|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #38543 shutdown_executor() may segfault when memory_limit is too low
Submitted: 2006-08-22 09:58 UTC Modified: 2006-08-22 12:05 UTC
From: Assigned: dmitry
Status: Closed Package: Scripting Engine problem
PHP Version: 5.2.0RC2 OS: Linux
Private report: No CVE-ID:
 [2006-08-22 09:58 UTC]
PHP segfaults when memory_limit is too low (like 1 byte).
The problem is that shutdown_executor() doesn't expect global hashes to be NULL and tries to destroy/free them, which leads to segfault.
It's not a problem to add required if()'s, but we'd have to add them in places which are used very often (like zend_hash_*() funcs) and this may affect performance.
Reproducible with both 5_2 and HEAD branches.

Reproduce code:

php -r 'echo "ok\n";'

Expected result:

Actual result:
Fatal error: Allowed memory size of 1 bytes exhausted at /local/dev/php-src_5_2/Zend/zend_ini.c:246 (tried to allocate 2 bytes) in Unknown on line 0
[Tue Aug 22 13:51:18 2006]  Script:  '-'
/local/dev/php-src_5_2/Zend/zend_hash.c(646) : Block 0x00000000 status:

Program received signal SIGSEGV, Segmentation fault.
0x08180729 in _zend_is_inconsistent (ht=0x0, file=0x8259438 "/local/dev/php-src_5_2/Zend/zend_hash.c", line=727) at /local/dev/php-src_5_2/Zend/zend_hash.c:53
53              if (ht->inconsistent==HT_OK) {
(gdb) bt
#0  0x08180729 in _zend_is_inconsistent (ht=0x0, file=0x8259438 "/local/dev/php-src_5_2/Zend/zend_hash.c", line=727) at /local/dev/php-src_5_2/Zend/zend_hash.c:53
#1  0x08182468 in zend_hash_reverse_apply (ht=0x0, apply_func=0x816efa7 <zend_cleanup_function_data>) at /local/dev/php-src_5_2/Zend/zend_hash.c:727
#2  0x0816a988 in shutdown_executor () at /local/dev/php-src_5_2/Zend/zend_execute_API.c:275
#3  0x08177d1b in zend_deactivate () at /local/dev/php-src_5_2/Zend/zend.c:839
#4  0x08130e35 in php_request_shutdown (dummy=0x0) at /local/dev/php-src_5_2/main/main.c:1300
#5  0x081de00c in main (argc=3, argv=0xbfffefe4) at /local/dev/php-src_5_2/sapi/cli/php_cli.c:1250


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2006-08-22 12:05 UTC]
Fixed in CVS HEAD and PHP_5_2.
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Mon Nov 30 00:01:32 2015 UTC