php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #66787 SIGSEGV When PHP code involving DNS name resolution, the process will crash
Submitted: 2014-02-27 06:39 UTC Modified: 2014-12-30 10:42 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: wangbo5 at 360 dot cn Assigned:
Status: No Feedback Package: *Network Functions
PHP Version: 5.5Git-2014-02-27 (Git) OS: CentOS 5.4
Private report: No CVE-ID: None
 [2014-02-27 06:39 UTC] wangbo5 at 360 dot cn
Description:
------------
When PHP code involving DNS name resolution, the process will crash

Test script:
---------------
<?php

file_get_contents("http://www.baidu.com/");

?>

Expected result:
----------------
NO SIGSEGV

Actual result:
--------------
kernel: php-fpm[12646]: segfault at 2559 ip 000000398a6145b2 sp 00007fffc1280cf8 error 4 in ld-2.5.so[398a600000+1c000]


Program received signal SIGSEGV, Segmentation fault.
0x000000398a6145b2 in strcmp () from /lib64/ld-linux-x86-64.so.2
(gdb) bt
#0  0x000000398a6145b2 in strcmp () from /lib64/ld-linux-x86-64.so.2
#1  0x000000398a607dc3 in _dl_map_object (loader=<value optimized out>, name=<value optimized out>, preloaded=<value optimized out>, type=<value optimized out>, 
    trace_mode=<value optimized out>, mode=<value optimized out>, nsid=<value optimized out>) at dl-load.c:1975
#2  0x000000398a610c4d in dl_open_worker (a=<value optimized out>) at dl-open.c:295
#3  0x000000398a60ce96 in _dl_catch_error (objname=<value optimized out>, errstring=<value optimized out>, mallocedp=<value optimized out>, operate=<value optimized out>, 
    args=<value optimized out>) at dl-error.c:178
#4  0x000000398a61064c in _dl_open (file=<value optimized out>, mode=<value optimized out>, caller_dlopen=<value optimized out>, nsid=<value optimized out>, argc=<value optimized out>, 
    argv=<value optimized out>, env=<value optimized out>) at dl-open.c:602
#5  0x000000398ab08ab0 in do_dlopen (ptr=<value optimized out>) at dl-libc.c:86
#6  0x000000398a60ce96 in _dl_catch_error (objname=<value optimized out>, errstring=<value optimized out>, mallocedp=<value optimized out>, operate=<value optimized out>, 
    args=<value optimized out>) at dl-error.c:178
#7  0x000000398ab08c17 in __libc_dlopen_mode (name=<value optimized out>, mode=<value optimized out>) at dl-libc.c:47
#8  0x000000398aae3960 in __nss_lookup_function (ni=<value optimized out>, fct_name=<value optimized out>) at nsswitch.c:362
#9  0x000000398aabbb87 in gaih_inet (name=<value optimized out>, service=<value optimized out>, req=<value optimized out>, pai=<value optimized out>, naddrs=<value optimized out>)
    at ../sysdeps/posix/getaddrinfo.c:813
#10 0x000000398aabd62a in getaddrinfo (name=<value optimized out>, service=<value optimized out>, hints=<value optimized out>, pai=<value optimized out>)
    at ../sysdeps/posix/getaddrinfo.c:2325
#11 0x0000000000638c8e in php_network_getaddresses (host=0x7fbf8ddadf80 "www.sina.com.cn", socktype=<value optimized out>, sal=0x7fffe27bc238, error_string=0x7fffe27bc450)
    at /home/gaoyuan/php-5.5.0/main/network.c:213
#12 0x0000000000638e85 in php_network_connect_socket_to_host (host=0x7fffe27bba90 "libnss_dns.so.2", port=80, socktype=1, asynchronous=0, timeout=0x0, error_string=0x90000001, 
    error_code=0x7fffe27bc35c, bindto=0x0, bindport=0) at /home/gaoyuan/php-5.5.0/main/network.c:777
#13 0x0000000000649d4d in php_tcp_sockop_set_option (stream=0x7fbf8ddade38, option=<value optimized out>, value=<value optimized out>, ptrparam=0x7fffe27bc3d0)
