php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #40181 double free problem after 64k iterations
Submitted: 2007-01-20 15:40 UTC Modified: 2007-01-21 00:12 UTC
From: giovanni at giacobbi dot net Assigned:
Status: Wont fix Package: Reproducible crash
PHP Version: 4.4.4 OS: linux
Private report: No CVE-ID: None
 [2007-01-20 15:40 UTC] giovanni at giacobbi dot net
Description:
------------
The following code snippet produces a double free error. I don't think my glibc/linux versions matter, anyway I can provide them on request.

An interesting thing is that the bug manifests itself only at the 65536th iteration. Removing any reference to the $index variable doesn't reproduce the bug any longer.


Reproduce code:
---------------
function m($index) {
  is_int($index);

  global $x;
  return $x[$index];
}

$i = 0;
$x = array("x");
while (m($i)) {
  $p[] = m($i);
}


Actual result:
--------------
*** glibc detected *** php: double free or corruption (fasttop): 0x09d89a08 ***


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-01-20 19:35 UTC] tony2001@php.net
You have to upgrade to PHP5 in order to change this 65536 limit to 2147483647.
Though, I would not expect endless loops to "work" anyway.
 [2007-01-21 00:12 UTC] giovanni at giacobbi dot net
I'd like to know what causes this weird behaviour. I don't want to crush on such things if manipulating long arrays anyway.

Please note that taking away "is_int($index)" from my code snippet lets the endless loop keep going forever (well, at least until you have enough RAM).

Thank you.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 30 14:01:28 2024 UTC