PHP :: Bug #3393 :: crash on break

Bug #3393	crash on break
Submitted:	2000-02-03 05:17 UTC	Modified:	2000-02-12 18:06 UTC
From:	stas at zend dot com	Assigned:
Status:	Closed	Package:	Other
PHP Version:	4.0 Latest CVS (03/02/2000)	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

[2000-02-03 05:17 UTC] stas at zend dot com

Script crashes with:

Program received signal SIGSEGV, Segmentation fault.
0x1fe4e1 in __kill () from /lib/libc.so.6
(gdb) where
#0  0x1fe4e1 in __kill () from /lib/libc.so.6
#1  0x808bc5e in _erealloc (ptr=0x83af684, size=1515873057, allow_failure=0, 
    __zend_filename=0x8139880 "../../Zend/zend_operators.c", 
    __zend_lineno=854, __zend_orig_filename=0x0, __zend_orig_lineno=0)
    at ../../Zend/zend_alloc.c:230
#2  0x8094171 in add_string_to_string (result=0xbfffcb20, op1=0xbfffcb20, 
    op2=0xbfffce98) at ../../Zend/zend_operators.c:854
#3  0x80dd3da in execute (op_array=0x82cb938) at ../../Zend/zend_execute.c:1406
#4  0x80ddb3e in execute (op_array=0x8354454) at ../../Zend/zend_execute.c:1574
#5  0x80ddb3e in execute (op_array=0x835459c) at ../../Zend/zend_execute.c:1574
#6  0x80ddb3e in execute (op_array=0x821b6a8) at ../../Zend/zend_execute.c:1574
#7  0x80ddb3e in execute (op_array=0x81ce59c) at ../../Zend/zend_execute.c:1574
#8  0x8086dcc in php_execute_script (primary_file=0xbffffb4c)
    at /home/php/php4/./main.c:1206
#9  0x809ea21 in apache_php_module_main (r=0x81c11ec, fd=19, 
    display_source_mode=0) at /home/php/php4/sapi/apache/sapi_apache.c:86
#10 0x80835b3 in send_php (r=0x81c11ec, display_source_mode=0, 
    filename=0x81c1d14 "/home/httpd/html/zend/apps.php") at mod_php4.c:419
#11 0x80835f8 in send_parsed_php (r=0x81c11ec) at mod_php4.c:431
#12 0x80e77f3 in ap_invoke_handler (r=0x81c11ec) at http_config.c:508
#13 0x80faa99 in process_request_internal (r=0x81c11ec) at http_request.c:1214
#14 0x80faafc in ap_process_request (r=0x81c11ec) at http_request.c:1230
#15 0x80f24fe in child_main (child_num_arg=0) at http_main.c:4035


In the log, there's additional weird line:
FATAL:  erealloc():  Unable to allocate 1515873057 bytes

The crash point is the script is statement like this:

$ret = <<ENDDOC
<text>
ENDDOC;
return $ret;

where text is some 5K of text. This function crashes on the second call. If I disable "return" statement, crash doesn't happen. Also it doesn't happen if I insert var_dump(strlen($ret)) before return statement. If I insert "print strlen($ret)", it does crash, but on fourth call of the function.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2000-02-04 17:54 UTC] joey at cvs dot php dot net

Try changing the first line to
$ret = <<<ENDDOC

3 <'s...2 is the bitshift operator.
Does this fix your problem?

[2000-02-05 15:28 UTC] andi at cvs dot php dot net

Please try and cut the problem down to a test script which can be run and will still crash.

[2000-02-12 18:06 UTC] andi at cvs dot php dot net

Was fixed by Zeev.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Oct 31 01:00:01 2025 UTC