php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #63009 APC 3.1.13 segfaults in ini_lex() with PHP 5.4
Submitted: 2012-09-04 10:56 UTC Modified: 2016-11-18 21:22 UTC
Votes:2
Avg. Score:3.5 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (50.0%)
From: lstrojny@php.net Assigned:
Status: Wont fix Package: APC (PECL)
PHP Version: 5.4.6 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: lstrojny@php.net
New email:
PHP Version: OS:

 

 [2012-09-04 10:56 UTC] lstrojny@php.net
Description:
------------
PHP 5.4.6 segfaults with APC 3.1.13 enabled. I didn’t manage to extract a 
reproduction case just yet, but a stack trace is attached.

Actual result:
--------------
#0  ini_lex (ini_lval=0x2e08300) at /usr/src/php5.4/source/php5-
5.4.6/Zend/zend_ini_scanner.c:2577
2577	/usr/src/php5.4/source/php5-5.4.6/Zend/zend_ini_scanner.c: No such file or 
directory.
	in /usr/src/php5.4/source/php5-5.4.6/Zend/zend_ini_scanner.c
(gdb) bt full
#0  ini_lex (ini_lval=0x2e08300) at /usr/src/php5.4/source/php5-
5.4.6/Zend/zend_ini_scanner.c:2577
        yybm = '\000' <repeats 255 times>
        yych = 1 '\001'
        yyaccept = 0
#1  0x0000000003d1e890 in ?? ()
No symbol table info available.
#2  0x0000000000000001 in ?? ()
No symbol table info available.
#3  0x0000000000000008 in ?? ()
No symbol table info available.
#4  0x0000000003e1c030 in ?? ()
No symbol table info available.
#5  0x00007feabea301e0 in ?? ()
No symbol table info available.
#6  0x00000000006c21d9 in compare_function (result=0x3d80fd0, 
op1=0x656d616e74736f68, op2=0x2e08300)
    at /usr/src/php5.4/source/php5-5.4.6/Zend/zend_operators.c:1463
        ret = 0
        converted = 64491472
        op1_copy = {value = {lval = 3198424792, dval = 6.9488454402759341e-310, 
str = {val = 0x7feabea416d8 " \027\244\276\352\177", 
              len = 14858208}, ht = 0x7feabea416d8, obj = {handle = 3198424792, 
handlers = 0xe2b7e0}}, refcount__gc = 3838752764, 
          type = 234 '\352', is_ref__gc = 127 '\177'}
        op2_copy = {value = {lval = 7033597, dval = 3.4750586443920542e-317, str = 
{val = 0x6b52fd "", len = 65126448}, 
            ht = 0x6b52fd, obj = {handle = 7033597, handlers = 0x3e1c030}}, 
refcount__gc = 3838739135, type = 234 '\352', 
          is_ref__gc = 127 '\177'}
        op_free = 0x656d616e74736f68
#7  0x0000000003e17858 in ?? ()
No symbol table info available.
#8  0x00000000006b52fd in do_bind_inherited_class (op_array=0x2e08300, 
opline=0x3d80fd0, class_table=0x3d80fc0, parent_ce=0x3d80fd0, 
    compile_time=40 '(') at /usr/src/php5.4/source/php5-
5.4.6/Zend/zend_compile.c:4535
        ce = 0x656d616e74736f68
        pce = 0x20
        found_ce = 0
        op1 = 0x0
        op2 = 0x2e08300
#9  0x0000000003e1c030 in ?? ()
No symbol table info available.
#10 0x00007feae4ce82bf in apc_free_class_entry_after_execution 
(src=0x656d616e74736f68)
    at /usr/src/sandbox/apc/php-apc-3.1.13~internations+1.1/APC-
3.1.13/apc_compile.c:2003
        i = 48268032
#11 0x00007feae4ceb7fc in apc_deactivate () at /usr/src/sandbox/apc/php-apc-
3.1.13~internations+1.1/APC-3.1.13/apc_main.c:948
        pzce = 0x33a9928
        cache_entry = 0x7feabea416d8
#12 apc_request_shutdown () at /usr/src/sandbox/apc/php-apc-
3.1.13~internations+1.1/APC-3.1.13/apc_main.c:1042
No locals.
#13 0x00007feae4ce15c5 in zm_deactivate_apc (type=48268032, 
module_number=64491472)
    at /usr/src/sandbox/apc/php-apc-3.1.13~internations+1.1/APC-
3.1.13/php_apc.c:407
No locals.
#14 0x00000000006c8e64 in zend_fcall_info_argv (fci=0x315c7f0, argc=14856288, 
argv=0x31024a8)
    at /usr/src/php5.4/source/php5-5.4.6/Zend/zend_API.c:3237
        i = 1
#15 0x000000000000002b in ?? ()
No symbol table info available.
#16 0x00007fffa8d452f0 in ?? ()
No symbol table info available.
#17 0x0000000000e2b7e0 in ?? ()
No symbol table info available.
#18 0x0a5aa77755b5f47e in ?? ()
No symbol table info available.
#19 0x000000000315c7f0 in ?? ()
No symbol table info available.
#20 0x00007feae8da52a0 in ?? ()
---Type <return> to continue, or q <return> to quit---
No symbol table info available.
#21 0x0000000000000000 in ?? ()
No symbol table info available.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-09-04 14:44 UTC] laruence@php.net
hey, this segfault occurred in what situation? I mean what was you doing when this 
ocucrred, and what's your apc configurations?

