ID: 47396
Updated by: magical...@php.net
Reported By: cwei...@php.net
Status: Open
Bug Type: Reproducible crash
PHP Version: 5.2.9RC2
New Comment:
I had a look at the problem inside zend, and found the problem most
likely coming from zend_hash.c
if ((long)h >= (long)ht->nNextFreeElement) {
ht->nNextFreeElement = h + 1;
}
If h (the element being inserted) is higher or equal than the current
"nNextFreeElement", we set this to h+1.
This does not handles:
- The fact that we might get back to 0
- The fact that once we get back to 0, the "next free element" might be
non free (and will most likely be for #1 and #2).
Previous Comments:
------------------------------------------------------------------------
[2009-02-15 16:02:53] cwei...@php.net
Description:
------------
Using php for long running daemons and opening files in there can lead
to crashes, when resource ids wrap around the integer/long size and come
to 0 at last.
There is no sanity check if a resource is already in use when assigning
it.
This problem is more likely to appear on 32bit systems than on 64,
since it takes ages to overflow that number with 64bit. Still, it is a
problem.
Example:
- Open a file -> resource id is now +1
- Open many files. Eventually, it will reach MAX_INT or whatever number
that is and wrap around to "-" that number, increasing from now on.
- Double the time, and the script reaches an resource id of 0
- Now chances are very high that the an existing resource is at the
same id
- PHP crashes
The problem has been - wrongly - described here:
http://gnuvince.wordpress.com/2008/10/28/php-wrong-for-long-running-processes-wrong-for-america/
The issue is the one I described here
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=47396&edit=1
