Edit report at http://bugs.php.net/bug.php?id=50481&edit=1
ID: 50481 Updated by: fel...@php.net Reported by: simon dot nuttall at gmail dot com Summary: Storing many SPLFixedArray in an array crashes -Status: Feedback +Status: Closed Type: Bug Package: SPL related Operating System: Debian Linux www 2.6.26.2 PHP Version: 5.3.1 -Assigned To: +Assigned To: felipe Block user comment: N New Comment: This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2010-08-09 01:56:31] fel...@php.net Automatic comment from SVN on behalf of felipe Revision: http://svn.php.net/viewvc/?view=revision&revision=302011 Log: - Fixed bug #50481 (Storing many SPLFixedArray in an array crashes) ------------------------------------------------------------------------ [2010-06-11 00:32:41] jan-phpbug at kantert dot net I can verify this on php 5.3.2 (Stock Ubuntu 10.04) and in php 5.3 latest (10.06.2010) on amd64. 2.6.32-22-server. ------------------------------------------------------------------------ [2010-04-25 06:32:53] col...@php.net Please try using this snapshot: http://snaps.php.net/php5.3-latest.tar.gz For Windows: http://windows.php.net/snapshots/ ------------------------------------------------------------------------ [2009-12-15 14:58:45] fel...@php.net Program received signal SIGSEGV, Segmentation fault. 0x08543bad in gc_remove_from_buffer (zv=0x892722e, tsrm_ls=0x8925078) at /home/felipe/dev/php5/Zend/zend_gc.h:189 189 root->next->prev = root->prev; (gdb) bt #0 0x08543bad in gc_remove_from_buffer (zv=0x892722e, tsrm_ls=0x8925078) at /home/felipe/dev/php5/Zend/zend_gc.h:189 #1 gc_remove_zval_from_buffer (zv=0x892722e, tsrm_ls=0x8925078) at /home/felipe/dev/php5/Zend/zend_gc.c:265 #2 0x0850c5f4 in _zval_ptr_dtor (zval_ptr=0x8ac8d2c, __zend_filename=0x88f20d4 "/home/felipe/dev/php5/Zend/zend_variables.c", __zend_lineno=175) at /home/felipe/dev/php5/Zend/zend_execute_API.c:434 #3 0x0851bfbb in _zval_ptr_dtor_wrapper (zval_ptr=0x8ac8d2c) at /home/felipe/dev/php5/Zend/zend_variables.c:175 #4 0x0852da55 in _zend_hash_index_update_or_next_insert (ht=0x8ac9d08, h=0, pData=0x892723c, nDataSize=4, pDest=0x0, flag=1, __zend_filename=0x889aa4c "/home/felipe/dev/php5/ext/spl/spl_fixedarray.c", __zend_lineno=161) at /home/felipe/dev/php5/Zend/zend_hash.c:374 #5 0x083487b9 in spl_fixedarray_object_get_properties (obj=0x8ac9b90, tsrm_ls=0x8925078) at /home/felipe/dev/php5/ext/spl/spl_fixedarray.c:161 #6 0x08543d21 in zval_scan_black (pz=0x8ac9b90, tsrm_ls=0x8925078) at /home/felipe/dev/php5/Zend/zend_gc.c:285 #7 0x08543de4 in zval_scan_black (pz=0x8ac9b90, tsrm_ls=0x8925078) at /home/felipe/dev/php5/Zend/zend_gc.c:302 #8 0x08544453 in zval_scan (pz=0x8ac85ac, tsrm_ls=0x8925078) at /home/felipe/dev/php5/Zend/zend_gc.c:435 #9 0x085447c8 in gc_scan_roots (tsrm_ls=0x8925078) at /home/felipe/dev/php5/Zend/zend_gc.c:511 #10 0x08544d87 in gc_collect_cycles (tsrm_ls=0x8925078) at /home/felipe/dev/php5/Zend/zend_gc.c:629 #11 0x085436d3 in gc_zval_possible_root (zv=0x8ac5618, tsrm_ls=0x8925078) at /home/felipe/dev/php5/Zend/zend_gc.c:166 #12 0x0850c6ad in gc_zval_check_possible_root (zval_ptr=0x892adb0, __zend_filename=0x88dd638 "/home/felipe/dev/php5/main/main.c", __zend_lineno=1590) at /home/felipe/dev/php5/Zend/zend_gc.h:183 #13 _zval_ptr_dtor (zval_ptr=0x892adb0, __zend_filename=0x88dd638 "/home/felipe/dev/php5/main/main.c", __zend_lineno=1590) at /home/felipe/dev/php5/Zend/zend_execute_API.c:445 #14 0x08498f88 in php_request_shutdown (dummy=0x0) at /home/felipe/dev/php5/main/main.c:1590 #15 0x085fecc5 in main (argc=2, argv=0xbffff6a4) at /home/felipe/dev/php5/sapi/cli/php_cli.c:1373 ------------------------------------------------------------------------ [2009-12-15 14:23:23] simon dot nuttall at gmail dot com Description: ------------ The script generates a segmentation fault when $count > 9992. I have tried it on three machines, and on one the problem only occurs when $count > 9995. Reproduce code: --------------- $count = 9993; $cache = array(); for($i = 0; $i < $count ; $i++) { $cache[$i] = new SplFixedArray(1); } echo 'Cache count: ' . count($cache); Expected result: ---------------- Cache count: 9993 Actual result: -------------- [Tue Dec 15 13:42:57 2009] [notice] child pid 10685 exit signal Segmentation fault (11) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=50481&edit=1