#38756 [NEW]: Returning large numbers of objects in an array results in a segfault

[adam at aers dot ca]

From:             adam at aers dot ca
Operating system: Linux
PHP version:      4.4.4
PHP Bug Type:     Class/Object related
Bug description:  Returning large numbers of objects in an array results in a 
segfault

Description:
------------
Returning large numbers of objects in an array seems to cause segmentation
faults or other memory related errors.

Our memory limit is set to 1024M; that should be the only non-standard
setting.

PHP Version => 4.4.4-pl2-gentoo

System => Linux nitrogen 2.6.13-gentoo-r3 #2 SMP Thu Oct 20 19:23:03 PDT
2005 x86_64
Build Date => Sep  7 2006 16:19:50
Configure Command =>  './configure' '--prefix=/usr/lib64/php4'
'--host=x86_64-pc-linux-gnu' '--mandir=/usr/lib64/php4/man'
'--infodir=/usr/lib64/php4/info' '-
-sysconfdir=/etc' '--cache-file=./config.cache' '--with-libdir=lib64'
'--enable-cli' '--disable-cgi' '--with-config-file-path=/etc/php/cli-php4'
'--with-confi
g-file-scan-dir=/etc/php/cli-php4/ext-active' '--without-pear'
'--disable-bcmath' '--with-bz2' '--disable-calendar' '--disable-ctype'
'--with-curl' '--disable
-dbase' '--with-dom' '--disable-exif' '--without-fbsql' '--without-fdftk'
'--disable-filepro' '--enable-ftp' '--with-gettext' '--with-gmp'
'--without-hwapi' '
--without-iconv' '--without-informix' '--without-kerberos'
'--disable-mbstring' '--with-mcal=/usr' '--with-mcrypt' '--without-mcve'
'--enable-memory-limit' '-
-without-mhash' '--without-ming' '--without-mnogosearch' '--without-msql'
'--without-mssql' '--with-ncurses' '--without-oci8'
'--without-oci8-instant-client'
'--without-oracle' '--with-openssl' '--with-openssl-dir=/usr'
'--disable-overload' '--without-ovrimos' '--enable-pcntl'
'--without-pfpro' '--with-pgsql' '--wi
th-pspell' '--without-recode' '--enable-shmop' '--without-snmp'
'--enable-sockets' '--without-sybase' '--without-sybase-ct'
'--enable-sysvmsg' '--enable-sysvs
em' '--enable-sysvshm' '--disable-tokenizer' '--disable-wddx'
'--disable-xml' '--without-xmlrpc' '--with-zlib' '--disable-debug'
'--enable-dba' '--without-cdb
' '--with-db4' '--without-flatfile' '--without-gdbm' '--without-inifile'
'--disable-dbx' '--with-freetype-dir=/usr' '--with-t1lib=/usr'
'--disable-gd-jis-conv
' '--enable-gd-native-ttf' '--with-jpeg-dir=/usr' '--with-png-dir=/usr'
'--with-xpm-dir=/usr/X11R6' '--with-gd' '--with-imap' '--with-imap-ssl'
'--with-mysql=
/usr' '--with-mysql-sock=/var/run/mysqld/mysqld.sock'
'--with-unixODBC=/usr' '--without-adabas' '--without-birdstep'
'--without-dbmaker' '--without-empress' '
--without-esoob' '--without-ibm-db2' '--without-iodbc' '--without-sapdb'
'--without-solid' '--with-readline' '--without-libedit' '--disable-xslt'
'--without-x
slt-sablot' '--without-dom-xslt' '--without-dom-exslt' '--with-mm'
'--disable-zend-memory-manager'

Reproduce code:
---------------
testFunc();
function testFunc(){
        for( $i =0; $i < 100000; $i++ ){
                $line = new ReportLine();
                for( $j = 0; $j < 40; $j++ ){
                        $line->addData("this is a bug");
                }
                $lines[] = $line;
        }
        return $lines;
}
class ReportLine{
        var $bool;// = true;
        function ReportLine(){
//              $this->bool = true;
        }
        function addData($value){
                if( $this->bool ) $this->data[] = $value;
        }
}

Expected result:
----------------
No output.

Actual result:
--------------
This results in a segfault.  (Some values of the i limit gave me *** glibc
detected *** double free or corruption (fasttop): 0x0000000000XXXXXX ***) 
Lower values for the $i counter will result in things running okay.  Try
setting it higher if the issue doesn't occur.  Removing the var
declaration will fix the problem.  Assigning a value to it during the
declaration will have no affect on the bug.  Assigning a value in the
constructor - with or without a var declaration - will cause things to
work fine.

-- 
Edit bug report at http://bugs.php.net/?id=38756&edit=1
-- 
Try a CVS snapshot (PHP 4.4): 
http://bugs.php.net/fix.php?id=38756&r=trysnapshot44
Try a CVS snapshot (PHP 5.2): 
http://bugs.php.net/fix.php?id=38756&r=trysnapshot52
Try a CVS snapshot (PHP 6.0): 
http://bugs.php.net/fix.php?id=38756&r=trysnapshot60
Fixed in CVS:                 http://bugs.php.net/fix.php?id=38756&r=fixedcvs
Fixed in release:             
http://bugs.php.net/fix.php?id=38756&r=alreadyfixed
Need backtrace:               http://bugs.php.net/fix.php?id=38756&r=needtrace
Need Reproduce Script:        http://bugs.php.net/fix.php?id=38756&r=needscript
Try newer version:            http://bugs.php.net/fix.php?id=38756&r=oldversion
Not developer issue:          http://bugs.php.net/fix.php?id=38756&r=support
Expected behavior:            http://bugs.php.net/fix.php?id=38756&r=notwrong
Not enough info:              
http://bugs.php.net/fix.php?id=38756&r=notenoughinfo
Submitted twice:              
http://bugs.php.net/fix.php?id=38756&r=submittedtwice
register_globals:             http://bugs.php.net/fix.php?id=38756&r=globals
PHP 3 support discontinued:   http://bugs.php.net/fix.php?id=38756&r=php3
Daylight Savings:             http://bugs.php.net/fix.php?id=38756&r=dst
IIS Stability:                http://bugs.php.net/fix.php?id=38756&r=isapi
Install GNU Sed:              http://bugs.php.net/fix.php?id=38756&r=gnused
Floating point limitations:   http://bugs.php.net/fix.php?id=38756&r=float
No Zend Extensions:           http://bugs.php.net/fix.php?id=38756&r=nozend
MySQL Configuration Error:    http://bugs.php.net/fix.php?id=38756&r=mysqlcfg