#28993 [NEW]: This script causes crash

osvetlik at kerio dot com Fri, 02 Jul 2004 05:23:48 -0700

From:             osvetlik at kerio dot com
Operating system: Linux/Windows
PHP version:      4.3.7
PHP Bug Type:     Reproducible crash
Bug description:  This script causes crash


Description:
------------
The script as shown below crashes PHP, when memory_limit is high enough.

Reproduce code:
---------------
(pts/103)[EMAIL PROTECTED]:~> php
<?php
  
$x = array("nazdar");
  
while (true) {
        $x = array_merge($x, $x);
}
  
?>
Segmentation fault (core dumped)


Expected result:
----------------
No crash, endless loop. Script stopped by memory_limit.

Actual result:
--------------
(pts/103)[EMAIL PROTECTED]:~> gdb /usr/bin/php core.28409
GNU gdb Red Hat Linux (6.0post-0.20040223.19rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "i386-redhat-linux-gnu"...(no debugging symbols
found)...Using host libthread_db library "/lib/tls/libthread_db.so.1".
 
Core was generated by `php'.
Program terminated with signal 11, Segmentation fault.
 
warning: svr4_current_sos: Can't read pathname for load map: Chyba
vstupu/výstupu
 
Error while mapping shared library sections:
: Úspěch.
Error while reading shared library symbols:
: není souborem ani adresářem.
Reading symbols from /lib/libcrypt.so.1...(no debugging symbols
found)...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/libnsl.so.1...(no debugging symbols
found)...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /usr/lib/libexpat.so.0...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/libexpat.so.0
Reading symbols from /usr/lib/libpspell.so.15...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/libpspell.so.15
Reading symbols from /lib/libpcre.so.0...(no debugging symbols
found)...done.
Loaded symbols for /lib/libpcre.so.0
Reading symbols from /usr/lib/libpanel.so.5...done.
Loaded symbols for /usr/lib/libpanel.so.5
Reading symbols from /usr/lib/libncurses.so.5...done.
Loaded symbols for /usr/lib/libncurses.so.5
Reading symbols from /usr/lib/sse2/libgmp.so.3...done.
Loaded symbols for /usr/lib/sse2/libgmp.so.3
Reading symbols from /usr/lib/libfreetype.so.6...done.
Loaded symbols for /usr/lib/libfreetype.so.6
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /usr/lib/libpng12.so.0...done.
Loaded symbols for /usr/lib/libpng12.so.0
Reading symbols from /usr/lib/libjpeg.so.62...done.
Loaded symbols for /usr/lib/libjpeg.so.62
Reading symbols from /lib/tls/libdb-4.2.so...done.
Loaded symbols for /lib/tls/libdb-4.2.so
Reading symbols from /lib/tls/libpthread.so.0...done.
Loaded symbols for /lib/tls/libpthread.so.0
Reading symbols from /usr/lib/libcurl.so.2...done.
Loaded symbols for /usr/lib/libcurl.so.2
Reading symbols from /usr/lib/libbz2.so.1...done.
Loaded symbols for /usr/lib/libbz2.so.1
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/tls/libm.so.6...done.
Loaded symbols for /lib/tls/libm.so.6
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libssl.so.4...done.
Loaded symbols for /lib/libssl.so.4
Reading symbols from /lib/libcrypto.so.4...done.
Loaded symbols for /lib/libcrypto.so.4
Reading symbols from /usr/lib/libgssapi_krb5.so.2...done.
Loaded symbols for /usr/lib/libgssapi_krb5.so.2
Reading symbols from /usr/lib/libkrb5.so.3...done.
Loaded symbols for /usr/lib/libkrb5.so.3
Reading symbols from /lib/libcom_err.so.2...done.
Loaded symbols for /lib/libcom_err.so.2
Reading symbols from /usr/lib/libk5crypto.so.3...done.
Loaded symbols for /usr/lib/libk5crypto.so.3
Reading symbols from /lib/tls/libc.so.6...done.