    at /home/gaoyuan/php-5.5.0/main/streams/xp_socket.c:671
#14 0x000000000063cc79 in _php_stream_set_option (stream=0x7fffe27bba90, option=7, value=0, ptrparam=0xffffffff) at /home/gaoyuan/php-5.5.0/main/streams/streams.c:1353
#15 0x00000000006481d5 in php_stream_xport_connect (stream=0x7fbf8ddade38, name=0x7fbf8dd7a296 "www.sina.com.cn:80", namelen=18, asynchronous=0, timeout=0x7fffe27bd340, 
    error_text=0x7fffe27bc528, error_code=0x0) at /home/gaoyuan/php-5.5.0/main/streams/transports.c:243
#16 0x000000000064891b in _php_stream_xport_create (name=0x7fbf8dd7a296 "www.sina.com.cn:80", namelen=18, options=0, flags=<value optimized out>, persistent_id=0x0, timeout=0x7fffe27bd340, 
    context=0x7fbf8ddadc30, error_string=0x7fffe27bd378, error_code=0x0) at /home/gaoyuan/php-5.5.0/main/streams/transports.c:143
#17 0x00000000005e465a in php_stream_url_wrap_http_ex (wrapper=0xbe7fc0, path=0x7fbf806e71c0 "http://www.sina.com.cn", mode=0x8bcbfa "rb", options=0, opened_path=0x0, 
    context=0x7fbf8ddadc30, redirect_max=20, flags=1) at /home/gaoyuan/php-5.5.0/ext/standard/http_fopen_wrapper.c:183
#18 0x00000000005e7968 in php_stream_url_wrap_http (wrapper=0x7fffe27bba90, path=0x2559 <Address 0x2559 out of bounds>, mode=0x7fbf889e3160 "\016", options=-1, opened_path=0x0, 
    context=0x90000001) at /home/gaoyuan/php-5.5.0/ext/standard/http_fopen_wrapper.c:926
#19 0x000000000063ec5b in _php_stream_open_wrapper_ex (path=0x7fbf806e71c0 "http://www.sina.com.cn", mode=0x8bcbfa "rb", options=0, opened_path=0x0, context=0x7fbf8ddadc30)
    at /home/gaoyuan/php-5.5.0/main/streams/streams.c:2051
#20 0x00000000005ae6dc in zif_file_get_contents (ht=12599104, return_value=0x7fbf8ddadc00, return_value_ptr=<value optimized out>, this_ptr=<value optimized out>, 
    return_value_used=<value optimized out>) at /home/gaoyuan/php-5.5.0/ext/standard/file.c:540
#21 0x000000000053473d in phar_file_get_contents (ht=1, return_value=0x7fbf8ddadc00, return_value_ptr=0x0, this_ptr=0x0, return_value_used=0)
    at /home/gaoyuan/php-5.5.0/ext/phar/func_interceptors.c:225
#22 0x00000000006b9559 in zend_do_fcall_common_helper_SPEC (execute_data=0x7fbf8dd7b0d8) at /home/gaoyuan/php-5.5.0/Zend/zend_vm_execute.h:543
#23 0x00000000006f78a8 in execute_ex (execute_data=0x7fbf8dd7b0d8) at /home/gaoyuan/php-5.5.0/Zend/zend_vm_execute.h:356
#24 0x000000000068652b in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/gaoyuan/php-5.5.0/Zend/zend.c:1316
#25 0x0000000000627939 in php_execute_script (primary_file=0x7fffe27c1e20) at /home/gaoyuan/php-5.5.0/main/main.c:2481
#26 0x000000000073ac34 in main (argc=0, argv=<value optimized out>) at /home/gaoyuan/php-5.5.0/sapi/fpm/fpm/fpm_main.c:1933 

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-02-27 08:09 UTC] remi@php.net
Cannot reproduce.

Does this occurs atfer server startup or even after a restart of the service ?

You report against 5.5Git, but according to your backtrace, you are using 5.5.0, which is very old.

You also use CentOS 5.4 which is also very old. 5.11 is current version and is bugfix only.

Please update (CentOS 5.11 + PHP 5.5.9) to see if still exists.
 [2014-04-02 13:49 UTC] mike@php.net
-Status: Open +Status: Feedback
 [2014-04-02 13:49 UTC] mike@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2014-12-30 10:42 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Oct 31 23:01:28 2024 UTC