php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #33538 crash after returning from custom extension code
Submitted: 2005-07-01 18:38 UTC Modified: 2005-07-10 01:00 UTC
From: rristroph at airlinksystems dot com Assigned:
Status: No Feedback Package: Reproducible crash
PHP Version: 4.3.11 OS: Fedora Core 3
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: rristroph at airlinksystems dot com
New email:
PHP Version: OS:

 

 [2005-07-01 18:38 UTC] rristroph at airlinksystems dot com
Description:
------------
Hi,

    This bug report is difficult because I don't have a short bit of code to reproduce it.  However, if you can give me any suggestions of things to try, I do so and report back.

    I have PHP 4.3.11 compiled on Fedora Core 4, running on x86_64.  (Note that Fedora Core 4 comes with PHP 5, and I removed it and installed 4.3.11 from source.  Also that Fedora Core 4 uses gcc 4.0, and all the platforms that have PHP 4 instead of PHP 5 might be using older gcc versions.)

    I am compiling and loading a custom extension written in C and C++; this allows access to some libraries the company owns and has written in house, they are large and also proprietary, so I can't give you the extension.  However, the crash is not in the extension.

    After running a number of different commands in the extension successfully, it fails after returning from an extension function.  The extension function is relatively simple and returns a long, not a php object or reference or anything like that.

    The segfault occurs in php-4.3.11/Zend/zend_execute.c:1658.

    I can work towards trimming code until I have a short piece of php code that loads a small dummy extension that causes the problem; however that will take some time (maybe weeks as I have a lot of other stuff to do).  I thought I would at least post what info I have to get any suggestions.

Here is the terminal output when running gdb:

-----------------------------------------------------------
[root@linux52 html]# gdb php -f login.php
GNU gdb Red Hat Linux (6.3.0.0-1.21rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu"...Using host libthread_db library "/lib64/libthread_db.so.1".

"/home/httpd/html/login.php" is not a core dump: File format not recognized
(gdb) quit
[root@linux52 html]# gdb php
GNU gdb Red Hat Linux (6.3.0.0-1.21rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu"...Using host libthread_db library "/lib64/libthread_db.so.1".

(gdb) run -f login.php
Starting program: /usr/bin/php -f login.php
about to dl al_util_nodebug.so -- first<br>
[Thread debugging using libthread_db enabled]
[New Thread 46912496277408 (LWP 14795)]
[New Thread 231832879520 (LWP 14795)]
Error while reading shared library symbols:
Cannot find new threads: debugger service failed
result = 1<br>
Functions available in the test extension:<br>
<br>
after<br>
after2<br>
RGR HERE <br>
RGR MARK 1

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 46912496277408 (LWP 14795)]
0x00000000005237db in execute (op_array=Cannot access memory at address 0x7ffefffffe78
) at /root/updates/php/php-4.3.11/Zend/zend_execute.c:1658
1658                                                    EG(current_execute_data) = &execute_data;
(gdb) where
#0  0x00000000005237db in execute (op_array=Cannot access memory at address 0x7ffefffffe78
) at /root/updates/php/php-4.3.11/Zend/zend_execute.c:1658
Cannot access memory at address 0x7fff00000000
(gdb) bt
#0  0x00000000005237db in execute (op_array=Cannot access memory at address 0x7ffefffffe78
) at /root/updates/php/php-4.3.11/Zend/zend_execute.c:1658
Cannot access memory at address 0x7fff00000000
(gdb) list
1658                                                    EG(current_execute_data) = &execute_data;
1659                                                    if (EX(object).ptr) {
1660                                                            EX(object).ptr->refcount--;
1661                                                    }
1662                                                    EX(Ts)[EX(opline)->result.u.var].var.ptr->is_ref = 0;
1663                                                    EX(Ts)[EX(opline)->result.u.var].var.ptr->refcount = 1;
1664                                                    if (!return_value_used) {
1665                                                            zval_ptr_dtor(&EX(Ts)[EX(opline)->result.u.var].var.ptr);
1666                                                    }
1667                                            } else if (EX(function_state).function->type==ZEND_USER_FUNCTION) {
(gdb) p current_execute_data
No symbol "current_execute_data" in current context.
(gdb) p execute_data
Cannot access memory at address 0x7ffefffffed0
(gdb) p &execute_data
$1 = (zend_execute_data *) 0x7ffefffffed0
(gdb) 
------------------------------------------------------------

here is the config command I used to compile php 4.3.11:

