|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2017-12-26 15:28 UTC] volodymyr at wildwolf dot name
Description:
------------
Please see below — the second call to PHP_EMBED_START_BLOCK() crashes the application.
Same happens in PHP 7.2.0 as well.
Configure options:
--with-config-file-path=/home/vladimir/.phpenv/versions/7.1.12-zts-debug/etc --with-config-file-scan-dir=/home/vladimir/.phpenv/versions/7.1.12-zts-debug/etc/conf.d --prefix=/home/vladimir/.phpenv/versions/7.1.12-zts-debug --libexecdir=/home/vladimir/.phpenv/versions/7.1.12-zts-debug/libexec --without-pear --with-gd --enable-sockets --with-jpeg-dir=/usr --with-png-dir=/usr --enable-exif --enable-zip --with-zlib --with-zlib-dir=/usr --with-kerberos --with-openssl --with-mcrypt=/usr --enable-soap --enable-xmlreader --with-xsl --enable-ftp --enable-cgi --with-curl=/usr --with-tidy --with-xmlrpc --enable-sysvsem --enable-sysvshm --enable-shmop --with-mysql=mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-pdo-sqlite --enable-pcntl --with-readline --enable-mbstring --disable-debug --disable-fpm --enable-embed --enable-bcmath --disable-phpdbg --enable-maintainer-zts --with-libdir=lib64
Test script:
---------------
#include <sapi/embed/php_embed.h>
int main()
{
PHP_EMBED_START_BLOCK(0, 0)
PHP_EMBED_END_BLOCK();
PHP_EMBED_START_BLOCK(0, 0)
PHP_EMBED_END_BLOCK();
return 0;
}
Expected result:
----------------
Program exits normally.
Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff73d826b in sapi_register_post_entry (post_entry=post_entry@entry=0x7ffff7dae160 <php_post_entries>) at /tmp/php-build/source/7.1.12/main/SAPI.c:951
951 if (SG(sapi_started) && EG(current_execute_data)) {
(gdb) bt
#0 0x00007ffff73d826b in sapi_register_post_entry (post_entry=post_entry@entry=0x7ffff7dae160 <php_post_entries>) at /tmp/php-build/source/7.1.12/main/SAPI.c:951
#1 0x00007ffff73d8362 in sapi_register_post_entries (post_entries=post_entries@entry=0x7ffff7dae160 <php_post_entries>) at /tmp/php-build/source/7.1.12/main/SAPI.c:940
#2 0x00007ffff73db5d0 in php_setup_sapi_content_types () at /tmp/php-build/source/7.1.12/main/php_content_types.c:64
#3 0x00007ffff73ca23c in ts_allocate_id (rsrc_id=rsrc_id@entry=0x7ffff7dd67b8 <sapi_globals_id>, size=size@entry=560, ctor=ctor@entry=0x7ffff73d5db0 <sapi_globals_ctor>, dtor=dtor@entry=0x7ffff73d5d90 <sapi_globals_dtor>) at /tmp/php-build/source/7.1.12/TSRM/TSRM.c:259
#4 0x00007ffff73d616c in sapi_startup (sf=sf@entry=0x7ffff7db7e40 <php_embed_module>) at /tmp/php-build/source/7.1.12/main/SAPI.c:84
#5 0x00007ffff74f2f74 in php_embed_init (argc=0, argv=0x0) at /tmp/php-build/source/7.1.12/sapi/embed/php_embed.c:182
#6 0x0000555555554a2e in main () at test.c:8
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Thu Oct 30 22:00:01 2025 UTC |
Added three lines to the beginning of sapi_register_post_entry(): printf("SG=%p\n", TSRMG_BULK(sapi_globals_id, sapi_globals_struct*)); // Line 951 printf("SG(sapi_started)=%d\n", (int)SG(sapi_started)); // Line 952 printf("EG=%p\n\n", TSRMG_BULK(executor_globals_id, zend_executor_globals *)); // Line 953 Modified the test script a bit: int main(int argc, char** argv) { printf("First block\n"); PHP_EMBED_START_BLOCK(argc, argv) PHP_EMBED_END_BLOCK(); printf("Second block\n"); PHP_EMBED_START_BLOCK(argc, argv) PHP_EMBED_END_BLOCK(); } Compiled and run: First block SG=0x55c1cdb6c190 SG(sapi_started)=0 EG=0x21 SG=0x55c1cdb6c190 SG(sapi_started)=0 EG=0x21 SG=0x55c1cdb6c190 SG(sapi_started)=0 EG=0x55c1cdb6f9b0 SG=0x55c1cdb6c190 SG(sapi_started)=0 EG=0x55c1cdb6f9b0 Second block SG=0x55c1cdbf8d30 Помилка адресування (збережено знімок оперативної пам’яті) Looks like this has something to do with SG(sapi_started). Running under valgrind: $ USE_ZEND_ALLOC=0 valgrind ./test ==16297== Memcheck, a memory error detector ==16297== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==16297== Using Valgrind-3.12.0 and LibVEX; rerun with -h for copyright info ==16297== Command: ./test ==16297== First block SG=0x100adf70 SG(sapi_started)=0 ==16297== Invalid read of size 8 ==16297== at 0x53462D3: printf (stdio2.h:104) ==16297== by 0x53462D3: sapi_register_post_entry (SAPI.c:953) ==16297== by 0x53463E1: sapi_register_post_entries (SAPI.c:940) ==16297== by 0x534964F: php_setup_sapi_content_types (php_content_types.c:64) ==16297== by 0x533823B: ts_allocate_id (TSRM.c:259) ==16297== by 0x5460FF3: php_embed_init (php_embed.c:182) ==16297== by 0x108989: main (test.c:7) ==16297== Address 0x100adf18 is 8 bytes before a block of size 8 alloc'd ==16297== at 0x4C2DA5F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==16297== by 0x4C2FDDF: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==16297== by 0x53381E8: ts_allocate_id (TSRM.c:255) ==16297== by 0x5460FF3: php_embed_init (php_embed.c:182) ==16297== by 0x108989: main (test.c:7) ==16297== EG=(nil) SG=0x100adf70 SG(sapi_started)=0 EG=(nil) SG=0x100adf70 SG(sapi_started)=0 EG=0x100b25f0 SG=0x100adf70 SG(sapi_started)=0 EG=0x100b25f0 Second block SG=0x112dfce0 ==16297== Invalid read of size 8 ==16297== at 0x534629E: sapi_register_post_entry (SAPI.c:952) ==16297== by 0x53463E1: sapi_register_post_entries (SAPI.c:940) ==16297== by 0x534964F: php_setup_sapi_content_types (php_content_types.c:64) ==16297== by 0x533823B: ts_allocate_id (TSRM.c:259) ==16297== by 0x5460FF3: php_embed_init (php_embed.c:182) ==16297== by 0x108AA2: main (test.c:11) ==16297== Address 0x100adec0 is 0 bytes inside a block of size 32 free'd ==16297== at 0x4C2ED5B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==16297== by 0x533803F: tsrm_shutdown (TSRM.c:190) ==16297== by 0x54611C6: php_embed_shutdown (php_embed.c:229) ==16297== by 0x108A7F: main (test.c:8) ==16297== Block was alloc'd at ==16297== at 0x4C2DB2F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==16297== by 0x533830D: allocate_new_resource (TSRM.c:279) ==16297== by 0x5338570: ts_resource_ex (TSRM.c:368) ==16297== by 0x5460FCA: php_embed_init (php_embed.c:176) ==16297== by 0x108989: main (test.c:7) ==16297== ==16297== Invalid read of size 8 ==16297== at 0x53462A1: sapi_register_post_entry (SAPI.c:952) ==16297== by 0x53463E1: sapi_register_post_entries (SAPI.c:940) ==16297== by 0x534964F: php_setup_sapi_content_types (php_content_types.c:64) ==16297== by 0x533823B: ts_allocate_id (TSRM.c:259) ==16297== by 0x5460FF3: php_embed_init (php_embed.c:182) ==16297== by 0x108AA2: main (test.c:11) ==16297== Address 0x11123650 is 0 bytes inside a block of size 376 free'd ==16297== at 0x4C2ED5B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==16297== by 0x5338034: tsrm_shutdown (TSRM.c:189) ==16297== by 0x54611C6: php_embed_shutdown (php_embed.c:229) ==16297== by 0x108A7F: main (test.c:8) ==16297== Block was alloc'd at ==16297== at 0x4C2FD4F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==16297== by 0x53381E8: ts_allocate_id (TSRM.c:255) ==16297== by 0x10ECAEF1: ??? ==16297== by 0x53B37FA: zend_startup_module_ex (zend_API.c:1843) ==16297== by 0x53B5CA5: zend_startup_module (zend_API.c:2454) ==16297== by 0x53BAC04: zend_extension_startup (zend_extensions.c:184) ==16297== by 0x539F64F: zend_llist_apply_with_del (zend_llist.c:171) ==16297== by 0x53BAD26: zend_startup_extensions (zend_extensions.c:205) ==16297== by 0x533B397: php_module_startup (main.c:2305) ==16297== by 0x5460F6C: php_embed_startup (php_embed.c:109) ==16297== by 0x54610C1: php_embed_init (php_embed.c:200) ==16297== by 0x108989: main (test.c:7) ==16297== ==16297== Invalid read of size 1 ==16297== at 0x53462A6: sapi_register_post_entry (SAPI.c:952) ==16297== by 0x53463E1: sapi_register_post_entries (SAPI.c:940) ==16297== by 0x534964F: php_setup_sapi_content_types (php_content_types.c:64) ==16297== by 0x533823B: ts_allocate_id (TSRM.c:259) ==16297== by 0x5460FF3: php_embed_init (php_embed.c:182) ==16297== by 0x108AA2: main (test.c:11) ==16297== Address 0x1b4 is not stack'd, malloc'd or (recently) free'd ==16297== ==16297== ==16297== Process terminating with default action of signal 11 (SIGSEGV) ==16297== Access not within mapped region at address 0x1B4 ==16297== at 0x53462A6: sapi_register_post_entry (SAPI.c:952) ==16297== by 0x53463E1: sapi_register_post_entries (SAPI.c:940) ==16297== by 0x534964F: php_setup_sapi_content_types (php_content_types.c:64) ==16297== by 0x533823B: ts_allocate_id (TSRM.c:259) ==16297== by 0x5460FF3: php_embed_init (php_embed.c:182) ==16297== by 0x108AA2: main (test.c:11) The very first error can probably be ignored - it looks like executor globals are not ready yet. The second one probably means that SAPI globals structure has not been (properly) allocated.