On Tue, Sep 16, 2014 at 9:43 AM, Anatol Belski <a...@php.net> wrote: > Hi Nikita, > > > Are you sure about this? I can set memory_limit to -1, which is then cast > > to size_t, resulting in a limit > ZEND_LONG_MAX. > > > > > > I tried the following in a 32bit VM with -dmemory_limit=-1 and got a > > segfault: > > > > > > > > <?php > > > > > > $str = str_repeat('x', PHP_INT_MAX); > > $str .= 'yyy'; > > > > > > $str[1] = 'a'; > > > > > > > > There is no crash if I cast offset to (size_t) instead. > > > > > I redone it by your suggestion. Still I've a crash on Windows x86. It's > however already in str_repeat() in allocation > > > php7ts_debug.dll!zend_string_safe_alloc(unsigned int n, unsigned > int m, > unsigned int l, int persistent) Line 117 C > php7ts_debug.dll!zif_str_repeat(unsigned int param_count, > _zval_struct * > return_value, void * * * tsrm_ls) Line 4738 C > php7ts_debug.dll!ZEND_DO_FCALL_SPEC_HANDLER(_zend_execute_data * > execute_data, void * * * tsrm_ls) Line 593 C > php7ts_debug.dll!execute_ex(_zend_execute_data * execute_data, > void * * > * tsrm_ls) Line 352 C > php7ts_debug.dll!zend_execute(_zend_op_array * op_array, > _zval_struct * > return_value, void * * * tsrm_ls) Line 381 C > php7ts_debug.dll!zend_execute_scripts(int type, void * * * tsrm_ls, > _zval_struct * retval, int file_count, ...) Line 1345 C > php7ts_debug.dll!php_execute_script(_zend_file_handle * > primary_file, > void * * * tsrm_ls) Line 2560 C > > If you say you had that fixed with reversing the cast, then I might see a > win only issue. Looking further. >
This is likely just an OOM allocation failure. The new MM didn't yet do OOM checks, but Dmitry committed a fix for that just now. Does it work for you now? ("Work" as in throw an error ^^) Nikita