|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75636 Stack overflow during garbage collection
Submitted: 2017-12-06 05:49 UTC Modified: 2018-03-10 17:21 UTC
Avg. Score:3.8 ± 0.8
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:0 (0.0%)
From: benoit dot david at free dot fr Assigned:
Status: Open Package: Reproducible crash
PHP Version: 7.2.0 OS: Docker Version 17.09.0
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2017-12-06 05:49 UTC] benoit dot david at free dot fr
The test script below works fine for 10 iterations but crashes (Segmentation fault) for 400000 iterations while it shouldn't crash.

Uses Php 7.2 on docker (Version 17.09.0-ce-mac35 (19611))
with no extension.

Test script:
class Lim {
  public $id;
  public $inv;
  public $fi;
  function __construct($id) { $this->id = $id; $this->inv = new Inv($this); }

class Inv {
  public $inv;
  public $fi;
  function __construct($inv) { $this->inv = $inv; }

$max = 400000;
//$max = 10;

$lim0 = new Lim(0);
$limp = $lim0;
for ($i=1; $i<$max; $i++) {
  $lim = new Lim($i);
  $lim->fi = $limp->inv;
  $limp->inv->fi = $lim;
  $limp = $lim;

Expected result:
The above script should not crash for 400000 iterations.

Actual result:
The above script crashes for 400000 iterations.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2017-12-08 18:47 UTC]
-Status: Open +Status: Feedback
 [2017-12-08 18:47 UTC]
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read for *NIX and for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

 [2017-12-10 09:04 UTC] benoit dot david at free dot fr
-Status: Feedback +Status: Open
 [2017-12-10 09:04 UTC] benoit dot david at free dot fr
Here is the backtrace from gdb:
#0  0x0000563b94600d95 in gc_mark_grey (
    ref=<error reading variable: Cannot access memory at address 0x7ffd2031bfe8>)
    at /usr/local/src/php-7.2.0/Zend/zend_gc.c:477
#1  0x0000563b94600efc in gc_mark_grey (ref=0x7f1bed1b2460)
    at /usr/local/src/php-7.2.0/Zend/zend_gc.c:511
 [2017-12-16 21:10 UTC]
Stack overflow in GC -- we should have a duplicate for this somewhere. The closest I could find is bug #68606, which is not quite the same.
 [2018-03-10 17:21 UTC]
-Summary: php crashes with too many objects +Summary: Stack overflow during garbage collection
 [2022-11-28 06:26 UTC] barrykaauamo125 at gmail dot com
This article is truly astounding. Appreciative for sharing such mind blowing information. (
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed May 22 19:01:31 2024 UTC