php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77666 Segmentation fault on include file with very long string variable
Submitted: 2019-02-25 19:51 UTC Modified: 2021-04-21 10:16 UTC
Votes:4
Avg. Score:4.0 ± 0.7
Reproduced:4 of 4 (100.0%)
Same Version:0 (0.0%)
Same OS:2 (50.0%)
From: alexxwiz at yandex dot ru Assigned:
Status: Open Package: Reproducible crash
PHP Version: 7.2.15 OS: Ubuntu 16.04
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: alexxwiz at yandex dot ru
New email:
PHP Version: OS:

 

 [2019-02-25 19:51 UTC] alexxwiz at yandex dot ru
Description:
------------
Reproducible on two versions at least:

PHP 7.1.26-1+ubuntu14.04.1+deb.sury.org+1 (cli) (built: Jan 11 2019 14:35:37) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.1.0, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.1.26-1+ubuntu14.04.1+deb.sury.org+1, Copyright (c) 1999-2018, by Zend Technologies

and

PHP 7.2.15-1+ubuntu16.04.1+deb.sury.org+1 (cli) (built: Feb  8 2019 15:37:29) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.2.15-1+ubuntu16.04.1+deb.sury.org+1, Copyright (c) 1999-2018, by Zend Technologies
    with Xdebug v2.6.1, Copyright (c) 2002-2018, by Derick Rethans


When I try to include file with very long (6.5Mb size) string variable I got segfault.

Variable is like in example (generated by some cache engine).



Test script:
---------------
<?php
include "test_long_string.php";
echo $datecreate;

//file test_long_string.php is like 6.5 Mb in size: 

<?php
$ser_content = 'a:2:{s:7:"CONTENT";s:0:"";s:4:"VARS";a:159:{i:2;a:24:{s:2:"ID";s:1:"2";s:6:"ACTIVE";s:1:"N";s:4:"NAME";s:35:"Фабрика - Вебмастер";s:4:"CODE";N;s:11:"DESCRIPTION";s:46:"Фабрика Фабрика Фабрика Фабрика ";s:4:"SORT";s:3:"100";s:7:"SITE_ID";s:2:"s1";s:6:"DOMAIN";s:11:"auto-mex.ru";s:8:"IS_HTTPS";s:1:"Y";s:6:"PLUGIN";s:16:"YANDEX_WEBMASTER";s:6:"FORMAT";s:23:"YANDEX_WEBMASTER_SIMPLE";s:14:"LAST_IBLOCK_ID";s:1:"1";s:17:"LAST_SETTINGS_TAB";s:17:"subtab_categories";s:6:"PARAMS";a:13:{s:11:"AUTO_DELETE";s:1:"Y";s:9:"SHOP_NAME";s:29:"Фабрика Фабрика ";s:12:"SHOP_COMPANY";s:29:"Фабрика Фабрика";s:8:"DELIVERY";a:3:{s:4:"COST";s:3:"275";s:4:"DAYS";s:1:"1";s:12:"ORDER_BEFORE";s:0:"";}s:21:"ENABLE_AUTO_DISCOUNTS";s:1:"N";s:16:"EXPORT_FILE_NAME";s:24:"/upload/webmaster-ya.xml";s:8:"ENCODING";s:5:"UTF-8";s:15:"COMPRESS_TO_ZIP";s:1:"N";s:17:"DELETE_XML_IF_ZIP";s:1:"N";s:18:"SHOW_JUST_CATALOGS";s:1:"Y";s:28:"CATEGORIES_REDEFINITION_MODE";s:1:"1";s:25:"CATEGORIES_EXPORT_PARENTS";s:1:"N";s:8:"CURRENCY";a:2:{s:15:"TARGET_CURRENCY";s:3:"RUB";s:12:"RATES_SOURCE";s:4:"CBRF";}}s:13:"AUTO_GENERATE";s:1:"Y";s:6:"LOCKED";s:1:"N";s:12:"DATE_CREATED";O:25:"Bitrix\\Main\\Type\\DateTime":1:{s:8:"'.chr(0).'*'.chr(0).'value";O:8:"DateTime":3:{s:4:"date";s:26:"2018-10-11 16:12:37.000000";s:13:"timezone_type";i:3;s:8:"timezone";s:13:"Europe/Moscow";}}s:13:"DATE_MODIFIED";O:25:"Bitrix\\Main\\Type\\DateTime":1:{s:8:"'.chr(0).'*'.chr(0);

