PHP 5.3.6-13ubuntu3.6 with Suhosin-Patch crashes when using SPLFixedArray built-in class
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
php5 (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Oneiric |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
Test script
-----------
spl_
<?php
for ($i = 0; $i != 10000; ++$i) {
$array = new SplFixedArray(1);
}
?>
Running
-------
php spl_fixed_array.php
Expected result
---------------
The script terminates normally or PHP handles memory limit exhaustion error
(depending on configuration).
Actual result
-------------
1
2
...
4997
4998
4999
Segmentation fault
Backtrace
---------
Program received signal SIGSEGV, Segmentation fault.
spl_
/build/
381 /build/
in /build/
(gdb) bt
#0 spl_fixedarray_
#1 0x00000000006b4563 in zval_scan_black (pz=0x156fcc8)
at /build/
#2 0x00000000006b47f5 in zval_scan (pz=0x156fcc8) at /build/
#3 0x00000000006b4bbe in gc_collect_cycles () at /build/
#4 0x00000000006b5244 in gc_zval_
at /build/
#5 0x000000000070bfef in zend_do_
at /build/
#6 0x00000000006bd51b in execute (op_array=
at /build/
#7 0x00007ffff4be28b5 in xdebug_execute (op_array=
at /build/
#8 0x0000000000698b70 in zend_execute_
at /build/
#9 0x0000000000645913 in php_execute_script (primary_
at /build/
#10 0x000000000042c53e in main (argc=32767, argv=0x7fffffff
at /build/
(gdb) p *obj
$1 = {value = {lval = 0, dval = 0, str = {val = 0x0, len = 0}, ht = 0x0, obj = {handle = 0,
handlers = 0x0}}, refcount__gc = 0, type = 0 '\000', is_ref__gc = 0 '\000'}
Version
-------
php --version output:
PHP 5.3.6-13ubuntu3.6 with Suhosin-Patch (cli) (built: Feb 11 2012 03:26:01)
Copyright (c) 1997-2011 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies
with Xdebug v2.1.0, Copyright (c) 2002-2010, by Derick Rethans
apt-cache policy php5 output:
php5:
Installed: (none)
Candidate: 5.3.6-13ubuntu3.6
Version table:
500 http://
500 http://
500 http://
lsb_release -rd output:
Description: Ubuntu 11.10
Release: 11.10
file /usr/bin/php5 output:
/usr/bin/php5: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.15, stripped
Reproduction with vanilla PHP
-------
Manually built current stable release of PHP downloaded from http://
The issue seemed to be not reproducable. Version:
PHP 5.4.0 (cli) (built: Apr 17 2012 22:23:57)
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies
Changed in php5 (Ubuntu Oneiric): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in php5 (Ubuntu): | |
importance: | High → Medium |
Thanks for reporting this bug.
I was able to reproduce this in oneiric, but no in precise. Marked the bug fix released (for precise) and open for oneiric.