php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #25607 Crash of PHP 4.3.x, having a big array
Submitted: 2003-09-19 12:46 UTC Modified: 2003-09-19 21:50 UTC
From: php at burnsystems dot de Assigned:
Status: Wont fix Package: Reproducible crash
PHP Version: 4.3.3 OS: Win XP
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: php at burnsystems dot de
New email:
PHP Version: OS:

 

 [2003-09-19 12:46 UTC] php at burnsystems dot de
Description:
------------
Servus,

I got a crash of 4.3.x under Apache and direct call of php.exe under windows, when the script creates a huge array.

When $nAmount has a value over 32768 PHP and Apache
crashes.

Any suggestions or help, how to get a better description of this problem.

Is it the same as following bug??

Bug #23872: reference to same variable(array) crash web server

Thanks,
Martin Brenn

Reproduce code:
---------------
...

<script language="php">

$nAmount = 100000;

$szPlayerID = 'x';

for ( $nCounter = 0; $nCounter < $nAmount; $nCounter++ )
{
    echo ( $nCounter . "\r" );

    $aszExtracted [ $szPlayerID ] [ $nUnit ] ['type' ] = $aszUnit [ 'type' ];
    $aszExtracted [ $szPlayerID ] [ $nUnit ] [ 'job' ] = $aszUnit [ 'job' ];

    $nUnit++;
}

</script>
 ..

Expected result:
----------------
No crash

Actual result:
--------------
Die Anweisung in "0x100b35ef" verweist auf Speicher in "0x000000008". Der Vorgang "written" konnte nicht auf dem Speicher durchgef?hrt werden.

The command in 0x100b35ef refers to memory in 0x0000008. The operation written couldn't be completed (or so).
My VC++ only reported these line, I don't have a debug build.

PHP4TS:

100B35DD 75 03                jne         100B35E2
100B35DF 89 6B 14             mov         dword ptr [ebx+14h],ebp
100B35E2 8B 43 10             mov         eax,dword ptr [ebx+10h]
100B35E5 85 C0                test        eax,eax
100B35E7 75 03                jne         100B35EC
100B35E9 89 6B 10             mov         dword ptr [ebx+10h],ebp
100B35EC 8B 43 1C             mov         eax,dword ptr [ebx+1Ch]
100B35EF 89 2C B0             mov         dword ptr [eax+esi*4],ebp   <-----
100B35F2 A1 2C F5 13 10       mov         eax,[1013F52C]
100B35F7 85 C0                test        eax,eax
100B35F9 74 02                je          100B35FD
100B35FB FF D0                call        eax
100B35FD 8B 53 08             mov         edx,dword ptr [ebx+8]
100B3600 8B 0B                mov         ecx,dword ptr [ebx]
100B3602 42                   inc         edx
100B3603 8B C2                mov         eax,edx
100B3605 89 53 08             mov         dword ptr [ebx+8],edx
100B3608 3B C1                cmp         eax,ecx
100B360A 76 09                jbe         100B3615
100B360C 53                   push        ebx
100B360D E8 5E 05 00 00       call        100B3B70


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-09-19 21:50 UTC] sniper@php.net
This is same as #23872, fixed in PHP 5, wont fix in PHP 4.

 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Fri Dec 02 12:03:49 2022 UTC