Confirmed infinite loop/wedging bug in PHP on i386

Jeremy Chadwick freebsd at
Tue Jan 4 11:10:21 UTC 2011

There's some discussion in the "web world" about a known problem with
PHP on 32-bit x86 architectures:

I've confirmed FreeBSD is affected, with PHP built from ports.  The
issue does not affect amd64.  I don't have other architectures to test
with, but I imagine only x86 is affected.

Testing/reproducing it is simple via CLI:

  php -r '$d = 2.2250738585072011e-308;'

The interpreter will immediately begin chewing up 100% CPU.  FreeBSD
version does not appear to matter.

This issue would affect CLI, CGI, and Apache module versions, and
depending on one's code, would be exploitable via $_GET and $_POST
variables or similar.  That's one thing that makes this incredibly
dangerous (classifiable as a DoS).  Server administrators should be
very concerned; ktrace/truss/etc. will not show anything going on when
this happens, only that the process is taking up 100% CPU.

For an explanation that makes a bit of sense, see the 2nd URL above, and
search for "IA-32".  I imagine optimisation levels (-O vs.  -O0 vs. -O2)
can play a role here as well.

The workaround seems to be adding -ffloat-store to CFLAGS during
compile-time on 32-bit architectures.  I haven't personally tested this,
but the explanation seems reasonable.

| Jeremy Chadwick                                   jdc at |
| Parodius Networking              |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.               PGP 4BD6C0CB |

More information about the freebsd-apache mailing list