Expected result:
----------------
If this string is too long I'll expect "out of memory" or "memory limit exceeded", but not segfault.

Actual result:
--------------
Segmentation fault (core dumped)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-02-25 19:55 UTC] spam2 at rhsoft dot net
http://php.net/supported-versions.php

can you reproduce that with a supported version?
 [2019-02-25 20:05 UTC] alexxwiz at yandex dot ru
-Operating System: Ubuntu 14.04 +Operating System: Ubuntu 16.04 -PHP Version: 7.1.26 +PHP Version: 7.2.15
 [2019-02-25 20:05 UTC] alexxwiz at yandex dot ru
Stacktrace:
Core was generated by `php -d short_open_tag=On test_segfault.php'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00005607e6adcdcc in zend_compile_binary_op (
    result=result@entry=0x7fffc440d0e0, ast=ast@entry=0x7fa4858cbf00)
    at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:7021
 [2019-02-25 20:08 UTC] alexxwiz at yandex dot ru
More stacktrace:

#0  0x00005607e6adcdcc in zend_compile_binary_op (result=result@entry=0x7fffc440d0e0, ast=ast@entry=0x7fa4858cbf00) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:7021
#1  0x00005607e6adaa6f in zend_compile_expr (result=result@entry=0x7fffc440d0e0, ast=0x7fa4858cbf00) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:8265
#2  0x00005607e6adce00 in zend_compile_binary_op (result=result@entry=0x7fffc440d210, ast=ast@entry=0x7fa4858cbf30) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:7027
#3  0x00005607e6adaa6f in zend_compile_expr (result=result@entry=0x7fffc440d210, ast=0x7fa4858cbf30) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:8265
#4  0x00005607e6adce00 in zend_compile_binary_op (result=result@entry=0x7fffc440d340, ast=ast@entry=0x7fa4858cbfc0) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:7027
#5  0x00005607e6adaa6f in zend_compile_expr (result=result@entry=0x7fffc440d340, ast=0x7fa4858cbfc0) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:8265
#6  0x00005607e6adce00 in zend_compile_binary_op (result=result@entry=0x7fffc440d470, ast=ast@entry=0x7fa4858cbff0) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:7027
#7  0x00005607e6adaa6f in zend_compile_expr (result=result@entry=0x7fffc440d470, ast=0x7fa4858cbff0) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:8265
#8  0x00005607e6adce00 in zend_compile_binary_op (result=result@entry=0x7fffc440d5a0, ast=ast@entry=0x7fa4858cc080) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:7027
#9  0x00005607e6adaa6f in zend_compile_expr (result=result@entry=0x7fffc440d5a0, ast=0x7fa4858cc080) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:8265
#10 0x00005607e6adce00 in zend_compile_binary_op (result=result@entry=0x7fffc440d6d0, ast=ast@entry=0x7fa4858cc0b0) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:7027
#11 0x00005607e6adaa6f in zend_compile_expr (result=result@entry=0x7fffc440d6d0, ast=0x7fa4858cc0b0) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:8265
#12 0x00005607e6adce00 in zend_compile_binary_op (result=result@entry=0x7fffc440d800, ast=ast@entry=0x7fa4858cc140) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:7027
#13 0x00005607e6adaa6f in zend_compile_expr (result=result@entry=0x7fffc440d800, ast=0x7fa4858cc140) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:8265
#14 0x00005607e6adce00 in zend_compile_binary_op (result=result@entry=0x7fffc440d930, ast=ast@entry=0x7fa4858cc170) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:7027
#15 0x00005607e6adaa6f in zend_compile_expr (result=result@entry=0x7fffc440d930, ast=0x7fa4858cc170) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:8265
