PHP 5.3.3-1ubuntu9.3 with Suhosin-Patch crashes (segfault) when using big SplFixedArray
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
php5 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Natty |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: php5
Test script:
--------------
test.php:
<?php
$data = new SplFixedArray(
for ($i = 0; $i < 100000; ++$i)
{
fprintf(STDERR, "$i\n");
$data-
}
?>
Running:
-----------
php test.php
Expected result:
-------
Either an error message due to memory limit or the script is executed successfully.
Actual result:
-----------------
When the array (used inside the for loop) is empty, an error message is displayed stating: zend_mm_heap corrupted.
When the array contains at least two elements, PHP crashes.
Backtrace:
--------------
Program received signal SIGSEGV, Segmentation fault.
gc_remove_
5.3.3/Zend/
189 /build/
in /build/
(gdb) bt
#0 gc_remove_
5.3.3/Zend/
#1 0x000000000068c575 in _zval_ptr_dtor (zval_ptr=
/build/
#2 0x00000000006a6547 in _zend_hash_
h=682, pData=0x7fff000
pDest=0x0, flag=0) at /build/
#3 0x00000000005b51a2 in spl_fixedarray_
at /build/
#4 0x00000000006b6a1b in gc_collect_cycles () at /build/buildd/php5-
5.3.3/Zend/
#5 0x00000000006b70e4 in gc_zval_
/build/
#6 0x00000000006e95a1 in zend_do_
(execute_
at /build/
#7 0x00000000006c0e90 in execute (op_array=
5.3.3/Zend/
#8 0x000000000069885d in zend_execute_
retval=
at /build/
#9 0x00000000006441a8 in php_execute_script (primary_
/build/
#10 0x0000000000729f26 in main (argc=-7384, argv=0x0) at /build/buildd/php5-
5.3.3/sapi/
PHP version
-----------------
php --version output:
PHP 5.3.3-1ubuntu9.3 with Suhosin-Patch (cli) (built: Jan 12 2011 16:07:38)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
apt-cache policy php5 output:
php5:
Installed: (none)
Candidate: 5.3.3-1ubuntu9.3
Version table:
5.
500 http://
500 http://
5.3.3-1ubuntu9 0
500 http://
lsb_release -rd output:
Description: Ubuntu 10.10
Release: 10.10
file /usr/bin/php5 output
/usr/bin/php5: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.15, stripped
Reproduction with vanilla PHP:
-------
Downloaded PHP snapshot from snaps.php.net (php5.3-
~/tmp/memory/
PHP 5.3.6RC2-dev (cli) (built: Feb 26 2011 18:09:10)
Copyright (c) 1997-2011 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies
no longer affects: | php5 (Ubuntu Maverick) |
http:// git.debian. org/?p= pkg-php/ php.git; a=blob; f=debian/ patches/ fix-segfault- when-extending- SplFixedArray. patch;h= a714bd57b18a2d7 cfb576709416368 64d62496e4; hb=3eda85714010 9380f6d855ab0ff 465b25288c077