php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #31854 Segfault if set memory_limit and other goodies
Submitted: 2005-02-05 20:31 UTC Modified: 2005-07-02 14:19 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: bertrand at toggg dot com Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 5CVS, 4CVS (2005-03-03) OS: *
Private report: No CVE-ID: None
View Developer Edit
 [2005-02-05 20:31 UTC] bertrand at toggg dot com 
Description:
------------
This script doubles and again an array of long strings.
It accepts 3 parameters:
- nb of times to double the array
- eventuel memory_limit to set (thus default 8 Mo)
- interval of added rows to check memory_get_usage.
By 18 loops the 8Mo are exhausted.

Depending on the memory setting and the interval to check memory usage, results are somewhat strange.

The segmentation fault occurs the same if running from Apache 2.0 Handler

It could be related to bug #31624

Reproduce code:
---------------
$loop = isset($_SERVER['argv'][1]) ? $_SERVER['argv'][1]+0 : 11;
$setmem = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2]+0 : ''; // changed if set
$chk = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3]+0 : 100;
if ($setmem) {
    if (ini_set ('memory_limit', $setmem*1048576)) {
        echo 'Set memory limit to '.$setmem." Mo\n";
    } else {
        echo 'FAILED to set memory limit to '.$setmem." Mo\n";
    }
}
error_reporting(E_ALL);
$arr = array (str_repeat('X', 65536));
$mem = 0;
while ($loop--) {
    for ($i = count($arr); $i; $i--) {
        $arr[] = $arr[0];
        if ($i%$chk) continue;
        if ( ( ($nmem = memory_get_usage()) - $mem) > 1000000) {
            $mem = $nmem;
            echo 'Count:'.count($arr)." ($mem bytes)\n";
        }
    }
    echo $loop.':'.count($arr).'/'.memory_get_usage() . " bytes\n"; // 36640
}
echo "\n OK \n";


Expected result:
----------------
1) no memory_limit set
PHP Fatal error:  Allowed memory size of 8388608 bytes exhausted (tried to allocate 35 bytes) in /home/bertrand/prog/test/outmem.php on line 19
+ break

2) with memory_limit set.
If not enough: same as 1)
Enough memory: OK

Actual result:
--------------
1) no memory_limit set
I actually get memory exhausted, but if I lower the memory_get_usage frequence, then no break, must control-C:
php outmem.php 18 '' 100  ---> break, get hand back
php outmem.php 18 '' 1000 ---> I must abort
That means if I check memory_get_usage only each 1000 rows PHP is not coming back, but everything OK if I check each 100 rows ????

PHP Fatal error:  Allowed memory size of 8388608 bytes exhausted (tried to allocate 35 bytes) in /home/bertrand/prog/test/outmem.php on line 19
Allowed memory size of 8388608 bytes exhausted (tried to allocate 129 bytes)

The second message is coming after a long while, but the PHP is sleeping and I need to break

2) with memory_limit
It's as expected but will in both cases (enough mem or not) make a segmentation fault.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-02-06 06:57 UTC] sniper@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip
 [2005-02-06 11:30 UTC] bertrand at toggg dot com 
I downloaded the CVS snapshot from this morning,
php4-STABLE-200502060730 unix version
I build only the executables:
./configure --enable-memory-limit
make

With sapi/cli/php or sapi/cgi/php, unfortunately the results are the same.
Only one point is now better, it's the case where no memory_limit set and less call to memory_get_usage:
php outmem.php 18 '' 1000000
17:2/88792 bytes
16:4/88888 bytes
<...snip...>
1:131072/5855880 bytes

Fatal error: Allowed memory size of 8388608 bytes exhausted (tried to allocate 35 bytes) in /home/bertrand/prog/test/outmem.php on line 19
<<< here it's still hanging a long time >>>
Allowed memory size of 8388608 bytes exhausted (tried to allocate 129 bytes)

But then it's coming back from PHP, no need no more to break. Is it only due to the fact it's an only CLI PHP ?

Just to be sure, I've also rebuild some php-4.3.9 from 2004/10/09 and results are identical.
 [2005-02-16 11:46 UTC] bertrand at toggg dot com 
Hope it's usefull for you:

Core was generated by `./php outmem.php 18 12 100'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/tls/libm.so.6...done.
Loaded symbols for /lib/tls/libm.so.6
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/tls/libc.so.6...done.
Loaded symbols for /lib/tls/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
#0  0x00c713d4 in _int_free () from /lib/tls/libc.so.6
(gdb) bt
#0  0x00c713d4 in _int_free () from /lib/tls/libc.so.6
#1  0x00c7272b in free () from /lib/tls/libc.so.6
#2  0x081041c9 in shutdown_memory_manager (silent=0, clean_cache=0)
    at /home/bertrand/down/php4-STABLE-200502160330/Zend/zend_alloc.c:492
#3  0x080eb490 in php_request_shutdown (dummy=0x0)
    at /home/bertrand/down/php4-STABLE-200502160330/main/main.c:1004
#4  0x0811fa1f in main (argc=5, argv=0xbff00a34)
    at /home/bertrand/down/php4-STABLE-200502160330/sapi/cli/php_cli.c:876
(gdb)
 [2005-03-02 23:57 UTC] sniper@php.net 
This happens with PHP 5.1-dev (CVS HEAD)

==6533== Conditional jump or move depends on uninitialised value(s)
==6533==    at 0x80F2874: compare_function (zend_operators.c:1341)
==6533==    by 0x80F396D: is_smaller_function (zend_operators.c:1503)
==6533==    by 0x8118E46: ZEND_IS_SMALLER_SPEC_CONST_TMP_HANDLER (zend_execute.c:284)
==6533==    by 0x8112B88: execute (zend_vm_execute.h:78)
 [2005-06-19 02:23 UTC] sniper@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip

I can not reproduce the crash with latest CVS (4 or 5)
 [2005-07-02 10:28 UTC] bertrand at toggg dot com 
Running on: Linux ancilla.toggg.net 2.6.11-1.35_FC3smp #1 SMP Mon Jun 13 01:17:35 EDT 2005 i686

Well done guys !

Did the tests again with php5-200507020630 cli and cgi are OK.

With php4-STABLE-200507020436 cli or cgi ,
So far I use at least 17 loops, so asking at least 6M memory,
in any case, memory exhausted or not, memory limit rised or not,
the script runs as expected but a "post-mortem" message occurs:

*** glibc detected *** double free or corruption (!prev): 0x095a9018 ***
Aborted

Lowering the memory needed to 3M makes this message disappear.

It's glibc 2.3.5

Should I close this bug and open a new one ?

Anyway congrats for the bug clearing !
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Jul 16 20:01:32 2025 UTC