|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2009-12-07 13:56 UTC] ikickdogsforfun at hotmail dot com
Description: ------------ When using PHP SAPI and values have been added to the global $_SERVER variable, shutdown segfaults in zend_gc. If I remove the setting of the global variables it doesn't seg fault. This is possibly not a fault the SAPI, but I've been unable to resolve, removing the destroy and free commands in shutdown function doesn't stop it from segfaulting. Reproduce code: --------------- The entire source code file is available at https://crispycrisp.org/php.txt this is the function that causes a segfault in shutdown if it has been called: void php_set_superglobal_server(char *name, char *val) { zend_first_try { HashTable* locals = &EG(symbol_table); zval *type; /* Fetch $_SERVER from the global scope */ zend_hash_find(locals, "_SERVER", sizeof("_SERVER"), (void**)&SERVER); ALLOC_INIT_ZVAL(type); ZVAL_STRING(type, val, 1); ZEND_SET_SYMBOL(Z_ARRVAL_PP(SERVER), name, type); } zend_end_try(); } Expected result: ---------------- No segfault Actual result: -------------- ==17605== Thread 2: ==17605== Invalid read of size 4 ==17605== at 0x43B4BB9: gc_remove_zval_from_buffer (zend_gc.h:189) ==17605== by 0x438E18F: _zval_ptr_dtor (zend_execute_API.c:434) ==17605== by 0x43A4C7D: zend_hash_destroy (zend_hash.c:526) ==17605== by 0x804A88A: php_shutdown (php.c:143) ==17605== by 0x804A955: php (php.c:168) ==17605== by 0x8049D94: parsing_request (handler.c:180) ==17605== by 0x80496FE: handle (handler.c:25) ==17605== by 0x4032F3A: start_thread (in /lib/libpthread-2.7.so) ==17605== by 0x4793BED: clone (in /lib/libc-2.7.so) ==17605== Address 0x1c is not stack'd, malloc'd or (recently) free'd ==17605== ==17605== Process terminating with default action of signal 11 (SIGSEGV) ==17605== Access not within mapped region at address 0x1C ==17605== at 0x43B4BB9: gc_remove_zval_from_buffer (zend_gc.h:189) ==17605== by 0x438E18F: _zval_ptr_dtor (zend_execute_API.c:434) ==17605== by 0x43A4C7D: zend_hash_destroy (zend_hash.c:526) ==17605== by 0x804A88A: php_shutdown (php.c:143) ==17605== by 0x804A955: php (php.c:168) ==17605== by 0x8049D94: parsing_request (handler.c:180) ==17605== by 0x80496FE: handle (handler.c:25) ==17605== by 0x4032F3A: start_thread (in /lib/libpthread-2.7.so) ==17605== by 0x4793BED: clone (in /lib/libc-2.7.so) PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Wed Dec 03 22:00:01 2025 UTC |
Can you try using the following within php_set_superglobal_server as the way to modify the _SERVER value. php_register_variable_ex("name", type, PG(http_globals)[TRACK_VARS_SERVER]); Also you don't need to destroy the servers zval, it will be handled by php_embed_shutdown()