#16 0x00005607e6adce00 in zend_compile_binary_op (result=result@entry=0x7fffc440da60, ast=ast@entry=0x7fa4858cc200) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:7027
#17 0x00005607e6adaa6f in zend_compile_expr (result=result@entry=0x7fffc440da60, ast=0x7fa4858cc200) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:8265
#18 0x00005607e6adce00 in zend_compile_binary_op (result=result@entry=0x7fffc440db90, ast=ast@entry=0x7fa4858cc230) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:7027
#19 0x00005607e6adaa6f in zend_compile_expr (result=result@entry=0x7fffc440db90, ast=0x7fa4858cc230) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:8265
#20 0x00005607e6adce00 in zend_compile_binary_op (result=result@entry=0x7fffc440dcc0, ast=ast@entry=0x7fa4858cc2c0) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:7027
#21 0x00005607e6adaa6f in zend_compile_expr (result=result@entry=0x7fffc440dcc0, ast=0x7fa4858cc2c0) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:8265
#22 0x00005607e6adce00 in zend_compile_binary_op (result=result@entry=0x7fffc440ddf0, ast=ast@entry=0x7fa4858cc2f0) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:7027
#23 0x00005607e6adaa6f in zend_compile_expr (result=result@entry=0x7fffc440ddf0, ast=0x7fa4858cc2f0) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:8265
#24 0x00005607e6adce00 in zend_compile_binary_op (result=result@entry=0x7fffc440df20, ast=ast@entry=0x7fa4858cc380) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:7027
#25 0x00005607e6adaa6f in zend_compile_expr (result=result@entry=0x7fffc440df20, ast=0x7fa4858cc380) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:8265
#26 0x00005607e6adce00 in zend_compile_binary_op (result=result@entry=0x7fffc440e050, ast=ast@entry=0x7fa4858cc3b0) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:7027
#27 0x00005607e6adaa6f in zend_compile_expr (result=result@entry=0x7fffc440e050, ast=0x7fa4858cc3b0) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:8265
#28 0x00005607e6adce00 in zend_compile_binary_op (result=result@entry=0x7fffc440e180, ast=ast@entry=0x7fa4858cc440) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:7027
#29 0x00005607e6adaa6f in zend_compile_expr (result=result@entry=0x7fffc440e180, ast=0x7fa4858cc440) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:8265
#30 0x00005607e6adce00 in zend_compile_binary_op (result=result@entry=0x7fffc440e2b0, ast=ast@entry=0x7fa4858cc470) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:7027
#31 0x00005607e6adaa6f in zend_compile_expr (result=result@entry=0x7fffc440e2b0, ast=0x7fa4858cc470) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:8265
#32 0x00005607e6adce00 in zend_compile_binary_op (result=result@entry=0x7fffc440e3e0, ast=ast@entry=0x7fa4858cc500) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:7027
#33 0x00005607e6adaa6f in zend_compile_expr (result=result@entry=0x7fffc440e3e0, ast=0x7fa4858cc500) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:8265
#34 0x00005607e6adce00 in zend_compile_binary_op (result=result@entry=0x7fffc440e510, ast=ast@entry=0x7fa4858cc530) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:7027
#35 0x00005607e6adaa6f in zend_compile_expr (result=result@entry=0x7fffc440e510, ast=0x7fa4858cc530) at /build/php7.2-AL4wdD/php7.2-7.2.15/Zend/zend_compile.c:8265
 [2021-04-21 10:16 UTC] cmb@php.net
That is a compile time issue caused by too many . (concat)
operators, leading to too deep recursion.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Oct 31 22:01:27 2024 UTC