views:

566

answers:

2

I discovered a way to make php segfault, and I'm a bit curious about what's happening. Maybe someone can explain this for me?

joern@xps:..com/trunk5/tools/nestedset> cat > while.php
<?php
while(1){
        die('dd');
}
?>
^C
0 joern@xps:..com/trunk5/tools/nestedset> php -f while.php   
ddzsh: segmentation fault  php -f while.php
0 joern@xps:..com/trunk5/tools/nestedset> php -f while.php
dd%                                                                                                                                                                                 
0 joern@xps:..com/trunk5/tools/nestedset> php -f while.php
dd%                                                                                                                                                                                 
0 joern@xps:..com/trunk5/tools/nestedset> php -f while.php
ddzsh: segmentation fault  php -f while.php
0 joern@xps:..com/trunk5/tools/nestedset> php -f while.php
ddzsh: segmentation fault  php -f while.php
0 joern@xps:..com/trunk5/tools/nestedset> php -f while.php
dd%                                                                                                                                                                                 
0 joern@xps:..com/trunk5/tools/nestedset> php -f while.php
dd%

As you can see, it doesn't happen every time. Php caching?

php5 5.2.10.dfsg.1-2ubuntu6.1
+1  A: 

Wikipedia: Segmentation Fault

A little bit of research indicates that some PHP extensions may not play nice, or may not play nice with each other. It can also depend on the server, or the server configuration.

If you are using both XDebug and Zend Debugger loaded at the same time it can cause this.

At first I thought possibly the while loop used with a die() statement might be part of the cause.. I am curious to know if this also causes a segmentation error:

while (!$fault) { 
  $fault=check_fault_function();
  }
if ($fault) { die('dd'); }

If not it may be just how you are using while and die together. As you know while(1) {} is an infinite loop... (your server may not know how to allocate memory for infinite routines) so unless you are trying to cause crashes this is normally bad practice.

Talvi Watia
in fact, I am using xdebug, didn't think of that..I was not able to recreate the fault using valgrind, but i managed to get a core dump from just running "php - while.php"http://while1.no/files/core.tgz(fitting domain, don't you think?)I'll try your php script next :)
Joernsn
im not sure if the check_fault_function i created does what you need, but at least php cant guess the number of iterations: http://pastebin.org/56321 This code also segfaulted, but only 30% of time, just like the previous. core: while1.no/files/core2.tgz
Joernsn
if my example also segfaulted the error lies in the die() statement, not the while loop. possibly it is trying to unallocate memory/variables that are not there when it exits?http://bugs.php.net/bug.php?id=40045 describes how the "-r" conditional can create segfaults on die().. how about trying 'php while.php' instead of 'php -f while.php'?
Talvi Watia
I managed to get "php while.php" to segfault as well. Php's man says no parameter is the same as -f. I was wrong when i said i had xdebug installed, that was only in my php/apache conf (get_loaded_extensions() confirms), so it sounds right that its die() that's not behaving.
Joernsn
+1  A: 

This appears to be related to a known bug in the PHP source. It's been fixed in the PHP trunk, and it looks like it was rolled out some time around the 5.2.11 release. See here and here for details.

Thomas