Loaded symbols for /lib/tls/libc.so.6
Reading symbols from /usr/lib/libaspell.so.15...done.
Loaded symbols for /usr/lib/libaspell.so.15
Reading symbols from /usr/lib/libstdc++.so.5...done.
Loaded symbols for /usr/lib/libstdc++.so.5
Reading symbols from /lib/libgcc_s.so.1...done.
Loaded symbols for /lib/libgcc_s.so.1
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /usr/lib/php4/ldap.so...done.
Loaded symbols for /usr/lib/php4/ldap.so
Reading symbols from /usr/lib/libldap.so.2...done.
Loaded symbols for /usr/lib/libldap.so.2
Reading symbols from /usr/lib/liblber.so.2...done.
Loaded symbols for /usr/lib/liblber.so.2
Reading symbols from /usr/lib/libsasl2.so.2...done.
Loaded symbols for /usr/lib/libsasl2.so.2
Reading symbols from /usr/lib/php4/mysql.so...done.
Loaded symbols for /usr/lib/php4/mysql.so
Reading symbols from /usr/lib/mysql/libmysqlclient.so.10...done.
Loaded symbols for /usr/lib/mysql/libmysqlclient.so.10
Reading symbols from /usr/lib/php4/odbc.so...done.
Loaded symbols for /usr/lib/php4/odbc.so
Reading symbols from /usr/lib/libodbc.so.1...done.
Loaded symbols for /usr/lib/libodbc.so.1
Reading symbols from /usr/lib/libodbcpsql.so.2...done.
Loaded symbols for /usr/lib/libodbcpsql.so.2
Reading symbols from /usr/lib/libltdl.so.3...done.
Loaded symbols for /usr/lib/libltdl.so.3
Reading symbols from /usr/lib/php4/pgsql.so...done.
Loaded symbols for /usr/lib/php4/pgsql.so
Reading symbols from /usr/lib/libpq.so.3...done.
Loaded symbols for /usr/lib/libpq.so.3
#0  0x009d120c in _int_free () from /lib/tls/libc.so.6
(gdb) bt
#0  0x009d120c in _int_free () from /lib/tls/libc.so.6
#1  0x009d273b in free () from /lib/tls/libc.so.6
#2  0x08185112 in _efree ()
#3  0x08196df8 in zend_hash_destroy ()
#4  0x08191723 in _zval_dtor ()
#5  0x0818b3b8 in _zval_ptr_dtor ()
#6  0x08196e18 in zend_hash_destroy ()
#7  0x08191723 in _zval_dtor ()
#8  0x0818b3b8 in _zval_ptr_dtor ()
#9  0x08196e18 in zend_hash_destroy ()
#10 0x08191723 in _zval_dtor ()
#11 0x0818b3b8 in _zval_ptr_dtor ()
#12 0x08196e18 in zend_hash_destroy ()
#13 0x08191723 in _zval_dtor ()
#14 0x0818b3b8 in _zval_ptr_dtor ()
#15 0x0819f70d in execute ()
#16 0x08192c19 in zend_execute_scripts ()
#17 0x0816aeed in php_execute_script ()
#18 0x081a479f in main ()
(gdb)


-- 
Edit bug report at http://bugs.php.net/?id=28993&edit=1
-- 
Try a CVS snapshot (php4):  http://bugs.php.net/fix.php?id=28993&r=trysnapshot4
Try a CVS snapshot (php5):  http://bugs.php.net/fix.php?id=28993&r=trysnapshot5
Fixed in CVS:               http://bugs.php.net/fix.php?id=28993&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=28993&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=28993&r=needtrace
Need Reproduce Script:      http://bugs.php.net/fix.php?id=28993&r=needscript
Try newer version:          http://bugs.php.net/fix.php?id=28993&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=28993&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=28993&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=28993&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=28993&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=28993&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=28993&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=28993&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=28993&r=isapi
Install GNU Sed:            http://bugs.php.net/fix.php?id=28993&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=28993&r=float

#28993 [NEW]: This script causes crash

Reply via email to