thanks
 [2012-09-04 15:42 UTC] lstrojny@php.net
As I said, this kind of segfault randomly occurs with PHP 5.4.6 + APC 3.1.13 on a 
production system.
 [2012-09-10 15:13 UTC] lstrojny@php.net
Another probably important bit I missed. We are using stat=0.
 [2012-12-05 15:11 UTC] ab@php.net
Still no repro case for that?
 [2012-12-05 15:11 UTC] ab@php.net
-Status: Open +Status: Feedback
 [2012-12-05 17:46 UTC] lstrojny@php.net
-Status: Feedback +Status: Open
 [2012-12-05 17:46 UTC] lstrojny@php.net
Unfortunately not.
 [2013-02-18 23:54 UTC] gopalv@php.net
#8  0x00000000006b52fd in do_bind_inherited_class (op_array=0x2e08300, 
opline=0x3d80fd0, class_table=0x3d80fc0, parent_ce=0x3d80fd0, 

This seems wrong in more ways than one - opline, class_table and parent_ce are 
the same!
 [2013-06-07 09:56 UTC] gergund at gmail dot com
I have related issue but on 5.3.14 version with backported patches from 5.3.15 
and APC 3.1.13 

#0  0x000000000058efe8 in ini_lex (ini_lval=0x1883310) at 
Zend/zend_ini_scanner.c:2664
2664     if (yych <= '/') goto yy195;
Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.107.el6.x86_64
(gdb) bt
#0  0x000000000058efe8 in ini_lex (ini_lval=0x1883310) at 
Zend/zend_ini_scanner.c:2664
#1  0x000000000189b580 in ?? ()
#2  0x0000000000000000 in ?? ()
(gdb) bt full
#0  0x000000000058efe8 in ini_lex (ini_lval=0x1883310) at 
Zend/zend_ini_scanner.c:2664
        yybm = 
"\204\204\204\204\204\204\204\204\204\206\200\204\204\200\204\204\204\204\204\20
4\204\204\204\204\204\204\204\204\204\204\204\204\206\204\200\204\210\204\204\00
0\204\204\204\204\204\204\204\204\344\344\344\344\344\344\344\344\344䄀
\204\204\204\204\204\244\244\244\244\244\244\244\244\244\244\244\244\244\244\244
\244\244\244\244\244\244\244\244\244\244\244\204\220\200\204\244\204\244\244\244
\244\244\244\244\244\244\244\244\244\244\244\244\244\244\244\244\244\244\244\244
\244\244\244\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204
\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204
\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204
\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204
\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204
\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204
\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204"
        yych = 235 '\353'
        yyaccept = 2
#1  0x000000000189b580 in ?? ()
No symbol table info available.
#2  0x0000000000000000 in ?? ()
No symbol table info available.
 [2016-11-18 21:22 UTC] kalle@php.net
-Status: Open +Status: Wont fix
 [2016-11-18 21:22 UTC] kalle@php.net
APC is no longer supported in favor of opcache that comes bundled with PHP, if you wish to use the user cache, then look at PECL/APCu.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 14:01:32 2024 UTC