PHP :: Bug #26598 :: Segmentation fault

Bug #26598	Segmentation fault
Submitted:	2003-12-12 05:17 UTC	Modified:	2004-01-25 15:38 UTC
From:	robert at interjinn dot com	Assigned:
Status:	Closed	Package:	Scripting Engine problem
PHP Version:	5CVS-2004-01-25	OS:	*
Private report:	No	CVE-ID:	None

View Developer Edit

[2003-12-12 05:17 UTC] robert at interjinn dot com

Description:
------------
No idea why script crashes. I'm including my compile information and the backtrace.

export PHP_VERSION_DIR=php5-200312120830
make clean
rm config.cache
./configure \
    --disable-all \
    --with-mysql \
    --enable-carnagemath \
    --enable-carnagexml \
    --enable-carnageutilities \
    --enable-interjinn \
    --enable-ctype \
    --with-zlib \
    --enable-ftp \
    --enable-sockets \
    --with-ncurses \
    --enable-pcntl \
    --with-pcre-regex \
    --enable-exif \
    --with-jpeg-dir=/usr/lib \
    --with-png-dir=/usr/lib \
    --with-tiff-dir=/usr/lib \
    --with-gif-dir=/usr/lib \
    --with-gd \
    --prefix=/usr/local/php/${PHP_VERSION_DIR}/installation \
    --exec-prefix=/usr/local/php/${PHP_VERSION_DIR}/installation
make
make install

--------------------------------------------------------

Program received signal SIGSEGV, Segmentation fault.
zend_do_declare_property (var_name=0xbffed0e0, value=0xbffed110, access_type=256)
    at /usr/local/php/php5-200312120830/Zend/zend_compile.c:2442
2442            if (CG(active_class_entry)->ce_flags & ZEND_ACC_INTERFACE) {
(gdb) bt
#0  zend_do_declare_property (var_name=0xbffed0e0, value=0xbffed110, access_type=256)
    at /usr/local/php/php5-200312120830/Zend/zend_compile.c:2442
#1  0x08121b3a in zendparse () at Zend/zend_language_parser.c:2545
#2  0x0812371e in compile_file (file_handle=0xbffee4e0, type=2) at Zend/zend_language_scanner.c:3139
#3  0x08155ad1 in zend_include_or_eval_handler (execute_data=0xbfff0ad0, op_array=0x0)
    at /usr/local/php/php5-200312120830/Zend/zend_execute.c:3355
#4  0x08151442 in execute (op_array=0x4032039c) at /usr/local/php/php5-200312120830/Zend/zend_execute.c:1277
#5  0x0815407a in zend_do_fcall_common_helper (execute_data=0xbfff5180, op_array=0x40315e44)
    at /usr/local/php/php5-200312120830/Zend/zend_execute.c:2580
#6  0x081542c9 in zend_do_fcall_by_name_handler (execute_data=0x0, op_array=0x40315e44)
    at /usr/local/php/php5-200312120830/Zend/zend_execute.c:2666
#7  0x08151442 in execute (op_array=0x40315e44) at /usr/local/php/php5-200312120830/Zend/zend_execute.c:1277
#8  0x0815407a in zend_do_fcall_common_helper (execute_data=0xbfff9e30, op_array=0x40282c04)
    at /usr/local/php/php5-200312120830/Zend/zend_execute.c:2580
#9  0x081542c9 in zend_do_fcall_by_name_handler (execute_data=0x0, op_array=0x40282c04)
    at /usr/local/php/php5-200312120830/Zend/zend_execute.c:2666
#10 0x08151442 in execute (op_array=0x40282c04) at /usr/local/php/php5-200312120830/Zend/zend_execute.c:1277
#11 0x08155b55 in zend_include_or_eval_handler (execute_data=0xbfffbbc0, op_array=0x0)
    at /usr/local/php/php5-200312120830/Zend/zend_execute.c:3403
#12 0x08151442 in execute (op_array=0x402796b4) at /usr/local/php/php5-200312120830/Zend/zend_execute.c:1277
#13 0x08155b55 in zend_include_or_eval_handler (execute_data=0xbfffc000, op_array=0x0)
    at /usr/local/php/php5-200312120830/Zend/zend_execute.c:3403
#14 0x08151442 in execute (op_array=0x40278a5c) at /usr/local/php/php5-200312120830/Zend/zend_execute.c:1277
#15 0x08139c32 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /usr/local/php/php5-200312120830/Zend/zend.c:1016
#16 0x0810d368 in php_execute_script (primary_file=0xbfffe370)
    at /usr/local/php/php5-200312120830/main/main.c:1638
#17 0x0815ac57 in main (argc=3, argv=0xbfffe404) at /usr/local/php/php5-200312120830/sapi/cgi/cgi_main.c:1564
#18 0x40154082 in __libc_start_main () from /lib/i686/libc.so.6