------------------------------------------------------------
./configure \
--build=x86_64-redhat-linux --host=x86_64-redhat-linux --target=x86_64-redhat-linux-gnu \
--program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin \
--sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 \
--libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com \
--mandir=/usr/share/man --infodir=/usr/share/info \
--cache-file=../config.cache \
--with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d \
--enable-force-cgi-redirect \
--disable-debug \
--enable-pic \
--disable-rpath \
--enable-inline-optimization \
--with-bz2 \
--with-curl \
--with-exec-dir=/usr/bin \
--with-freetype-dir=/usr \
--with-png-dir=/usr \
--with-gd=shared \
--enable-gd-native-ttf \
--without-gdbm \
--with-gettext \
--with-ncurses=shared \
--with-gmp \
--with-iconv \
--with-jpeg-dir=/usr \
--with-openssl \
--with-png \
--with-xml \
--with-expat-dir=/usr \
--with-dom=shared,/usr \
--with-zlib \
--with-layout=GNU \
--enable-bcmath \
--enable-exif \
--enable-ftp \
--enable-magic-quotes \
--enable-safe-mode \
--enable-sockets \
--enable-sysvsem \
--enable-sysvshm \
--enable-track-vars \
--enable-trans-sid \
--enable-yp \
--enable-wddx \
--with-pear=/usr/share/pear \
--with-kerberos \
--with-mysql=shared,/usr \
--with-pgsql=shared \
--with-snmp=shared,/usr \
--with-snmp=shared \
--enable-ucd-snmp-hack \
--with-unixODBC=shared,/usr \
--enable-memory-limit \
--enable-shmop \
--enable-calendar \
--enable-dbx \
--enable-dio \
--enable-mbstring=shared \
--enable-mbstr-enc-trans \
--enable-mbregex \
--with-mime-magic=/usr/share/file/magic.mime \
--with-apxs2=/usr/sbin/apxs
-----------------------------------------------------------

here is a diff between the php.ini I am using and the php.ini that was generated by the install, piped through a grep to remove all differences in comments:

------------------------------------------------------------
[root@linux52 html]# diff /etc/php.ini /root/updates/php/php-4.3.11/php.ini-dist | grep -v "\;" | wc -l
112
[root@linux52 html]# diff /etc/php.ini /root/updates/php/php-4.3.11/php.ini-dist | grep -v "\;"
2a3,13
> 
> 
6,73c17,60
---
95c82
< precision    =  14
---
> precision    =  12
125,129c112,116
---
167d153
< #allow_call_time_pass_reference = Off
170d155
247,248c232
< memory_limit = 335544320
---
284c268
---
286c270
< error_reporting  =  E_ALL
---
> error_reporting  =  E_ALL & ~E_NOTICE
293,294c277
< display_errors = Off
< #display_errors = On
---
> display_errors = On
304d286
< #log_errors = On



330c312
< 
---
>   
383,384c365
< #register_globals = Off
< register_globals = On
---
> register_globals = Off
401c382
< magic_quotes_gpc = Off
---
> magic_quotes_gpc = On
421c402
---
435,437d415
< include_path=".:./classes:../classes:/home/httpd/html/classes"
< 
< 
445c423
---
450,451c428
< extension_dir = /usr/lib64/20020429
---
> extension_dir = "./"
480c457
---
495c472
< 
---
>  
522,523c499,500
---
545c522,526
---
552,553d532
< extension=mysql.so
< extension=gd.so
555,558c534,581
---
> 
580c603
< sendmail_path = /usr/sbin/sendmail -t -i
---
671,673c694,695
< pgsql.auto_reset_persistent = Off
---
> pgsql.auto_reset_persistent = Off 
682d703
738c759
< dbx.colnames_case = "lowercase"
---
> dbx.colnames_case = "unchanged"
791c812,823
< session.save_path = /var/lib/php/session
---
796c828
---
825c857
< session.gc_divisor     = 1000
---
> session.gc_divisor     = 100
830a863,870
> 
837c877
< session.bug_compat_42 = 0
---
> session.bug_compat_42 = 1
855c895
---
863c903
---
868c908
---
878c918
< url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
---
> url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=,fieldset="
983,986d1022
< [Sockets]
< sockets.use_system_read = On

< 
[root@linux52 html]# 
-------------------------------------------------------------

I realize it is impossible to ask for a fix here, but if you can suggest anything I might try, or tell me how to go about doing what you would do if you had everything, I'll do it.

Thanks in advance for any attention you can give this.

--Rob



Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-07-02 12:10 UTC] derick@php.net
This bugsystem is for bugs in the normal PHP source distribution, so if it starts crashing because of a third party extension this is the wrong place to ask. Did you try to turn of your commercial extensions? Does the crash still happen then? If it doesn't, then you need to ask for help on the pecl-dev@ mailinglist.
 [2005-07-10 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 16:01:28 2024 UTC