php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78121 7.3.6 (but not 7.3.5) segfaults in php_module_shutdown with phalcon ext loaded
Submitted: 2019-06-06 13:53 UTC Modified: 2019-06-06 14:38 UTC
From: dzuelke at gmail dot com Assigned: krakjoe (profile)
Status: Not a bug Package: opcache
PHP Version: 7.3.6 OS: Ubuntu 16.04
Private report: No CVE-ID: None
 [2019-06-06 13:53 UTC] dzuelke at gmail dot com
Description:
------------
With the following PHP build:

./configure --disable-phpdbg --with-curl --with-openssl --with-kerberos --with-readline --enable-sockets --enable-debug --enable-opcache-file --without-libzip --with-sodium=shared

And having https://github.com/phalcon/cphalcon/ version 3.4.3 installed and loaded (see test script for reproduce instructions), a php -v or php --ri phalcon segfaults:

# php -d"extension=phalcon.so" --ri phalcon

phalcon

…

php: /tmp/bob-aEolPN/php-7.3.6/ext/opcache/ZendAccelerator.c:743: accel_replace_string_by_process_permanent: Assertion `!((char*)(str) >= (char*)(accel_shared_globals->interned_strings).start && (char*)(str) < (char*)(accel_shared_globals->interned_strings).top)' failed.
Aborted (core dumped)


I'm reporting this here because it worked in 7.3.5, and the changelog for 7.3.6 lists changes to OPcache specifically around possible crashes, so maybe these changes broke something unintentionally.

Also tracked with phalcon maintainers already at https://github.com/phalcon/cphalcon/issues/14160

Test script:
---------------
curl -L https://github.com/phalcon/cphalcon/archive/v3.4.3.tar.gz | tar xz
cd cphalcon-3.4.3/build/php7/64bits/
export CC="gcc"
export CFLAGS="-O2 -fvisibility=hidden"
export CPPFLAGS="-DPHALCON_RELEASE"
phpize
./configure --enable-phalcon
make -s -j9
ulimit -c unlimited
make install


Expected result:
----------------
No segfault, like it's the case on PHP 7.3.5.

Actual result:
--------------
# php -d"extension=phalcon.so" --ri phalcon

phalcon

…

php: /tmp/bob-aEolPN/php-7.3.6/ext/opcache/ZendAccelerator.c:743: accel_replace_string_by_process_permanent: Assertion `!((char*)(str) >= (char*)(accel_shared_globals->interned_strings).start && (char*)(str) < (char*)(accel_shared_globals->interned_strings).top)' failed.
Aborted (core dumped)


# gdb $(which php) core
GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.5) 7.11.1
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /app/.heroku/php/bin/php...done.
[New LWP 70485]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `php -dextension=phalcon.so --ri phalcon'.
Program terminated with signal SIGABRT, Aborted.
#0  0x00007f2846204428 in __GI_raise (sig=sig@entry=6)
    at ../sysdeps/unix/sysv/linux/raise.c:54
54	../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  0x00007f2846204428 in __GI_raise (sig=sig@entry=6)
    at ../sysdeps/unix/sysv/linux/raise.c:54
#1  0x00007f284620602a in __GI_abort () at abort.c:89
#2  0x00007f28461fcbd7 in __assert_fail_base (fmt=<optimized out>, 
    assertion=assertion@entry=0x7f283edcf820 "!((char*)(str) >= (char*)(accel_shared_globals->interned_strings).start && (char*)(str) < (char*)(accel_shared_globals->interned_strings).top)", 
    file=file@entry=0x7f283edcf7e8 "/tmp/bob-aEolPN/php-7.3.6/ext/opcache/ZendAccelerator.c", line=line@entry=743, 
    function=function@entry=0x7f283edcff20 <__PRETTY_FUNCTION__.19051> "accel_replace_string_by_process_permanent") at assert.c:92
#3  0x00007f28461fcc82 in __GI___assert_fail (
    assertion=0x7f283edcf820 "!((char*)(str) >= (char*)(accel_shared_globals->interned_strings).start && (char*)(str) < (char*)(accel_shared_globals->interned_strings).top)", 
    file=0x7f283edcf7e8 "/tmp/bob-aEolPN/php-7.3.6/ext/opcache/ZendAccelerator.c", line=743, 
    function=0x7f283edcff20 <__PRETTY_FUNCTION__.19051> "accel_replace_string_by_process_permanent") at assert.c:101
#4  0x00007f283ed3f731 in accel_replace_string_by_process_permanent (
    str=0x7f28367cb210)
    at /tmp/bob-aEolPN/php-7.3.6/ext/opcache/ZendAccelerator.c:743
#5  0x00007f283ed3eef1 in accel_copy_permanent_strings (
---Type <return> to continue, or q <return> to quit---
    new_interned_string=0x7f283ed3f6b5 <accel_replace_string_by_process_permanent>) at /tmp/bob-aEolPN/php-7.3.6/ext/opcache/ZendAccelerator.c:646
#6  0x00007f283ed3f800 in accel_use_permanent_interned_strings ()
    at /tmp/bob-aEolPN/php-7.3.6/ext/opcache/ZendAccelerator.c:771
#7  0x00000000009e4014 in zend_interned_strings_switch_storage (
    request=0 '\000') at /tmp/bob-aEolPN/php-7.3.6/Zend/zend_string.c:336
#8  0x000000000090b9a1 in php_module_shutdown ()
    at /tmp/bob-aEolPN/php-7.3.6/main/main.c:2473
#9  0x0000000000a85bfc in main (argc=4, argv=0x325e070)
    at /tmp/bob-aEolPN/php-7.3.6/sapi/cli/php_cli.c:1404

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-06-06 13:54 UTC] dzuelke at gmail dot com
(I forgot to mention, the crash does not occur without opcache.so loaded)
 [2019-06-06 14:01 UTC] krakjoe@php.net
-Assigned To: +Assigned To: krakjoe
 [2019-06-06 14:01 UTC] krakjoe@php.net
I'll take a look, it's highly likely a bug in cphalcon rather than opcache, but I'll try to make sure ...
 [2019-06-06 14:38 UTC] krakjoe@php.net
-Status: Assigned +Status: Not a bug
 [2019-06-06 14:38 UTC] krakjoe@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

The bug is in phalcon, incorrect use of zend_declare_class_constant_ex
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Oct 31 23:01:28 2024 UTC