php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #38543 shutdown_executor() may segfault when memory_limit is too low
Submitted: 2006-08-22 09:58 UTC Modified: 2006-08-22 12:05 UTC
From: tony2001@php.net Assigned: dmitry
Status: Closed Package: Scripting Engine problem
PHP Version: 5.2.0RC2 OS: Linux
Private report: No CVE-ID:
 [2006-08-22 09:58 UTC] tony2001@php.net
Description:
------------
PHP segfaults when memory_limit is too low (like 1 byte).
The problem is that shutdown_executor() doesn't expect global hashes to be NULL and tries to destroy/free them, which leads to segfault.
It's not a problem to add required if()'s, but we'd have to add them in places which are used very often (like zend_hash_*() funcs) and this may affect performance.
Reproducible with both 5_2 and HEAD branches.

Reproduce code:
---------------
php.ini:
memory_limit=1

php -r 'echo "ok\n";'

Expected result:
----------------
ok

Actual result:
--------------
Fatal error: Allowed memory size of 1 bytes exhausted at /local/dev/php-src_5_2/Zend/zend_ini.c:246 (tried to allocate 2 bytes) in Unknown on line 0
[Tue Aug 22 13:51:18 2006]  Script:  '-'
---------------------------------------
/local/dev/php-src_5_2/Zend/zend_hash.c(646) : Block 0x00000000 status:
NULL
---------------------------------------

Program received signal SIGSEGV, Segmentation fault.
0x08180729 in _zend_is_inconsistent (ht=0x0, file=0x8259438 "/local/dev/php-src_5_2/Zend/zend_hash.c", line=727) at /local/dev/php-src_5_2/Zend/zend_hash.c:53
53              if (ht->inconsistent==HT_OK) {
(gdb) bt
#0  0x08180729 in _zend_is_inconsistent (ht=0x0, file=0x8259438 "/local/dev/php-src_5_2/Zend/zend_hash.c", line=727) at /local/dev/php-src_5_2/Zend/zend_hash.c:53
#1  0x08182468 in zend_hash_reverse_apply (ht=0x0, apply_func=0x816efa7 <zend_cleanup_function_data>) at /local/dev/php-src_5_2/Zend/zend_hash.c:727
#2  0x0816a988 in shutdown_executor () at /local/dev/php-src_5_2/Zend/zend_execute_API.c:275
#3  0x08177d1b in zend_deactivate () at /local/dev/php-src_5_2/Zend/zend.c:839
#4  0x08130e35 in php_request_shutdown (dummy=0x0) at /local/dev/php-src_5_2/main/main.c:1300
#5  0x081de00c in main (argc=3, argv=0xbfffefe4) at /local/dev/php-src_5_2/sapi/cli/php_cli.c:1250


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-08-22 12:05 UTC] dmitry@php.net
Fixed in CVS HEAD and PHP_5_2.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Mon Apr 21 12:02:07 2014 UTC