PHP :: Bug #25107 :: list class produces segfaults

Bug #25107

list class produces segfaults

Submitted:

2003-08-16 06:55 UTC

Modified:

2003-08-16 16:00 UTC

Votes:	2
Avg. Score:	5.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

mop at globalpark dot de

Assigned:

Status:

Not a bug

Package:

Reproducible crash

PHP Version:

5.0.0b1 (beta1)

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

[2003-08-16 06:55 UTC] mop at globalpark dot de

Description:
------------
I could reproduce that on two different computers and with latest 
cvs. the only difference was the number of correct operations. 
 
-------snip------ 
begin 2819 
begin 2820 
begin 2821 
begin 2822 
begin 2823 
begin 2824 
Speicherzugriffsfehler 
-------snip------ 
 
the other computer: 
 
------snip------ 
begin 11626 
begin 11627 
begin 11628 
begin 11629 
begin 11630 
begin 11631 
begin 11632 
Segmentation fault 
------snip------ 
 
these values are always the same on these enviroments. 
 
configure: 
 
configure --prefix=/usr/local/php5 --with-mysql=/usr/local 
 
on the second computer i disabled the whole xml stuff. that's the 
only difference. 

Reproduce code:
---------------
http://www.spaceregents.de/containertest.phps

Expected result:
----------------
$container should point to the first listelement 

Actual result:
--------------
Segfault 
 
Program received signal SIGSEGV, Segmentation fault. 
[Switching to Thread 16384 (LWP 6450)] 
0x401caab0 in thread_self () from /lib/libpthread.so.0 
(gdb) bt 
#0  0x401caab0 in thread_self () from /lib/libpthread.so.0 
#1  0x401caa7b in __errno_location () from /lib/libpthread.so.0 
#2  0x40252d81 in vfprintf () from /lib/libc.so.6 
#3  0x4026d386 in vsprintf () from /lib/libc.so.6 
#4  0x4025c21a in sprintf () from /lib/libc.so.6 
#5  0x0814819c in _convert_to_string (op=0xbfe017a0) at 
/usr/local/download/php-5.0.0b1/Zend/zend_operators.c:507 
#6  0x0814c303 in zend_make_printable_zval (expr=0x8217864, 
expr_copy=0xbfe017a0, use_copy=0xbfe01798) at 
/usr/local/download/php-5.0.0b1/Zend/zend.c:248 
#7  0x0814a19c in concat_function (result=0xbfe018b0, 
op1=0x8218e38, op2=0x8217864) at 
/usr/local/download/php-5.0.0b1/Zend/zend_operators.c:1100 
#8  0x0815cb55 in zend_concat_handler 
(execute_data=0xbfe01a30, op_array=0x82177cc) at 
/usr/local/download/php-5.0.0b1/Zend/zend_execute.c:1344 
#9  0x0815c5c8 in execute (op_array=0x82177cc) at 
/usr/local/download/php-5.0.0b1/Zend/zend_execute.c:1254 
#10 0x0816005b in zend_do_fcall_common_helper 
(execute_data=0xbfe01d10, op_array=0x82177cc) at 
/usr/local/download/php-5.0.0b1/Zend/zend_execute.c:2635 
#11 0x0816028d in zend_do_fcall_by_name_handler 
(execute_data=0xbfe01630, op_array=0x82177cc) at 
/usr/local/download/php-5.0.0b1/Zend/zend_execute.c:2703 
#12 0x0815c5c8 in execute (op_array=0x82177cc) at 
/usr/local/download/php-5.0.0b1/Zend/zend_execute.c:1254 
#13 0x0816005b in zend_do_fcall_common_helper 
(execute_data=0xbfe01ff0, op_array=0x82177cc) at 
/usr/local/download/php-5.0.0b1/Zend/zend_execute.c:2635 
#14 0x0816028d in zend_do_fcall_by_name_handler 
(execute_data=0xbfe01630, op_array=0x82177cc) at 
/usr/local/download/php-5.0.0b1/Zend/zend_execute.c:2703 
#15 0x0815c5c8 in execute (op_array=0x82177cc) at 
/usr/local/download/php-5.0.0b1/Zend/zend_execute.c:1254 
#16 0x0816005b in zend_do_fcall_common_helper 
(execute_data=0xbfe022d0, op_array=0x82177cc) at 
/usr/local/download/php-5.0.0b1/Zend/zend_execute.c:2635 
#17 0x0816028d in zend_do_fcall_by_name_handler 
(execute_data=0xbfe01630, op_array=0x82177cc) at 
/usr/local/download/php-5.0.0b1/Zend/zend_execute.c:2703 
#18 0x0815c5c8 in execute (op_array=0x82177cc) at 
/usr/local/download/php-5.0.0b1/Zend/zend_execute.c:1254 
[...]

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-08-16 10:32 UTC] derick@php.net

Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions. 

Thank you for your interest in PHP.

You have infinite recursion in your program as you can see from the backtrace. PHP will not catch this, and it's clearly a problem on your side.

[2003-08-16 15:43 UTC] mop at globalpark dot de

it is NOT infinite....it is just a long recursion because i am creating 
a really long list (40000 objects in this case). once the list is 
complete i want to move to the begin of the list. which means to 
enter that function 40000 times. when you try it with for example 
10 entries it works like a charm.

[2003-08-16 16:00 UTC] derick@php.net

40.000 is too much anyway, try this in C, it will most likely crash too. There is just a finite amount of stack memory available which you simply can not exceed or a program will crash. This is not a bug, but a different (and IMO wrong) way of programming... . I suggest to try iteration instead of recursion.

[2003-08-27 13:29 UTC] wagner at globalpark dot de

Whatever a script does, PHP should never ever crash.
A fatal error is ok, a segfault is not.
Even if a recursion with a depth of 40000 is something PHP can't handle, this bug is IMO not bogus.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2026 The PHP Group All rights reserved.	Last updated: Wed Apr 08 09:00:01 2026 UTC