php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68611 Segmentation fault with deep linked list
Submitted: 2014-12-15 13:16 UTC Modified: 2016-05-06 14:55 UTC
Votes:2
Avg. Score:3.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: reen at alphacomm dot nl Assigned:
Status: Duplicate Package: Reproducible crash
PHP Version: 5.6.3 OS: Ubuntu
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: reen at alphacomm dot nl
New email:
PHP Version: OS:

 

 [2014-12-15 13:16 UTC] reen at alphacomm dot nl
Description:
------------
Tested against:

PHP 5.6.3 (cli) (built: Nov 20 2014 10:45:50) 
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2014 Zend Technologies
with Xdebug v2.2.6, Copyright (c) 2002-2014, by Derick Rethans

AND

PHP 5.5.9-1ubuntu4.5 (cli) (built: Oct 29 2014 11:59:10) 
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2014 Zend Technologies
    with Zend OPcache v7.0.3, Copyright (c) 1999-2014, by Zend Technologies
    with Xdebug v2.2.3, Copyright (c) 2002-2013, by Derick Rethans

Test script:
---------------
<?php
class A {
    public $next;
}

$first = $a = new A();
for ($i = 0; $i < 100000; $i++) {
    $a = $a->next = new A();
}

echo 'Complete'.PHP_EOL;

Expected result:
----------------
Complete

Actual result:
--------------
Complete
Segmentation fault: 11



Complete
Segmentation fault (core dumped)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-12-15 14:11 UTC] derick@php.net
Note: this also happens without opcache and without xdebug
 [2014-12-15 14:13 UTC] derick@php.net
It looks like a stack overflow to me on shutdown:

...
...
#83762 0x0000000000a49b53 in _zval_dtor_func (zvalue=0x7ffff7f9d3d8, __zend_filename=0xfd99b8 "/home/derick/dev/php/php-src.git/Zend/zend_execute.h", __zend_lineno=81)
    at /home/derick/dev/php/php-src.git/Zend/zend_variables.c:54
#83763 0x0000000000a362be in _zval_dtor (zvalue=0x7ffff7f9d3d8, __zend_filename=0xfd99b8 "/home/derick/dev/php/php-src.git/Zend/zend_execute.h", __zend_lineno=81)
    at /home/derick/dev/php/php-src.git/Zend/zend_variables.h:35
#83764 0x0000000000a36385 in i_zval_ptr_dtor (zval_ptr=0x7ffff7f9d3d8, __zend_filename=0xfdba20 "/home/derick/dev/php/php-src.git/Zend/zend_variables.c", __zend_lineno=183)
    at /home/derick/dev/php/php-src.git/Zend/zend_execute.h:81
#83765 0x0000000000a375c6 in _zval_ptr_dtor (zval_ptr=0x7ffff7fa05c8, __zend_filename=0xfdba20 "/home/derick/dev/php/php-src.git/Zend/zend_variables.c", __zend_lineno=183)
    at /home/derick/dev/php/php-src.git/Zend/zend_execute_API.c:426
#83766 0x0000000000a49f5c in _zval_ptr_dtor_wrapper (zval_ptr=0x7ffff7fa05c8) at /home/derick/dev/php/php-src.git/Zend/zend_variables.c:183
#83767 0x0000000000a5f63e in zend_hash_apply_deleter (ht=0x1565ee8 <executor_globals+360>, p=0x7ffff7fa05b0) at /home/derick/dev/php/php-src.git/Zend/zend_hash.c:650
#83768 0x0000000000a5fcaf in zend_hash_reverse_apply (ht=0x1565ee8 <executor_globals+360>, apply_func=0xa36c7e <zval_call_destructor>)
    at /home/derick/dev/php/php-src.git/Zend/zend_hash.c:804
#83769 0x0000000000a36d30 in shutdown_destructors () at /home/derick/dev/php/php-src.git/Zend/zend_execute_API.c:217
#83770 0x0000000000a4c08b in zend_call_destructors () at /home/derick/dev/php/php-src.git/Zend/zend.c:933
#83771 0x00000000009b9c35 in php_request_shutdown (dummy=0x0) at /home/derick/dev/php/php-src.git/main/main.c:1750
#83772 0x0000000000afc046 in do_cli (argc=3, argv=0x1585130) at /home/derick/dev/php/php-src.git/sapi/cli/php_cli.c:1177
#83773 0x0000000000afc73a in main (argc=3, argv=0x1585130) at /home/derick/dev/php/php-src.git/sapi/cli/php_cli.c:1378
 [2014-12-15 18:27 UTC] requinix@php.net
Duplicate of bug #68606.
 [2016-05-06 14:55 UTC] nikic@php.net
-Status: Open +Status: Duplicate
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Sep 15 23:01:26 2024 UTC