Patches

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-12-12 06:49 UTC] derick@php.net

Don't forget to remove the non-standard exts from your PHP config either.

[2003-12-12 18:10 UTC] robert at interjinn dot com

I hav recompiled with minimal extensions compiled in, namely:

./configure \
    --disable-all \
    --with-pcre-regex \
    --prefix=/usr/local/php/${PHP_VERSION_DIR}/installation \
    --exec-prefix=/usr/local/php/${PHP_VERSION_DIR}/installation

And I still have a no go. I spent the last 3 hours trying to produce a short script which would illustrate the bug and running the PHP binary through GDB and Valgrind to no avail. What I do know is that at:

zend_do_declare_property (/usr/local/php/php5-200312120830/Zend/zend_compile.c:2442)

CG(active_class_entry) evaluates to null and so CG(active_class_entry)->ce_flags causes a NULL pointer fault. I tried patching with a test for NULL, but then I got a crash in zend_hash_find() where the memory for the hash appeared to be corrupted - Valgrind was not useful in determining where the memory may have become corrupt.

I was going to set up a link to an InterJinn download, but while I was testing to make sure it ran, I got the following error (possibly related to this bug):

<b>Fatal error</b>:  Only variables or references can be returned by reference in <b>/home/suds/yackspit/interJinn-0.9.1/Core/libraries/templateJinn/templateManager.inc</b> on line <b>17</b><br />

For which the actual line of code is:

    var $filename = __FILE__;

which is in a class. If it is also helpful I get a LOT of deprecated warnings for:

<b>Strict Standards</b>:  var: Deprecated. Please use the public/private/protected modifiers.

The reason I think maybe the above is related is because in the backtrace of the original report, and more recent ones with minimal extensions, the zend_do_declare_property() function is attmepting to work with a property called "filename".

[2003-12-15 15:03 UTC] robert at interjinn dot com

As stated previously I was unable to come up with a short script that can reproduce the bug. I attached a link to a big script in my last response. I apologize if this is not suitable but I don't see another alternative.

[2003-12-15 17:33 UTC] sniper@php.net

Start by removing all the unnecessary lines from the first file, all unnecessary include()'s etc. Then remove all the includes, ie. put the stuff in one file. But only those parts of the code that are necessary for the reduced first file..
 
Just remove stuff line by line, run the code and if it still crashes, continue nuking the code until it doesn't crash. :)

[2003-12-16 02:52 UTC] sniper@php.net

http://www.interjinn.com/download/interJinn-0.9.1-php5mods-3.tar.gz

[2003-12-16 02:57 UTC] sniper@php.net

btw. bug #26065 looks quite similar to this.

[2003-12-16 05:05 UTC] robert at interjinn dot com

Hmmm, that's interesting. How does include() work? I always thought of it as an evaluation outside of the working scope. I checked the gdb backtrace for the code sample in bug #26065 and it segfaults on the same code, but at different points in the source, namely:

if (CG(active_class_entry)->ce_flags & ZEND_ACC_INTERFACE)

Cheers,
Rob.

[2003-12-27 18:07 UTC] helly@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip

[2004-01-01 20:51 UTC] sniper@php.net

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.

[2004-01-25 15:38 UTC] robert at interjinn dot com

Sorry to get to this so long after the last update. Somehow the email got filed under spam. Anyways I just checked out the latest CVS and tested. Everything works perfectly. Well done and thanks.

Rob.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Aug 17 14:01:27 2024 UTC