60000, 50000), the crash doesn't occur.
*/
class object {
	var $var1;
	var $var2;
	var $var3;

	function object() {
		$var1= 'blah';
		$var2= 'bleh';
		$var3= 'blih';
	}
}

$object= new object;

for($index= 0; $index<70000; $index++) $array[]= $object;

Expected result:
----------------
Well, I'd expect it not to crash :)

Actual result:
--------------
When using Apache, you get a "apache.exe has generated errors blablabla error" for the current request. Apache still functions for any other subsequent requests.

When using IIS, it simply hangs dead, not returning any data.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-06-14 10:42 UTC] helly@php.net
Please try it with exactly 65534, 65535, 65536 and 65537 entries.
 [2003-06-14 11:31 UTC] elmicha@php.net
Here on Linux, it's fine with $index<65535, but with $index<65536, I get:

[Sat Jun 14 18:27:36 2003]  Script:  '/home/elmicha/php/bug24184.php'
---------------------------------------
/usr/local/src/php-4.3.2/Zend/zend_execute.h(44) : Block 0x084E4298 status:
Beginning:  	Overrun (magic=0x084D9D88, expected=0x7312F8DC)
      End:	Unknown
---------------------------------------

No core dump, though. The same happens without a class involved:

<?php
$no_object = "abc";
for($index= 0; $index<65536; $index++) 
  $array[] = $no_object;
?>

No problems here with:

<?php
for($index= 0; $index<65536; $index++) 
  $array[] = "abc";
?>

And no problems with:

<?php
for($index= 0; $index<65536; $index++) 
  $array[] = $index;
?>



 [2003-06-14 12:38 UTC] blueroom at digitalmente dot net
$index < ...

65534 - OK
65535 - OK
65536 - Crash/hang
66537 - Crash/hang

(using the original code with the object)

Integer overflow problem, it seems :)
 [2003-06-14 13:01 UTC] sniper@php.net
With PHP 5.0.0-dev (ZE2) it doesn't seem to leak,
propably won't even crash either (on win32).

 [2003-06-14 13:28 UTC] sniper@php.net
See bug #23132. (Actually in ZE2 you can just have more entries.. :)

 [2003-06-16 09:24 UTC] blueroom at digitalmente dot net
Well, I can understand that the bug is marked as bugs and won't be fixed until the release of PHP 5, but shouldn't at least an exception be added to throw a fatal error instead of crashing upon meeting the >64K references condition?
 [2003-06-16 10:27 UTC] sniper@php.net
Good point. Zeev, is it possible..?

 [2003-06-16 10:55 UTC] zeev@php.net
No, not possible...
 
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Thu Feb 02 18:04:01 2023 UTC