Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:10442 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 51702 invoked by uid 1010); 14 Jun 2004 16:05:56 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 51678 invoked from network); 14 Jun 2004 16:05:56 -0000 Received: from unknown (HELO conan.ard.nu) (217.148.166.184) by pb1.pair.com with SMTP; 14 Jun 2004 16:05:56 -0000 Received: from [10.0.2.9] (helo=[10.0.2.9]) by conan.ard.nu with esmtp (Exim 4.32) id 1BZty7-0004k3-Nk for internals@lists.php.net; Mon, 14 Jun 2004 18:05:55 +0200 Message-ID: <40CDCCDF.2090201@php.net> Date: Mon, 14 Jun 2004 18:05:51 +0200 User-Agent: Mozilla Thunderbird 0.6 (Windows/20040502) X-Accept-Language: en-us, en MIME-Version: 1.0 To: internals@lists.php.net References: <200406141138.30533.ilia@prohost.org> In-Reply-To: <200406141138.30533.ilia@prohost.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: alloca() problem From: abies@php.net (Ard Biesheuvel) Ilia Alshanetsky wrote: > There is a rather nasty crash possible in PHP due to the usage of the alloca() > function as can be demonstrated by bug #28064. > Simpler bug replication case: > php -r ' $a = str_repeat("a", 1024 * 1024 * 6); defined($a); ' > The following two fragments will lead to virtually identical code: void foo() { char bar[2048]; ... } and void foo() { char *bar = alloca(2048); .... They both start out by moving the stack pointer down 2k to leave enough room for bar, and they will both crash in a similar way if the stack doesn't have enough room available. I think that not alloca() itself but its improper use is the problem here. Any function will cause a crash if you call it when your stack is full. Just be sensible about when (not to) use it. -- Ard