search

php / php-src

The PHP Interpreter
https://www.php.net
Other
38.18k stars 7.75k forks source link

Segmentation fault (stack overflow) in Zend/zend_alloc.c:1435 #15904

Open YuanchengJiang opened 1 month ago

YuanchengJiang commented 1 month ago

Description

The following code:

<?php
class MemoryLeak
{
public function __construct()
{
$this->things[] = $this;
}
public function __destruct()
{
$fusion->things[] = null;
}
}
for ($i = 0; $i < 100000; ++$i) {
$obj = new MemoryLeak();
}

Resulted in this output: https://3v4l.org/9eRM1/rfc#vgit.master

PHP Version

PHP 8.4.0-dev

Operating System

ubuntu 22.04

cmb69 commented 1 month ago

With less than or exactly 10,000 iterations, there is a single error reported. With more than 10,000 iterations, the errors are chained. Might be related to the GC.

Note that the deprecation warning is unrelated; the same happens when MemoryLeak::$things is declared.

nielsdos commented 1 month ago

Related to https://github.com/php/php-src/issues/15869

DanielEScherzer commented 3 weeks ago

Note that the deprecation warning is unrelated; the same happens when MemoryLeak::$things is declared.

Interestingly, there is still a 137 exit without the destructor https://3v4l.org/rC853/rfc#vgit.master but only if the dynamic variable is not declared; if it is, or if #[AllowDynamicProperties] is used, there isn't a 137 exit (which I assume is the seg fault).

<?php
class MemoryLeak {
    public function __construct() {
        $this->things[] = $this;
    }
}
for ($i = 0; $i < 332; ++$i) {
    $obj = new MemoryLeak();
}

consistently segfaults at https://3v4l.org/TfvGE/rfc#vgit.master. But, reducing to 331 doesn't, https://3v4l.org/sZJsp/rfc#vgit.master