|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #47396 resource ids get re-used when opening enough files
Submitted: 2009-02-15 16:02 UTC Modified: 2011-04-08 20:41 UTC
Avg. Score:4.6 ± 0.6
Reproduced:34 of 36 (94.4%)
Same Version:6 (17.6%)
Same OS:8 (23.5%)
From: Assigned:
Status: Open Package: Scripting Engine problem
PHP Version: 5.2.9RC2 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
New email:
PHP Version: OS:


 [2009-02-15 16:02 UTC]
Using php for long running daemons and opening files in there can lead to crashes, when resource ids wrap around the integer/long size and come to 0 at last.

There is no sanity check if a resource is already in use when assigning it.

This problem is more likely to appear on 32bit systems than on 64, since it takes ages to overflow that number with 64bit. Still, it is a problem.

- Open a file -> resource id is now +1
- Open many files. Eventually, it will reach MAX_INT or whatever number that is and wrap around to "-" that number, increasing from now on.
- Double the time, and the script reaches an resource id of 0
- Now chances are very high that the an existing resource is at the same id
- PHP crashes

The problem has been - wrongly - described here:
The issue is the one I described here


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2009-02-15 16:07 UTC]
I had a look at the problem inside zend, and found the problem most likely coming from zend_hash.c

       if ((long)h >= (long)ht->nNextFreeElement) {
         ht->nNextFreeElement = h + 1;

If h (the element being inserted) is higher or equal than the current "nNextFreeElement", we set this to h+1.

This does not handles:
- The fact that we might get back to 0
- The fact that once we get back to 0, the "next free element" might be non free (and will most likely be for #1 and #2).

 [2009-06-23 22:47 UTC] jon dot cooke at frogtrade dot com
IMHO the issue is in zend_register_resource, which uses 
zend_hash_next_free_element to get the index to use... which just 
returns ht->nNextFreeElement, which is always 1 larger than the 
biggest index in the table (later updated as indicates by 

I'm going to try a different method for finding a free index if the 
next_free_index is big enough and see how it goes.

Time to give some back I think.
 [2011-04-08 20:41 UTC]
-Package: Feature/Change Request +Package: Scripting Engine problem
 [2023-03-06 06:36 UTC] croverwnorene8 at googlemail dot com
Thanks for the information..
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Tue Nov 28 14:01:26 2023 UTC