php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #55509 segfault on x86_64 using more than 2G memory
Submitted: 2011-08-25 17:30 UTC Modified: 2011-09-13 07:01 UTC
From: r dot gauweiler at otterbach dot de Assigned: dmitry
Status: Closed Package: Reproducible crash
PHP Version: 5.3.8 OS: Linux
Private report: No CVE-ID:
 [2011-08-25 17:30 UTC] r dot gauweiler at otterbach dot de
Description:
------------
I get a segfault if I use much memory on a x86_64. It works up to 2G and doesn't 
work beyond it.
I first encountered it using streams, but it seems that it happens always using 
more memory.

Test script:
---------------
<?php
$a=file_get_contents('/dev/zero');
?>


Expected result:
----------------
getting fatal error telling me that memory_limit is exhausted like

'Fatal error: Allowed memory size of 2147483648 bytes exhausted at /home/rgr/php-
5.3.8/main/streams/streams.c:1331 (tried to allocate 2146697216 bytes) in 
fillMemory.php on line 3'


Actual result:
--------------
rgr@rgrVM1:~/php-5.3.8/sapi/cli$ ./php -d memory_limit=3G fillMemory.php
Speicherzugriffsfehler (Speicherabzug geschrieben)

rgr@rgrVM1:~/php-5.3.8/sapi/cli$ ./php --version
PHP 5.3.8 (cli) (built: Aug 25 2011 18:37:32) (DEBUG)
Copyright (c) 1997-2011 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies

(gdb) bt
#0  0x00000000007c1d18 in _zend_mm_realloc_int (heap=0x2db82c0, 
p=0x7fe31c8a7070, size=2147491840,
    __zend_filename=0xba5468 "/home/rgr/php-5.3.8/main/streams/streams.c", 
__zend_lineno=1331,
    __zend_orig_filename=0xb85bf8 "/home/rgr/php-5.3.8/ext/standard/file.c", 
__zend_orig_lineno=570)
    at /home/rgr/php-5.3.8/Zend/zend_alloc.c:2143
#1  0x00000000007c2a36 in _erealloc (ptr=0x7fe31c8a7070, size=2147491840, 
allow_failure=0,
    __zend_filename=0xba5468 "/home/rgr/php-5.3.8/main/streams/streams.c", 
__zend_lineno=1331,
    __zend_orig_filename=0xb85bf8 "/home/rgr/php-5.3.8/ext/standard/file.c", 
__zend_orig_lineno=570)
    at /home/rgr/php-5.3.8/Zend/zend_alloc.c:2371
#2  0x000000000078c1a0 in _php_stream_copy_to_mem (src=0x2f58498, 
buf=0x7fff9b3155e8, maxlen=0, persistent=0,
    __php_stream_call_depth=0, __zend_filename=0xb85bf8 "/home/rgr/php-
5.3.8/ext/standard/file.c", __zend_lineno=570,
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at /home/rgr/php-
5.3.8/main/streams/streams.c:1331
#3  0x00000000006e615d in zif_file_get_contents (ht=1, return_value=0x2f56d70, 
return_value_ptr=0x0, this_ptr=0x0,
    return_value_used=0) at /home/rgr/php-5.3.8/ext/standard/file.c:570
#4  0x00000000005e9c2c in phar_file_get_contents (ht=1, return_value=0x2f56d70, 
return_value_ptr=0x0, this_ptr=0x0,
    return_value_used=0) at /home/rgr/php-5.3.8/ext/phar/func_interceptors.c:225
#5  0x000000000081cfbf in zend_do_fcall_common_helper_SPEC 
(execute_data=0x7fe3dc874090)
    at /home/rgr/php-5.3.8/Zend/zend_vm_execute.h:320
#6  0x00000000008215f3 in ZEND_DO_FCALL_SPEC_CONST_HANDLER 
(execute_data=0x7fe3dc874090)
    at /home/rgr/php-5.3.8/Zend/zend_vm_execute.h:1640
#7  0x000000000081c47c in execute (op_array=0x2f57a30) at /home/rgr/php-
5.3.8/Zend/zend_vm_execute.h:107
#8  0x00000000007e82d5 in zend_execute_scripts (type=8, retval=0x0, 
file_count=3) at /home/rgr/php-5.3.8/Zend/zend.c:1236
#9  0x0000000000770cf7 in php_execute_script (primary_file=0x7fff9b317e30) at 
/home/rgr/php-5.3.8/main/main.c:2284
#10 0x00000000008d27dc in main (argc=4, argv=0x7fff9b318088) at /home/rgr/php-
5.3.8/sapi/cli/php_cli.c:1184

also reproduced it with
rgr@rgrVM1:~/php-5.3.8/sapi/cli$ php --version
PHP 5.3.3-7+squeeze3 with Suhosin-Patch (cli) (built: Jun 28 2011 08:24:40)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
    with Suhosin v0.9.32.1, Copyright (c) 2007-2010, by SektionEins GmbH

root@develop:/mnt/webdav/web/public/rgr/streamTest# php --version
PHP 5.2.6-1+lenny13 with Suhosin-Patch 0.9.6.2 (cli) (built: Jul  1 2011 
16:01:01)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies
    with eAccelerator v0.9.6.1, Copyright (c) 2004-2010 eAccelerator, by 
eAccelerator
    with Suhosin v0.9.27, Copyright (c) 2007, by SektionEins GmbH

cli and apache-module as well.



