ID: 16360
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
-Status: Open
+Status: Analyzed
-Bug Type: Reproducible crash
+Bug Type: Scripting Engine problem
Operating System: Linux, Windows
-PHP Version: 4.0CVS-2002-03-30
+PHP Version: 4.0CVS-2002-03-3
New Comment:
This should be refcount issue.
Change _zval_struct's refcount data type from unsingned short to
unsinged int, then PHP should be fine upto 4G.
Without patch refcount can be upto 64K and no error check
is done -> segfualts.
ZE2 is changed to use unsinged int already. IIRC.
Index: Zend/zend.h
===================================================================
RCS file: /repository/Zend/zend.h,v
retrieving revision 1.152
diff -u -r1.152 zend.h
--- Zend/zend.h 15 Mar 2002 04:33:05 -0000 1.152
+++ Zend/zend.h 31 Mar 2002 10:03:41 -0000
@@ -209,9 +209,9 @@
struct _zval_struct {
/* Variable information */
zvalue_value value; /* value */
+ zend_uint refcount;
zend_uchar type; /* active type */
zend_uchar is_ref;
- zend_ushort refcount;
};
Previous Comments:
------------------------------------------------------------------------
[2002-03-31 03:26:00] [EMAIL PROTECTED]
I did the same test on my machine (Linux 2.4.18, PHP 4.1.2
CGI-Version).
My php.ini looks like this:
memory_limit = 8M
log_errors = On
error_log = syslog
When I run the test routine nothing appears in my syslog and I get the
segfault.
------------------------------------------------------------------------
[2002-03-30 10:36:36] [EMAIL PROTECTED]
found two machines that are not affected by this bug:
http://phpzone.de/info/
http://angela.nettrade.de/info.php
------------------------------------------------------------------------
[2002-03-30 10:24:59] [EMAIL PROTECTED]
fixed the summary
------------------------------------------------------------------------
[2002-03-30 10:02:40] [EMAIL PROTECTED]
If the memory limit of a PHP-script gets exhausted, the PHP interpreter
does'nt shut down cleanly and print an error regarding this issue; it
segfaults. If the user enables following options in php.ini
([PHP]-section),
---
log_errors = On
error_log = syslog
---
PHP first shows an memory-limit error, after that Apache/PHP dies with
an segmentation fault. If "error_log" is set to "/some/file", PHP is
unable to log anything. The only logging facility that logs the
segmentation fault is syslog.
Demonstration:
<?php
$theline = "hello, i'm the line";
for ($i = 0; $i < 1000000; $i++) $testarr[$i] = $theline;
?>
Following script does'nt cause a segmentation fault:
<?php
for ($i = 0; $i < 1000000; $i++) $testarr[$i] = "hello, i'm the
line";
?>
So far we could test following Versions:
PHP Webserver OS console (sf/ml) apachemod
(sf/ml)
4.0.1 - Linux ? X/-
-/-
4.0.2 Apache 1.3.? Linux ? ?/?
?/?
4.0.6 Apache 1.3.19 Linux 2.2.19 X/X
X/X
4.0.6 Apache 1.3.22 Linux 2.4.18 X/X
X/X
4.1.2 Apache 1.3.22 Linux ? X/X
X/X
4.1.2 - Linux 2.4.17 X/X
-/-
4.1.2 Apache 1.2.24 Windows 2000 X/-
X/-
4.2.0rc1 Apache 1.3.24 Linux 2.4.18 -/X
X/X
* sf = Segmentation fault
* ml = Memory limit error
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=16360&edit=1
