[PHP-BUG] Bug #63635 [NEW]: Segfault in gc

Wed, 28 Nov 2012 03:18:22 -0800 

From:             remi
Operating system: GNU/Linux (Fedora 18)
PHP version:      5.4.9
Package:          *General Issues
Bug Type:         Bug
Bug description:Segfault in gc

Description:
------------
When using huge object tree with circular reference,

With zend.enable_gc=0 : lot of memory consumed
With zend.enable_gc=1 : segfault

(gdb) bt
#0  0x00000000005e23d9 in gc_zval_possible_root (zv=0x19e5500) at
/usr/src/debug/php-5.4.9/Zend/zend_gc.c:143
#1  0x00000000005e40f7 in zend_object_std_dtor (object=0x7fffcf6f2020) at
/usr/src/debug/php-5.4.9/Zend/zend_objects.c:54
#2  0x00000000005e4129 in zend_objects_free_object_storage
(object=0x7fffcf6f2020) at
/usr/src/debug/php-5.4.9/Zend/zend_objects.c:137
#3  0x00000000005e9e53 in zend_objects_store_del_ref_by_handle_ex
(handle=3273, handlers=<optimized out>)
    at /usr/src/debug/php-5.4.9/Zend/zend_objects_API.c:220
#4  0x00000000005e220e in gc_collect_cycles () at
/usr/src/debug/php-5.4.9/Zend/zend_gc.c:832
#5  0x00000000005e2303 in gc_zobj_possible_root (zv=0x19e5500,
zv@entry=0x1967560) at /usr/src/debug/php-5.4.9/Zend/zend_gc.c:221
#6  0x00000000005e23ea in gc_zval_possible_root (zv=zv@entry=0x1967560) at
/usr/src/debug/php-5.4.9/Zend/zend_gc.c:143
#7  0x00000000005f2ffd in gc_zval_check_possible_root (z=0x1967560) at
/usr/src/debug/php-5.4.9/Zend/zend_gc.h:183
#8  i_zval_ptr_dtor (zval_ptr=0x1967560) at
/usr/src/debug/php-5.4.9/Zend/zend_execute.h:97
#9  zend_leave_helper_SPEC (execute_data=0x7ffff7f855f8) at
/usr/src/debug/php-5.4.9/Zend/zend_vm_execute.h:468
#10 0x0000000000624067 in execute (op_array=0x7ffff7fbfdf8) at
/usr/src/debug/php-5.4.9/Zend/zend_vm_execute.h:410
#11 0x00007ffff17e0fd2 in xdebug_execute () from
/usr/lib64/php/modules/xdebug.so
#12 0x000000000066a529 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7ffff7f85060) at
/usr/src/debug/php-5.4.9/Zend/zend_vm_execute.h:669
#13 0x0000000000624067 in execute (op_array=0x7ffff7fbdab0) at
/usr/src/debug/php-5.4.9/Zend/zend_vm_execute.h:410
#14 0x00007ffff17e0fd2 in xdebug_execute () from
/usr/lib64/php/modules/xdebug.so
#15 0x00000000005c4dec in zend_execute_scripts (type=type@entry=8,
retval=retval@entry=0x0, file_count=file_count@entry=3)
    at /usr/src/debug/php-5.4.9/Zend/zend.c:1309
#16 0x000000000056475d in php_execute_script
(primary_file=primary_file@entry=0x7fffffffcbb0) at
/usr/src/debug/php-5.4.9/main/main.c:2482
#17 0x000000000066ca66 in do_cli (argc=2, argv=0x7fffffffe048) at
/usr/src/debug/php-5.4.9/sapi/cli/php_cli.c:988
#18 0x0000000000425b0a in main (argc=2, argv=0x7fffffffe048) at
/usr/src/debug/php-5.4.9/sapi/cli/php_cli.c:1364


Test script:
---------------
<?php

class Node {
        public $parent = NULL;
        public $childs = array();
        
        function __construct(Node $parent=NULL) {
                if ($parent) {
                        $parent->childs[] = $this;
                }
                $this->childs[] = $this;
        }
        
        function __destruct() {
                $this->childs = NULL;
        }       
}

define("MAX", 16);

while (true) {
        printf("Memory: %6.2fMB ->", memory_get_usage()/1024/1024);
        $top = new Node();
        for ($i=0 ; $i<MAX ; $i++) {
                $ci = new Node($top);
                for ($j=0 ; $j<MAX ; $j++) {
                        $cj = new Node($ci);
                        for ($k=0 ; $k<MAX ; $k++) {
                                $ck = new Node($cj);
                        }
                }
        }
        printf(" %6.2fMB\n", memory_get_usage()/1024/1024);
}


Expected result:
----------------
No segfault.

Actual result:
--------------
$ php -d zend.enable_gc=1 repro.ph
...
Memory:   3.40MB ->   5.62MB
Memory:   5.62MB ->   3.40MB
Memory:   3.40MB ->   5.62MB
Memory:   5.62MB ->   7.83MB
Memory:   7.83MB ->
Program received signal SIGSEGV, Segmentation fault.


-- 
Edit bug report at https://bugs.php.net/bug.php?id=63635&edit=1
-- 
Try a snapshot (PHP 5.4):   
https://bugs.php.net/fix.php?id=63635&r=trysnapshot54
Try a snapshot (PHP 5.3):   
https://bugs.php.net/fix.php?id=63635&r=trysnapshot53
Try a snapshot (trunk):     
https://bugs.php.net/fix.php?id=63635&r=trysnapshottrunk
Fixed in SVN:               https://bugs.php.net/fix.php?id=63635&r=fixed
Fixed in release:           https://bugs.php.net/fix.php?id=63635&r=alreadyfixed
Need backtrace:             https://bugs.php.net/fix.php?id=63635&r=needtrace
Need Reproduce Script:      https://bugs.php.net/fix.php?id=63635&r=needscript
Try newer version:          https://bugs.php.net/fix.php?id=63635&r=oldversion
Not developer issue:        https://bugs.php.net/fix.php?id=63635&r=support
Expected behavior:          https://bugs.php.net/fix.php?id=63635&r=notwrong
Not enough info:            
https://bugs.php.net/fix.php?id=63635&r=notenoughinfo
Submitted twice:            
https://bugs.php.net/fix.php?id=63635&r=submittedtwice
register_globals:           https://bugs.php.net/fix.php?id=63635&r=globals
PHP 4 support discontinued: https://bugs.php.net/fix.php?id=63635&r=php4
Daylight Savings:           https://bugs.php.net/fix.php?id=63635&r=dst
IIS Stability:              https://bugs.php.net/fix.php?id=63635&r=isapi
Install GNU Sed:            https://bugs.php.net/fix.php?id=63635&r=gnused
Floating point limitations: https://bugs.php.net/fix.php?id=63635&r=float
No Zend Extensions:         https://bugs.php.net/fix.php?id=63635&r=nozend
MySQL Configuration Error:  https://bugs.php.net/fix.php?id=63635&r=mysqlcfg

Reply via email to