Patches

bug55509.diff (last revision 2011-09-06 15:11 UTC) by laruence@php.net)
bug55509.phpt (last revision 2011-09-06 14:01 UTC) by laruence@php.net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-09-06 13:42 UTC] laruence@php.net
The following patch has been added/updated:

Patch Name: bug55509.diff
Revision:   1315316576
URL:        https://bugs.php.net/patch-display.php?bug=55509&patch=bug55509.diff&revision=1315316576
 [2011-09-06 13:50 UTC] laruence@php.net
The following patch has been added/updated:

Patch Name: bug55509.phpt
Revision:   1315317057
URL:        https://bugs.php.net/patch-display.php?bug=55509&patch=bug55509.phpt&revision=1315317057
 [2011-09-06 13:51 UTC] laruence@php.net
-Status: Open +Status: Verified
 [2011-09-06 13:52 UTC] laruence@php.net
-Package: Streams related +Package: Reproducible crash
 [2011-09-06 14:01 UTC] laruence@php.net
The following patch has been added/updated:

Patch Name: bug55509.phpt
Revision:   1315317663
URL:        https://bugs.php.net/patch-display.php?bug=55509&patch=bug55509.phpt&revision=1315317663
 [2011-09-06 14:10 UTC] laruence@php.net
The following patch has been added/updated:

Patch Name: bug55509.diff
Revision:   1315318203
URL:        https://bugs.php.net/patch-display.php?bug=55509&patch=bug55509.diff&revision=1315318203
 [2011-09-06 14:48 UTC] laruence@php.net
although I have submitted a phpt file for this, I really think it'd better not to 
be a default test case, since it consume too much memory,  may cause the client 
feel worse..
 [2011-09-06 15:11 UTC] laruence@php.net
The following patch has been added/updated:

Patch Name: bug55509.diff
Revision:   1315321916
URL:        https://bugs.php.net/patch-display.php?bug=55509&patch=bug55509.diff&revision=1315321916
 [2011-09-07 08:43 UTC] laruence@php.net
-Assigned To: +Assigned To: dmitry
 [2011-09-07 08:43 UTC] laruence@php.net
Dmitry, plz look at this, thanks :-)
 [2011-09-13 07:01 UTC] dmitry@php.net
Automatic comment from SVN on behalf of dmitry
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=316590
Log: Fixed bug #55509 (segfault on x86_64 using more than 2G memory). (Laruence)
 [2011-09-13 07:01 UTC] dmitry@php.net
-Status: Verified +Status: Closed
 [2011-09-13 07:01 UTC] dmitry@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 [2012-01-29 13:59 UTC] simon at wakecodesleep dot com
I received this bug when running 'make test' with the default ./configure flags 
(no arguments) on the latest PHP 5.4.0 branch.

I'm running Mac OS X Lion (10.7.2 - "Darwin - Darwin Simons-MacBook-Air.local 
11.2.0 Darwin Kernel Version 11.2.0: Tue Aug  9 20:54:00 PDT 2011; root:xnu-
1699.24.8~1/RELEASE_X86_64 x86_64") on a 1.8GHz Core i7, 4GB RAM MacBook Air.
 [2012-02-04 20:48 UTC] bobwei9 at hotmail dot com
This test fails sometimes when the 3 GB of memory take too long (more than the hardcoded 300 seconds in the run-tests.php) to be written - usually when RAM is full and memory has to be written as swap on the hard disk. To prevent failing, could you remove the timeout at this test please?
 [2012-04-18 09:48 UTC] laruence@php.net
Automatic comment on behalf of dmitry
Revision: http://git.php.net/?p=php-src.git;a=commit;h=b6173bee922363affe761bfaa1f7e7c678e8dd96
Log: Fixed bug #55509 (segfault on x86_64 using more than 2G memory). (Laruence)
 [2012-07-24 23:40 UTC] rasmus@php.net
Automatic comment on behalf of dmitry
Revision: http://git.php.net/?p=php-src.git;a=commit;h=b6173bee922363affe761bfaa1f7e7c678e8dd96
Log: Fixed bug #55509 (segfault on x86_64 using more than 2G memory). (Laruence)
 [2013-11-17 09:36 UTC] laruence@php.net
Automatic comment on behalf of dmitry
Revision: http://git.php.net/?p=php-src.git;a=commit;h=b6173bee922363affe761bfaa1f7e7c678e8dd96
Log: Fixed bug #55509 (segfault on x86_64 using more than 2G memory). (Laruence)
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 10:02:06 2014 UTC