php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #55660 SplFixedArray::fromArray causing segmentation fault 11
Submitted: 2011-09-09 21:26 UTC Modified: 2011-09-28 03:21 UTC
From: rewilliams at crystaltech dot com Assigned: laruence (profile)
Status: Closed Package: Reproducible crash
PHP Version: 5.3.8 OS: Mac OS X 10.7.1
Private report: No CVE-ID: None
 [2011-09-09 21:26 UTC] rewilliams at crystaltech dot com
Description:
------------
I created a script that uses SplFileObject to iterate over a CSV file. As it 
goes, it creates a new object with each line's data and adds the object to an 
array. Running it with 10k or more lines crashes with a "Segmentation fault: 11" 
error message, while anything up to 9,999 lines works well. Adjusting PHP's 
memory limit had no effect.

I've attached a partial reduction to this bug. It seems like I really need the 
elements of the SplFileObject and the class for each line, as skipping either 
one of those (even when the resulting array is much larger than 10k items) 
causes the failure to disappear. I'm not sure exactly what the trigger is, 
however. My reduction includes a sample CSV file of just over 10k lines, and 
though it still uses SplFileObject and a per-line object, the class for the 
latter is just an stdClass, and the data from the file is essentially ignored.

The script has two lines near the bottom that are method calls to ImportData(). 
Comment out one or the other to see the script run successfully or to see it 
fail. Option 1 works; option 2 fails.

Note that I tested this under 5.3.6, not the 5.3.8 that's indicated on the bug. 
I do not have access to the latter.

Expected result:
----------------
I'd expect the script to run to completion in all cases, assuming there is 
sufficient memory.

Actual result:
--------------
The script fails in the case of >= 10000 items in the array being converted.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-09-09 21:32 UTC] rewilliams at crystaltech dot com
Hmm, I don't see how to upload reproduction scripts. The script is below; I'll 
leave the data 
file to the tester. I created a simple CSV file that had 10,005 lines of 13 
columns each, where 
the value of every column is the alphabet. It included one trailing blank line 
and used CRLF line 
endings.

Here's the script:

<?php

ini_set('display_errors', 1);
ini_set('error_reporting', E_ALL | E_STRICT);

class NmsObj {
	static public function ImportData($whichOption) {
		$fileObj = new SplFileObject('TestData.csv');
		$fileObj->setFlags(SplFileObject::SKIP_EMPTY | 
SplFileObject::DROP_NEW_LINE | 
SplFileObject::READ_CSV);

		$return = array();
		foreach ($fileObj as $oneLine) {
			$return[] = new stdClass();
		} //foreach

		switch ($whichOption) {
			case 1:
				$return = array_slice($return, 0, 9999);
				$result = SplFixedArray::fromArray($return);
				//we get here
				return $result;
			break;

			case 2:
				$return = array_slice($return, 0, 10000);
				$result = SplFixedArray::fromArray($return);
				//we won't get here - get "Segmentation fault: 
11"
				return $result;
			break;
		} //switch
	} //ImportData
} //NmsObj

//$dataSet1 = NmsObj::ImportData(1);
$dataSet1 = NmsObj::ImportData(2);

echo "Done!\n";

?>
 [2011-09-10 03:59 UTC] laruence@php.net
-Status: Open +Status: Feedback
 [2011-09-10 03:59 UTC] laruence@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

I can not reproduce it with a test csv file(1005 line, 13 cloumns) with 5.3 trunk
 [2011-09-12 18:00 UTC] rewilliams at crystaltech dot com
FWIW, I just reproduced it on a Linux server running 5.3.4. I'm working on getting 
a backtrace, but I need to build a debug version of PHP first.
 [2011-09-12 18:05 UTC] rewilliams at crystaltech dot com
laruence@: I just caught that you stated your test file had 1005 lines. I'm not 
sure if you misread what I wrote or if you mistyped what you tested, but the 
test file I used was 10005 lines - you're off by an order of magnitude.

I uploaded my file to Dropbox. You can grab it here:

<http://dl.dropbox.com/u/9434155/data.csv>

If you're able to grab it and attach it to the bug or make it available 
someplace more permanent, that would be great.
 [2011-09-13 02:37 UTC] laruence@php.net
Please try using this snapshot:

  http://snaps.php.net/php5.3-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/

Hi, I still can not reproduce with your data.csv, could you try with the 5.3-trunk?
 [2011-09-13 16:19 UTC] rewilliams at crystaltech dot com
-Status: Feedback +Status: Open
 [2011-09-13 16:19 UTC] rewilliams at crystaltech dot com
Well, it doesn't seem to show itself under 5.3.8 on the Linux server, so maybe 
this was fixed and I just missed the report. Since my original report, I've had 
several similar cases that happened somewhat randomly under 5.3.6, so I'll just 
keep an eye out and if I get something that's reproducible under the latest 
version, I'll file another bug. In the mean time, you can close this bug.

Thanks for your time.
 [2011-09-28 03:21 UTC] laruence@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: laruence
 [2011-09-28 03:21 UTC] laruence@php.net
closed
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sun Aug 25 05:01:26 2019 UTC