php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #63635 Segfault in gc_collect_cycles
Submitted: 2012-11-28 11:17 UTC Modified: 2012-11-29 09:54 UTC
From: remi@php.net Assigned: dmitry (profile)
Status: Closed Package: *General Issues
PHP Version: 5.4.9 OS: GNU/Linux (Fedora 18)
Private report: No CVE-ID: None
View Developer Edit
 [2012-11-28 11:17 UTC] remi@php.net 
Description:
------------
When using huge object tree with circular reference,

With zend.enable_gc=0 : lot of memory consumed
With zend.enable_gc=1 : segfault

(gdb) bt
#0  0x00000000005e23d9 in gc_zval_possible_root (zv=0x19e5500) at /usr/src/debug/php-5.4.9/Zend/zend_gc.c:143
#1  0x00000000005e40f7 in zend_object_std_dtor (object=0x7fffcf6f2020) at /usr/src/debug/php-5.4.9/Zend/zend_objects.c:54
#2  0x00000000005e4129 in zend_objects_free_object_storage (object=0x7fffcf6f2020) at /usr/src/debug/php-5.4.9/Zend/zend_objects.c:137
#3  0x00000000005e9e53 in zend_objects_store_del_ref_by_handle_ex (handle=3273, handlers=<optimized out>)
    at /usr/src/debug/php-5.4.9/Zend/zend_objects_API.c:220
#4  0x00000000005e220e in gc_collect_cycles () at /usr/src/debug/php-5.4.9/Zend/zend_gc.c:832
#5  0x00000000005e2303 in gc_zobj_possible_root (zv=0x19e5500, zv@entry=0x1967560) at /usr/src/debug/php-5.4.9/Zend/zend_gc.c:221
#6  0x00000000005e23ea in gc_zval_possible_root (zv=zv@entry=0x1967560) at /usr/src/debug/php-5.4.9/Zend/zend_gc.c:143
#7  0x00000000005f2ffd in gc_zval_check_possible_root (z=0x1967560) at /usr/src/debug/php-5.4.9/Zend/zend_gc.h:183
#8  i_zval_ptr_dtor (zval_ptr=0x1967560) at /usr/src/debug/php-5.4.9/Zend/zend_execute.h:97
#9  zend_leave_helper_SPEC (execute_data=0x7ffff7f855f8) at /usr/src/debug/php-5.4.9/Zend/zend_vm_execute.h:468
#10 0x0000000000624067 in execute (op_array=0x7ffff7fbfdf8) at /usr/src/debug/php-5.4.9/Zend/zend_vm_execute.h:410
#11 0x00007ffff17e0fd2 in xdebug_execute () from /usr/lib64/php/modules/xdebug.so
#12 0x000000000066a529 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7f85060) at /usr/src/debug/php-5.4.9/Zend/zend_vm_execute.h:669
#13 0x0000000000624067 in execute (op_array=0x7ffff7fbdab0) at /usr/src/debug/php-5.4.9/Zend/zend_vm_execute.h:410
#14 0x00007ffff17e0fd2 in xdebug_execute () from /usr/lib64/php/modules/xdebug.so
#15 0x00000000005c4dec in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3)
    at /usr/src/debug/php-5.4.9/Zend/zend.c:1309
#16 0x000000000056475d in php_execute_script (primary_file=primary_file@entry=0x7fffffffcbb0) at /usr/src/debug/php-5.4.9/main/main.c:2482
#17 0x000000000066ca66 in do_cli (argc=2, argv=0x7fffffffe048) at /usr/src/debug/php-5.4.9/sapi/cli/php_cli.c:988
#18 0x0000000000425b0a in main (argc=2, argv=0x7fffffffe048) at /usr/src/debug/php-5.4.9/sapi/cli/php_cli.c:1364


Test script:
---------------
<?php

class Node {
	public $parent = NULL;
	public $childs = array();
	
	function __construct(Node $parent=NULL) {
		if ($parent) {
			$parent->childs[] = $this;
		}
		$this->childs[] = $this;
	}
	
	function __destruct() {
		$this->childs = NULL;
	}	
}

define("MAX", 16);

while (true) {
	printf("Memory: %6.2fMB ->", memory_get_usage()/1024/1024);
	$top = new Node();
	for ($i=0 ; $i<MAX ; $i++) {
		$ci = new Node($top);
		for ($j=0 ; $j<MAX ; $j++) {
			$cj = new Node($ci);
			for ($k=0 ; $k<MAX ; $k++) {
				$ck = new Node($cj);
			}
		}
	}
	printf(" %6.2fMB\n", memory_get_usage()/1024/1024);
}


Expected result:
----------------
No segfault.

Actual result:
--------------
$ php -d zend.enable_gc=1 repro.ph
...
Memory:   3.40MB ->   5.62MB
Memory:   5.62MB ->   3.40MB
Memory:   3.40MB ->   5.62MB
Memory:   5.62MB ->   7.83MB
Memory:   7.83MB ->
Program received signal SIGSEGV, Segmentation fault.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-11-28 11:18 UTC] remi@php.net
-Summary: Segfault in gc +Summary: Segfault in gc_collect_cycles
 [2012-11-28 11:38 UTC] remi@php.net 
Note: without the circular reference, no segfault.

		$this->childs[] = $this;
 [2012-11-29 09:48 UTC] dmitry@php.net 
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=92e2f2938115d2cdae185848d535380fb7694598
Log: Fixed bug #63635 (Segfault in gc_collect_cycles)
 [2012-11-29 09:48 UTC] dmitry@php.net
-Status: Open +Status: Closed
 [2012-11-29 09:48 UTC] dmitry@php.net 
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=3c1888f58468ff0fd7f6c20f3fd7701ed7273647
Log: Fixed bug #63635 (Segfault in gc_collect_cycles)
 [2012-11-29 09:54 UTC] dmitry@php.net
-Assigned To: +Assigned To: dmitry
 [2012-11-29 09:54 UTC] dmitry@php.net 
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.
 [2012-11-30 06:30 UTC] laruence@php.net 
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=92e2f2938115d2cdae185848d535380fb7694598
Log: Fixed bug #63635 (Segfault in gc_collect_cycles)
 [2012-11-30 06:31 UTC] laruence@php.net 
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=92e2f2938115d2cdae185848d535380fb7694598
Log: Fixed bug #63635 (Segfault in gc_collect_cycles)
 [2012-12-19 17:55 UTC] derick@php.net 
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=3c1888f58468ff0fd7f6c20f3fd7701ed7273647
Log: Fixed bug #63635 (Segfault in gc_collect_cycles)
 [2012-12-19 17:55 UTC] derick@php.net 
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=92e2f2938115d2cdae185848d535380fb7694598
Log: Fixed bug #63635 (Segfault in gc_collect_cycles)
 [2013-11-17 09:32 UTC] laruence@php.net 
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=3c1888f58468ff0fd7f6c20f3fd7701ed7273647
Log: Fixed bug #63635 (Segfault in gc_collect_cycles)
 [2014-10-07 23:21 UTC] stas@php.net 
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=92e2f2938115d2cdae185848d535380fb7694598
Log: Fixed bug #63635 (Segfault in gc_collect_cycles)
 [2014-10-07 23:32 UTC] stas@php.net 
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=92e2f2938115d2cdae185848d535380fb7694598
Log: Fixed bug #63635 (Segfault in gc_collect_cycles)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 16:01:28 2024 UTC