php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #65267 Exceeded bounds check in apc_bd_alloc_ex
Submitted: 2013-07-16 05:20 UTC Modified: 2016-11-18 21:09 UTC
Votes:2
Avg. Score:4.5 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:0 (0.0%)
From: james dot d at hexhost dot net Assigned:
Status: Wont fix Package: APC (PECL)
PHP Version: 5.4.17 OS: Ubuntu 13.04
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: james dot d at hexhost dot net
New email:
PHP Version: OS:

 

 [2013-07-16 05:20 UTC] james dot d at hexhost dot net
Description:
------------
When dumping a large array of files or files over a certain size to a file I get 
unexpected output. 

I tried the latest SVN version, latest PECL version, and Ubuntu's php-apc 
package. the Ubuntu package doesn't fail but will not work correctly when loaded 
from the dump. the PECL and SVN version both give the unexpected output.

Here's the runtime APC configuration


apc
apc.cache_by_default => On => On
apc.canonicalize => On => On
apc.coredump_unmap => Off => Off
apc.enable_cli => On => On
apc.enable_opcode_cache => On => On
apc.enabled => On => On
apc.file_md5 => Off => Off
apc.file_update_protection => 2 => 2
apc.filters => no value => no value
apc.gc_ttl => 3600 => 3600
apc.include_once_override => On => On
apc.lazy_classes => Off => Off
apc.lazy_functions => Off => Off
apc.max_file_size => 2M => 2M
apc.num_files_hint => 300 => 300
apc.preload_path => no value => no value
apc.report_autofilter => Off => Off
apc.rfc1867 => Off => Off
apc.rfc1867_freq => 0 => 0
apc.rfc1867_name => APC_UPLOAD_PROGRESS => APC_UPLOAD_PROGRESS
apc.rfc1867_prefix => upload_ => upload_
apc.rfc1867_ttl => 3600 => 3600
apc.serializer => default => default
apc.shm_segments => 1 => 1
apc.shm_size => 48M => 48M
apc.shm_strings_buffer => 2M => 2M
apc.slam_defense => Off => Off
apc.stat => Off => Off
apc.stat_ctime => Off => Off
apc.ttl => 0 => 0
apc.use_request_time => On => On
apc.user_entries_hint => 4096 => 4096
apc.user_ttl => 0 => 0
apc.write_lock => On => On


Test script:
---------------
<?php
// compile 20 or so large files
$files = array('1.php', '2.php', etc...);

foreach($files as $file) {
  echo "Compiling $file...";
  if(!apc_compile_file($file)) {
     die("Error.\n");
  }
}

apc_bin_dumpfile($files, array(), 'cache.bin');

?>

Expected result:
----------------
I expect to get a dumpfile containing the cache files I asked for.

Actual result:
--------------
Breakpoint 1, apc_bd_alloc_ex (ptr_new=0x0, size=30520) at 
/root/apc/apc_bin.c:147
147               apc_error("Exceeded bounds check in apc_bd_alloc_ex by %d 
bytes." TSRMLS_CC, (unsigned char *) APCG(apc_bd_alloc_ptr) - (unsigned char *) 
APCG(apc_bd_alloc_ubptr));
(gdb) bt
#0  apc_bd_alloc_ex (ptr_new=0x0, size=30520) at /root/apc/apc_bin.c:147
#1  0xb67fad06 in apc_unpool_alloc (pool=<optimized out>, size=<optimized out>) 
at /root/apc/apc_pool.c:90
#2  0xb67f63b8 in apc_copy_op_array (dst=0xb37d6ef0, dst@entry=0x1b, 
src=0xb3a2a088, ctxt=ctxt@entry=0xbeffbd64) at /root/apc/apc_compile.c:1224
#3  0xb67fc6e4 in apc_bin_dump (files=0xb69f24a8, user_vars=0xb69f2548) at 
/root/apc/apc_bin.c:790
b#4  0xb67f23d2 in zif_apc_bin_dumpfile (ht=<optimized out>, 
return_value=0xb69f0ac8, return_value_ptr=<optimized out>, this_ptr=<optimized 
out>, return_value_used=0) at /root/apc/php_apc.c:1434
#5  0x0023b4a0 in zend_do_fcall_common_helper_SPEC (execute_data=0xb69d6040) at 
/build/buildd/php5-5.4.9/Zend/zend_vm_execute.h:642
#6  0x00210e48 in execute (op_array=0x72e3e8) at /build/buildd/php5-
5.4.9/Zend/zend_vm_execute.h:410
#7  0x001d14c6 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at 
/build/buildd/php5-5.4.9/Zend/zend.c:1309
#8  0x001953fe in php_execute_script (primary_file=0xbeffe290) at 
/build/buildd/php5-5.4.9/main/main.c:2482
#9  0x0023ce32 in do_cli (argc=2, argv=0xbefff814) at /build/buildd/php5-
5.4.9/sapi/cli/php_cli.c:988
t#10 0x0002aecc in main (argc=2, argv=0xbefff814) at /build/buildd/php5-
5.4.9/sapi/cli/php_cli.c:1364

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-07-16 05:45 UTC] james dot d at hexhost dot net
Ran again with debug output, backtrace, and full backtrace.


http://paste.kill-9.me/view/raw/3a1af18b
 [2013-08-05 08:10 UTC] shawn at mrrtech dot com
When running either apc_bin_dump(array(),null,'path_to_file/file.data')  or 
apc_bin_dumpfile(array(),null) I get the following error:

PHP Fatal error:  apc_bin_dump(): Exceeded bounds check in apc_bd_alloc_ex by 
9615 bytes

Running Centos 6.4 with Apache 2.44 PHP 5.4.16 both custom compiled.

APC config:
extension=apc.so
apc.enabled = 1
apc.shm_size = 128M
apc.stat = 0
apc.cache_by_default = 1
apc.ttl = 86400
apc.user_ttl = 86400
 [2016-11-18 21:09 UTC] kalle@php.net
-Status: Open +Status: Wont fix
 [2016-11-18 21:09 UTC] kalle@php.net
APC is no longer supported in favor of opcache that comes bundled with PHP, if you wish to use the user cache, then look at PECL/APCu.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Fri Nov 27 11:01:24 2020 UTC