php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #26428 Segfault after processing lots of data
Submitted: 2003-11-26 11:45 UTC Modified: 2003-12-02 04:24 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:0 (0.0%)
From: mats at cdmedia dot nu Assigned:
Status: No Feedback Package: Reproducible crash
PHP Version: 4.3.4 OS: Linux RH 7.2
Private report: No CVE-ID: None
View Developer Edit
 [2003-11-26 11:45 UTC] mats at cdmedia dot nu 
Description:
------------
I've a script that reads and writes several hundred MBs of data from a mysql database. The data is handled in a number of ways. Crash occurs at the same spot after a lot of data has been handled. First symptoms was that a method call on a newly created object suddenly gave a "call on non-object" error after 70000 iterations in loop, and then segfaulted. Perplexed, I added an if(is_object( ...)) around the offending statement, with the result that the crash occured a few lines down instead. A sign of memory corruption?

Configure string: --with-mysql --with-apxs --with-zlib

Reproduce code:
---------------
The script is part of a larger package of code. Perhaps someone can look at the backtrace and tell me what to look for, and then I can post some relevant lines.


Expected result:
----------------
Anything but a segfault.


Actual result:
--------------
#0  0x812a16e in zend_hash_add_or_update (ht=0x95443fc, arKey=0x8245a2c "<",
    nKeyLength=5, pData=0x8245a18, nDataSize=4, pDest=0xbfff8528, flag=1)
    at /tmp/php-4.3.4/Zend/zend_hash.c:287
#1  0x812b17c in zend_hash_copy (target=0x95443fc, source=0x8242a14,
    pCopyConstructor=0x8125578 <zval_add_ref>, tmp=0xbfff8568, size=4)
    at /tmp/php-4.3.4/Zend/zend_hash.c:794
#2  0x81256cc in _zval_copy_ctor (zvalue=0x87b224c)
    at /tmp/php-4.3.4/Zend/zend_variables.c:137
#3  0x813a4ee in execute (op_array=0x820613c) at /tmp/php-4.3.4/Zend/zend_execute.c:1809
#4  0x8139246 in execute (op_array=0x81b9530) at /tmp/php-4.3.4/Zend/zend_execute.c:1660
#5  0x8139246 in execute (op_array=0x81b1194) at /tmp/php-4.3.4/Zend/zend_execute.c:1660
#6  0x8126abc in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /tmp/php-4.3.4/Zend/zend.c:884
#7  0x80ffdbc in php_execute_script (primary_file=0xbffff750)
    at /tmp/php-4.3.4/main/main.c:1729
#8  0x8141740 in main (argc=2, argv=0xbffff7f4) at /tmp/php-4.3.4/sapi/cli/php_cli.c:819
#9  0x400c4306 in __libc_start_main (main=0x8140e08 <main>, argc=2, ubp_av=0xbffff7f4,
    init=0x806196c <_init>, fini=0x8141dfc <_fini>, rtld_fini=0x4000d2fc <_dl_fini>,
    stack_end=0xbffff7ec) at ../sysdeps/generic/libc-start.c:129
(gdb) frame 3
#3  0x813a4ee in execute (op_array=0x820613c) at /tmp/php-4.3.4/Zend/zend_execute.c:1809
1809                                                    zval_copy_ctor(varptr);

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-11-27 00:58 UTC] sniper@php.net 
Thank you for this bug report. To properly diagnose the problem, we need a short but complete example script to be able to reproduce this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>, is max. 10-20 lines long and does not require any external resources such as databases, etc.

If possible, make the script source available online and provide an URL to it here. Try avoid embedding huge scripts into the report.
 [2003-12-02 04:24 UTC] sniper@php.net 
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri May 09 10:01:28 2025 UTC