|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #47396 resource ids get re-used when opening enough files
Submitted: 2009-02-15 16:02 UTC Modified: 2011-04-08 20:41 UTC
Avg. Score:4.6 ± 0.6
Reproduced:34 of 36 (94.4%)
Same Version:6 (17.6%)
Same OS:8 (23.5%)
From: Assigned:
Status: Open Package: Scripting Engine problem
PHP Version: 5.2.9RC2 OS:
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
New email:
PHP Version: OS:


 [2009-02-15 16:02 UTC]
Using php for long running daemons and opening files in there can lead to crashes, when resource ids wrap around the integer/long size and come to 0 at last.

There is no sanity check if a resource is already in use when assigning it.

This problem is more likely to appear on 32bit systems than on 64, since it takes ages to overflow that number with 64bit. Still, it is a problem.

- Open a file -> resource id is now +1
- Open many files. Eventually, it will reach MAX_INT or whatever number that is and wrap around to "-" that number, increasing from now on.
- Double the time, and the script reaches an resource id of 0
- Now chances are very high that the an existing resource is at the same id
- PHP crashes

The problem has been - wrongly - described here:
The issue is the one I described here


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2009-02-15 16:07 UTC]
I had a look at the problem inside zend, and found the problem most likely coming from zend_hash.c

       if ((long)h >= (long)ht->nNextFreeElement) {
         ht->nNextFreeElement = h + 1;

If h (the element being inserted) is higher or equal than the current "nNextFreeElement", we set this to h+1.

This does not handles:
- The fact that we might get back to 0
- The fact that once we get back to 0, the "next free element" might be non free (and will most likely be for #1 and #2).

 [2009-06-23 22:47 UTC] jon dot cooke at frogtrade dot com
IMHO the issue is in zend_register_resource, which uses 
zend_hash_next_free_element to get the index to use... which just 
returns ht->nNextFreeElement, which is always 1 larger than the 
biggest index in the table (later updated as indicates by 

I'm going to try a different method for finding a free index if the 
next_free_index is big enough and see how it goes.

Time to give some back I think.
 [2011-04-08 20:41 UTC]
-Package: Feature/Change Request +Package: Scripting Engine problem
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Sun Aug 07 21:05:46 2022 UTC