From: pvandijk at gmail dot com
Operating system: Linux 2.4.22-1.2115.nptl
PHP version: 4.3.11
PHP Bug Type: Reproducible crash
Bug description: large array keys causes memory corruption and segfaults
Description:
------------
Hashes with a large number of keys and large key data size seem to cause
memory corruption, which in turn causes php to either segfault or hang
upon exiting (depending on the context of the code).
I've heard mention that arrays are not unlimited in size. This issue seems
to occur at about 65535 elements in my tests, but also depends on the size
of the keys. Presumably this is because i'm indexing my arrays with
Strings, and therefore it's running out of memory faster.
If the memory limit of a hash is reached, should it not be handled more
gracefully than corrupting memory, which results in a segfault?
The code example i've provided seems to reproduce a crash under both linux
and windows, php 4.3.11
Reproduce code:
---------------
<?php
$data = 'hello, i like cheese';
$ar = array();
for($i = 1000000; $i < 3000000 ; $i++) {
$key = 'abc'.$i;
$ar[$key] = $data;
}
function check($ar) {
global $data;
foreach($ar as $k => $value) {
if($data != $value) {
print 'invalid value: '. $k .' => '. $value ."\r\n";
}
}
}
check($ar);
print 'done.'."\r\n";
?>
Expected result:
----------------
done.
Actual result:
--------------
"done.
Segmentation fault"
sorry i cant provide a backtrace or any further info, i dont have access
to these tools on my current dev server.
--
Edit bug report at http://bugs.php.net/?id=32738&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=32738&r=trysnapshot4
Try a CVS snapshot (php5.0):
http://bugs.php.net/fix.php?id=32738&r=trysnapshot50
Try a CVS snapshot (php5.1):
http://bugs.php.net/fix.php?id=32738&r=trysnapshot51
Fixed in CVS: http://bugs.php.net/fix.php?id=32738&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=32738&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=32738&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=32738&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=32738&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=32738&r=support
Expected behavior: http://bugs.php.net/fix.php?id=32738&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=32738&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=32738&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=32738&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=32738&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=32738&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=32738&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=32738&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=32738&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=32738&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=32738&r=mysqlcfg
