From: [EMAIL PROTECTED]
Operating system: Linux
PHP version: 5.2.0RC2
PHP Bug Type: Scripting Engine problem
Bug description: shutdown_executor() may segfault when memory_limit is too low
Description:
------------
PHP segfaults when memory_limit is too low (like 1 byte).
The problem is that shutdown_executor() doesn't expect global hashes to be
NULL and tries to destroy/free them, which leads to segfault.
It's not a problem to add required if()'s, but we'd have to add them in
places which are used very often (like zend_hash_*() funcs) and this may
affect performance.
Reproducible with both 5_2 and HEAD branches.
Reproduce code:
---------------
php.ini:
memory_limit=1
php -r 'echo "ok\n";'
Expected result:
----------------
ok
Actual result:
--------------
Fatal error: Allowed memory size of 1 bytes exhausted at
/local/dev/php-src_5_2/Zend/zend_ini.c:246 (tried to allocate 2 bytes) in
Unknown on line 0
[Tue Aug 22 13:51:18 2006] Script: '-'
---------------------------------------
/local/dev/php-src_5_2/Zend/zend_hash.c(646) : Block 0x00000000 status:
NULL
---------------------------------------
Program received signal SIGSEGV, Segmentation fault.
0x08180729 in _zend_is_inconsistent (ht=0x0, file=0x8259438
"/local/dev/php-src_5_2/Zend/zend_hash.c", line=727) at
/local/dev/php-src_5_2/Zend/zend_hash.c:53
53 if (ht->inconsistent==HT_OK) {
(gdb) bt
#0 0x08180729 in _zend_is_inconsistent (ht=0x0, file=0x8259438
"/local/dev/php-src_5_2/Zend/zend_hash.c", line=727) at
/local/dev/php-src_5_2/Zend/zend_hash.c:53
#1 0x08182468 in zend_hash_reverse_apply (ht=0x0, apply_func=0x816efa7
<zend_cleanup_function_data>) at
/local/dev/php-src_5_2/Zend/zend_hash.c:727
#2 0x0816a988 in shutdown_executor () at
/local/dev/php-src_5_2/Zend/zend_execute_API.c:275
#3 0x08177d1b in zend_deactivate () at
/local/dev/php-src_5_2/Zend/zend.c:839
#4 0x08130e35 in php_request_shutdown (dummy=0x0) at
/local/dev/php-src_5_2/main/main.c:1300
#5 0x081de00c in main (argc=3, argv=0xbfffefe4) at
/local/dev/php-src_5_2/sapi/cli/php_cli.c:1250
--
Edit bug report at http://bugs.php.net/?id=38543&edit=1
--
Try a CVS snapshot (PHP 4.4):
http://bugs.php.net/fix.php?id=38543&r=trysnapshot44
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=38543&r=trysnapshot52
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=38543&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=38543&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=38543&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=38543&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=38543&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=38543&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=38543&r=support
Expected behavior: http://bugs.php.net/fix.php?id=38543&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=38543&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=38543&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=38543&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=38543&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=38543&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=38543&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=38543&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=38543&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=38543&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=38543&r=mysqlcfg
