#26551 [Opn->Fbk]: PHP script goes into infinite loop, providing overflow in backtrace

iliaa Sun, 07 Dec 2003 20:44:18 -0800

 ID:               26551
 Updated by:       [EMAIL PROTECTED]
 Reported By:      phyre at rogers dot com
-Status:           Open
+Status:           Feedback
 Bug Type:         Unknown/Other Function
 Operating System: Linux
 PHP Version:      4.3.4
 New Comment:


Could you please provide the shortest possible PHP code that can be
used to duplicate the problem.


Previous Comments:
------------------------------------------------------------------------

[2003-12-07 18:14:18] phyre at rogers dot com

This is with 4.3.2.  Seems it doesn't work there either.  Find the
error messages a bit alarming however.

(gdb) bt
#0  0x08141b20 in _zval_dtor (zvalue=0x8225ae4) at
/usr/src/php-4.3.2/Zend/zend_variables.c:37
#1  0x0813b8fb in _zval_ptr_dtor (zval_ptr=0x8225ae4) at
/usr/src/php-4.3.2/Zend/zend_execute_API.c:291
#2  0x081467ec in zend_hash_add_or_update (ht=0x81c9c4c,
arKey=0x816ea2b "php_errormsg", nKeyLength=13, pData=0xbffe2580, 
    nDataSize=4, pDest=0x0, flag=1) at
/usr/src/php-4.3.2/Zend/zend_hash.c:249
#3  0x0811baab in php_error_cb (type=136467492, 
    error_filename=0x821a084
"/adm/vhosts/www/code/process_statistics/process_stats.php",
error_lineno=23, 
    format=0x3 <Address 0x3 out of bounds>, args=0x3 <Address 0x3 out
of bounds>) at /usr/src/php-4.3.2/main/main.c:726
(gdb) quit


0  0x0811e302 in xbuf_init (xbuf=0xbffe2510, max_len=1024) at
/usr/src/php-4.3.2/main/spprintf.c:160
#1  0x0811ecb1 in vspprintf (pbuf=0xbffe2578, max_len=1024,
format=0x400 <Address 0x400 out of bounds>, 
    ap=0x400 <Address 0x400 out of bounds>) at
/usr/src/php-4.3.2/main/spprintf.c:614
#2  0x0811b7d1 in php_error_cb (type=-1073863408, 
    error_filename=0x821a084
"/adm/vhosts/www/code/process_statistics/process_stats.php",
error_lineno=24, 
    format=0x400 <Address 0x400 out of bounds>, args=0x400 <Address
0x400 out of bounds>) at /usr/src/php-4.3.2/main/main.c:604
(gdb) quit

------------------------------------------------------------------------

[2003-12-07 17:41:50] phyre at rogers dot com

Description:
------------
PHP script which worked perfectly with 4.3.2 configured identically now
goes into infinite loop at 99.9% CPU.  There is no strace activity.

GDB Backtrace claims overflow error as follows.

Actual result:
--------------
(gdb) bt
#0  xbuf_resize (xbuf=0xbffe2850, add=1) at
/usr/src/WWW-2003.12.01/php-4.3.4/main/spprintf.c:127
#1  0x0813c9e8 in xbuf_format_converter (xbuf=0xbffe2850, fmt=0x1
<Address 0x1 out of bounds>, 
    ap=0xbffe317c "�?\035\b|�.\b\016\020\035\b") at
/usr/src/WWW-2003.12.01/php-4.3.4/main/spprintf.c:272
#2  0x0813d3b6 in vspprintf (pbuf=0x1, max_len=3221104720,
format=0xbffe2850 "[EMAIL PROTECTED]", ap=0xbffe2850 "[EMAIL PROTECTED]")
    at /usr/src/WWW-2003.12.01/php-4.3.4/main/spprintf.c:638
#3  0x08139ae1 in php_error_cb (type=-1073862576, 
    error_filename=0x82e7f74
"/adm/vhosts/www/code/process_statistics/process_stats.php", 
    error_lineno=137445501, format=0xbffe2850 "[EMAIL PROTECTED]",
args=0xbffe2850 "[EMAIL PROTECTED]")
    at /usr/src/WWW-2003.12.01/php-4.3.4/main/main.c:601
(gdb) 


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=26551&edit=1

#26551 [Opn->Fbk]: PHP script goes into infinite loop, providing overflow in backtrace

Reply via email to