ID: 28064 Updated by: [EMAIL PROTECTED] Reported By: gross at schlund dot de -Status: Assigned +Status: Closed Bug Type: Scripting Engine problem Operating System: Linux PHP Version: 4.3.6 Assigned To: andi New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2004-06-17 09:35:18] dl at CyberPunk dot ru Stable "Segmentation fault" or "Bus error" :-( in APACHE-Module with <?php $n = 1 * 1024; eval('$i=0;' . str_repeat('$i++;', $n) . 'echo $i;'); ?> but in CLI - script run normal OS: FreeBSD 5 PHP: 4.3.6, 4.3.7, 5.0.0RC3 (Example http://www.flexor.ru/1.php) Program received signal SIGSEGV, Segmentation fault. 0x2864184c in zend_fetch_var_address (opline=0x839fdcc, Ts=0xbfacb3b8, type=1, tsrm_ls=0x8204950) at /usr/1/HiEnd/php-5.0.0RC3/Zend/zend_execute.c:797 797 T(opline->result.u.var).var.ptr_ptr = retval; (gdb) bt #0 0x2864184c in zend_fetch_var_address (opline=0x839fdcc, Ts=0xbfacb3b8, type=1, tsrm_ls=0x8204950) at /usr/1/HiEnd/php-5.0.0RC3/Zend/zend_execute.c:797 #1 0x28644e51 in zend_fetch_w_handler (execute_data=0xbfad3538, opline=0x839fdcc, op_array=0x8375a9c, tsrm_ls=0x8204950) at /usr/1/HiEnd/php-5.0.0RC3/Zend/zend_execute.c:2002 #2 0x286430d9 in execute (op_array=0x8375a9c, tsrm_ls=0x8204950) at /usr/1/HiEnd/php-5.0.0RC3/Zend/zend_execute.c:1389 #3 0x28649ba3 in zend_include_or_eval_handler (execute_data=0xbfad4db8, opline=0x8374af0, op_array=0x8335104, tsrm_ls=0x8204950) at /usr/1/HiEnd/php-5.0.0RC3/Zend/zend_execute.c:3552 #4 0x286430d9 in execute (op_array=0x8335104, tsrm_ls=0x8204950) at /usr/1/HiEnd/php-5.0.0RC3/Zend/zend_execute.c:1389 #5 0x28649ba3 in zend_include_or_eval_handler (execute_data=0xbfada408, opline=0x83519a4, op_array=0x82a2dfc, tsrm_ls=0x8204950) at /usr/1/HiEnd/php-5.0.0RC3/Zend/zend_execute.c:3552 #6 0x286430d9 in execute (op_array=0x82a2dfc, tsrm_ls=0x8204950) at /usr/1/HiEnd/php-5.0.0RC3/Zend/zend_execute.c:1389 #7 0x28649ba3 in zend_include_or_eval_handler (execute_data=0xbfadb798, opline=0x82a9ad8, op_array=0x82a1124, tsrm_ls=0x8204950) at /usr/1/HiEnd/php-5.0.0RC3/Zend/zend_execute.c:3552 #8 0x286430d9 in execute (op_array=0x82a1124, tsrm_ls=0x8204950) at /usr/1/HiEnd/php-5.0.0RC3/Zend/zend_execute.c:1389 #9 0x2861fccd in zend_execute_scripts (type=8, tsrm_ls=0x8204950, retval=0x0, file_count=3) at /usr/1/HiEnd/php-5.0.0RC3/Zend/zend.c:1061 #10 0x285d3018 in php_execute_script (primary_file=0xbfadcdd8, tsrm_ls=0x8204950) at /usr/1/HiEnd/php-5.0.0RC3/main/main.c:1627 #11 0x2865133a in php_handler (r=0x828d050) at /usr/1/HiEnd/php-5.0.0RC3/sapi/apache2handler/sapi_apache2.c:556 #12 0x0806ae06 in ap_invoke_handler () #13 0x0806645b in ap_process_request () #14 0x08060ecf in ap_process_http_connection () #15 0x08076055 in ap_process_connection () #16 0x0806a4da in worker_thread () #17 0x283e0506 in apr_thread_pool_get () from /usr/local/apache2/lib/libapr-0.so.9 #18 0x2842250d in pthread_create () from /usr/lib/libpthread.so.1 #19 0x284cf5ab in _ctx_start () from /lib/libc.so.5 ------------------------------------------------------------------------ [2004-06-15 07:55:57] weaseal at hotmail dot com I've experienced this bug on 4.3.7 and the beta2 of 5.0 on FreeBSD 4.10-STABLE. Core file: www.relnor.com/php.core.tar.gz ------------------------------------------------------------------------ [2004-06-14 15:55:13] valyala at tut dot by Here is a much smaller script, which consumes 99% of CPU and all avaible on my PHP 4.3.7 under Apache 1.3.31, Win2k, 512Mb RAM, 1Gb swap. <?php $n = 16 * 1024 * 1024; eval('$i=0;' . str_repeat('$i++;', $n) . 'echo $i;'); ?> ------------------------------------------------------------------------ [2004-05-13 18:48:45] phpbugs at hagemeister dot cc Tested the script on several different machines, they all crash when i use the test-script. - Debian woody + php 4.12 (From package) - Debian woody + php 4.36 (Compiled) - Debian woody + php 4.37-dev (Compiled from php4-STABLE-200405131230.tar.gz) - SuSE 8.0 + php 4.23 (SuSE RPM) - SuSE 8.0 + php 4.36 (Compiled) ------------------------------------------------------------------------ [2004-04-27 14:00:34] martin dot hoffmann at schlund dot de The problem is with the do_alloca() in zend_execute.c:1041. The test script causes it to allocate 14 MByte of stack thereby kicking the stack into unchartered territory and making subsequent function calls fail. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/28064 -- Edit this bug report at http://bugs.php.net/?id=28064&edit=1