php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #39640 Segfault with "Allowed memory size exhausted"
Submitted: 2006-11-26 18:55 UTC Modified: 2006-12-01 13:55 UTC
From: phpbugs at thequod dot de Assigned: dmitry
Status: Closed Package: Reproducible crash
PHP Version: 5CVS-2006-11-26 (CVS) OS: Ubuntu Linux
Private report: No CVE-ID:
 [2006-11-26 18:55 UTC] phpbugs at thequod dot de
Description:
------------
If the memory limit gets exhausted in a line like:
        $a = new stdClass;
PHP segfaults during shutdown.


Reproduce code:
---------------
<?php

$o = new stdClass;

$i = 0;
while( ++$i )
{
        $a = new stdClass;
        $a->foo = rand(1000, 9999);
        $a->bar = rand(1000, 9999);
        $o->a[$i] = $a;
}
?>

Expected result:
----------------
No segmentation fault.

Actual result:
--------------
Fatal error: Allowed memory size of 16777216 bytes 
exhausted (tried to allocate 40 bytes) 
in /X/memory_usage1.php on line 8

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1218541376 (LWP 549)]
_zend_mm_free_int (heap=0x8606160, p=0x860624c) 
at /PHP_5_2/Zend/zend_alloc.c:1332
1332    /PHP_5_2/Zend/zend_alloc.c: No such file or 
directory.
        in /PHP_5_2/Zend/zend_alloc.c
(gdb) bt
#0  _zend_mm_free_int (heap=0x8606160, p=0x860624c) 
at /PHP_5_2/Zend/zend_alloc.c:1332
#1  0x0831a5e2 in zend_object_std_dtor (object=0xb6586ff0) 
at /PHP_5_2/Zend/zend_objects.c:45
#2  0x0831a60a in zend_objects_free_object_storage 
(object=0xb6586ff0) at /PHP_5_2/Zend/zend_objects.c:122
#3  0x0831d4ef in zend_objects_store_free_object_storage 
(objects=0x8605988) at /PHP_5_2/Zend/zend_objects_API.c:89
#4  0x082f9b75 in shutdown_executor () 
at /PHP_5_2/Zend/zend_execute_API.c:299
#5  0x08304cf4 in zend_deactivate () 
at /PHP_5_2/Zend/zend.c:841
#6  0x082c9290 in php_request_shutdown (dummy=0x0) 
at /PHP_5_2/main/main.c:1306
#7  0x083882ad in main (argc=3, argv=0xbf8aef94) 
at /PHP_5_2/sapi/cgi/cgi_main.c:1792


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-11-27 09:52 UTC] tony2001@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip


 [2006-11-27 20:15 UTC] phpbugs at thequod dot de
There's only a sqlite related fix, if I do "cvs diff"?!
 [2006-11-27 21:33 UTC] iliaa@php.net
Is your PHP build with --enable-debug? If it is on out-of-
memory error PHP dies with a segv.
 [2006-11-27 22:06 UTC] phpbugs at thequod dot de
No debug build.

It does not happen always, only if the memory gets 
exhausted in line 8 ("$a = new stdClass;"), not if it gets 
exhausted in a line like "$a->foo = rand(1000, 9999);".


Here's a backtrace from CLI:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1219950928 (LWP 535)]
_zend_mm_free_int (heap=0x85ff1d8, p=<value optimized 
out>) at /usr/local/src/PHP_5_2/Zend/zend_alloc.c:1332
1332                    if 
(ZEND_MM_IS_FREE_BLOCK(next_block)) {
(gdb) bt
#0  _zend_mm_free_int (heap=0x85ff1d8, p=<value optimized 
out>) at /usr/local/src/PHP_5_2/Zend/zend_alloc.c:1332
#1  0x08325073 in zend_object_std_dtor (object=0xb2352ff0) 
at /usr/local/src/PHP_5_2/Zend/zend_objects.c:45
#2  0x083250a2 in zend_objects_free_object_storage 
(object=0xb2352ff0) 
at /usr/local/src/PHP_5_2/Zend/zend_objects.c:122
#3  0x08327e6d in zend_objects_store_free_object_storage 
(objects=0x85fedc8) 
at /usr/local/src/PHP_5_2/Zend/zend_objects_API.c:89
#4  0x083035d1 in shutdown_executor () 
at /usr/local/src/PHP_5_2/Zend/zend_execute_API.c:299
#5  0x0830e3a3 in zend_deactivate () 
at /usr/local/src/PHP_5_2/Zend/zend.c:841
#6  0x082cf36c in php_request_shutdown (dummy=0x0) 
at /usr/local/src/PHP_5_2/main/main.c:1306
#7  0x0838482d in main (argc=2, argv=0xbfd22424) 
at /usr/local/src/PHP_5_2/sapi/cli/php_cli.c:1259


$ php -v
PHP 5.2.1-dev (cli) (built: Nov 27 2006 03:16:44)
Copyright (c) 1997-2006 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2006 Zend 
Technologies
 [2006-11-27 22:28 UTC] tony2001@php.net
Thanks for the last hint, now I can replicate it. 
It happens when an object is not initialized properly (because of the memory limit).
Please give me some time, I'll try to find a solution..
 [2006-11-28 10:26 UTC] tony2001@php.net
Reassigned to Dmitry, he said he'll take a look at it along with other memory manager related problems.
 [2006-12-01 13:55 UTC] dmitry@php.net
Fixed in CVS HEAD and PHP_5_2.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Mon Apr 21 00:02:04 2014 UTC