php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73370 falsely exits with "Out of Memory" when using USE_ZEND_ALLOC=0
Submitted: 2016-10-21 18:29 UTC Modified: 2017-01-06 16:00 UTC
From: jim dot hofer at gmail dot com Assigned: laruence
Status: Closed Package: MySQLi related
PHP Version: 7.0.12 OS: Irrelevant
Private report: No CVE-ID:
 [2016-10-21 18:29 UTC] jim dot hofer at gmail dot com
Description:
------------
I'm using USE_ZEND_ALLOC=0 for some cli scripts due this bug https://bugs.php.net/bug.php?id=72736

When using USE_ZEND_ALLOC=0 and querying mysql with buffered queries on and the select query returns an empty result set the script exits with the message "Out of Memory"

Setting the query to use unbuffered results in expected behavior.

Also, not setting USE_ZEND_ALLOC=0 and querying unbuffered returns results in expected behavior

This bug does not affect 7.0.11

Test script:
---------------
<?php

$mysqli = new mysqli("localhost", "root");
$result = $mysqli->query("SELECT * FROM mysql.user WHERE User = 'test'", MYSQLI_USE_RESULT)->fetch_all();
var_dump($result);

$result = $mysqli->query("SELECT * FROM mysql.user WHERE User = 'test'")->fetch_all();
var_dump($result);

Expected result:
----------------
array(0) {
}
array(0) {
}

Actual result:
--------------
array(0) {
}
Out of memory

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-10-21 20:47 UTC] yohgaki@php.net
-Status: Open +Status: Verified -Operating System: CentOS 6 +Operating System: Irrelevant -PHP Version: 7.0.12 +PHP Version: Irrelevant
 [2016-10-22 07:07 UTC] laruence@php.net
-Status: Verified +Status: Feedback -Assigned To: +Assigned To: laruence
 [2016-10-22 07:07 UTC] laruence@php.net
please try follow patch:

diff --git a/Zend/zend_alloc.c b/Zend/zend_alloc.c
index 40eb100..5c9f124 100644
--- a/Zend/zend_alloc.c
+++ b/Zend/zend_alloc.c
@@ -2850,7 +2850,9 @@ static ZEND_COLD ZEND_NORETURN void zend_out_of_memory(void)

 ZEND_API void * __zend_malloc(size_t len)
 {
-   void *tmp = malloc(len);
+ void *tmp;
+ len = MAX(len, 1);
+ tmp = malloc(len);
        if (EXPECTED(tmp)) {
                return tmp;
        }

thanks
 [2016-10-25 16:02 UTC] jim dot hofer at gmail dot com
I've tried to apply the patch but it's being rejected.

I'm using php-7.0.12-2.remi.src.rpm to apply the patch and build the rpm
 [2016-10-25 19:42 UTC] yohgaki@php.net
You should use plain source as we aren't responsible for packaging bug.
 [2016-10-25 19:51 UTC] jim dot hofer at gmail dot com
The source in the srpm i'm applying it to is

md5sum php-7.0.12.tar.xz
bdcc4dbdac90c2a39422786653059f70  php-7.0.12.tar.xz

which is the same checksum as the source on the downloads page.

what version is this patch supposed to be applied to?
 [2016-11-02 02:49 UTC] jim dot hofer at gmail dot com
-Status: Feedback +Status: Assigned
 [2016-11-02 02:49 UTC] jim dot hofer at gmail dot com
I've applied the patch manually and it does not appear to fix the issue.

I'm not sure why the PHP Version was marked irrelevant either since this did not affect 7.0.11?
 [2016-11-02 08:06 UTC] nikic@php.net
Probably same code needed for __zend_realloc.

Instead of increasing the size to 1 we could instead only trigger the OOM condition if both !tmp and !len. Not sure which is better.
 [2016-11-02 09:31 UTC] laruence@php.net
#72736 is fixed now,  and USE_ZEND_ALLOC=0 is only for developing purpose, so,, I think maybe we could mark this as wont' fix.
 [2017-01-06 16:00 UTC] cmb@php.net
-PHP Version: Irrelevant +PHP Version: 7.0.12
 [2017-01-06 16:00 UTC] cmb@php.net
> I'm not sure why the PHP Version was marked irrelevant either
> since this did not affect 7.0.11?

The malfunction is apparently caused by commit 5880428d[1]; before
that commit malloc() was called directly. So indeed, this affects
PHP 7.0.12 and later.

> Instead of increasing the size to 1 we could instead only
> trigger the OOM condition if both !tmp and !len. Not sure which
> is better.

I think it would be best if __zend_malloc(0) would never be called
in the first place. If it still was malloc(), the result would be
implementation-defined. To ease debugging it might be reasonable
to catch `len==0` and throw a warning (`#if ZEND_DEBUG` only).

[1] <https://github.com/php/php-src/commit/5880428d>
 [2017-03-09 19:49 UTC] nikic@php.net
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=177f87cf052179d22bab008aa13c69d4b0cdc0ef
Log: Fixed bug #73370
 [2017-03-09 19:49 UTC] nikic@php.net
-Status: Assigned +Status: Closed
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC