php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #51243 syntax error in autoload causes segmentation fault
Submitted: 2010-03-09 03:56 UTC Modified: 2014-07-13 02:27 UTC
Votes:13
Avg. Score:4.6 ± 0.7
Reproduced:8 of 9 (88.9%)
Same Version:4 (50.0%)
Same OS:3 (37.5%)
From: tsamukawa at maru dot jp Assigned: yohgaki (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 5.3.2, 5.3.3, 5.3.9RC OS: CentOS5.*
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: tsamukawa at maru dot jp
New email:
PHP Version: OS:

 

 [2010-03-09 03:56 UTC] tsamukawa at maru dot jp 
Description:
------------
Segmentation fault was occured when the file was loaded by calling require() or 
inclede() inside of autoload function ,
and it contains some php syntax error.

It is often happend.
The most case is after make changes of script repeatedly.

Test script:
---------------
=== C.php ===
<?php

class C{
  funct ion pr(){ print 123; }  // <-- syntax error
}

==== test.php ====
<?php

class Loader{
  function autoload($classname){ require "$classname.php" ;}
}

$loader  = new Loader();
spl_autoload_register(array($loader,'autoload'));

$c = new C();
$c->pr();

Expected result:
----------------
Report syntax error.

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0xb79dcb28 in zend_mm_check_ptr (heap=0x81b8a10, ptr=0x841fc78, silent=0, 
__zend_filename=0xb7f3234b "Zend/zend_language_scanner.l", __zend_lineno=685, 
__zend_orig_filename=0x0,
    __zend_orig_lineno=0) at /s/php-5.3.2/Zend/zend_alloc.c:1355
1355            if (p->info._prev != ZEND_MM_GUARD_BLOCK &&
(gdb) bt
#0  0xb79dcb28 in zend_mm_check_ptr (heap=0x81b8a10, ptr=0x841fc78, silent=0, 
__zend_filename=0xb7f3234b "Zend/zend_language_scanner.l", __zend_lineno=685, 
__zend_orig_filename=0x0,
    __zend_orig_lineno=0) at /s/php-5.3.2/Zend/zend_alloc.c:1355
#1  0xb79dcaff in zend_mm_check_ptr (heap=0x81b8a10, ptr=0x841fc78, silent=1, 
__zend_filename=0xb7f3234b "Zend/zend_language_scanner.l", __zend_lineno=685, 
__zend_orig_filename=0x0,
    __zend_orig_lineno=0) at /s/php-5.3.2/Zend/zend_alloc.c:1352
#2  0xb79de08c in _zend_mm_free_int (heap=0x81b8a10, p=0x841fc78, 
__zend_filename=0xb7f3234b "Zend/zend_language_scanner.l", __zend_lineno=685, 
__zend_orig_filename=0x0,
    __zend_orig_lineno=0) at /s/php-5.3.2/Zend/zend_alloc.c:1983
#3  0xb79df163 in _efree (ptr=0x841fc78, __zend_filename=0xb7f3234b 
"Zend/zend_language_scanner.l", __zend_lineno=685, __zend_orig_filename=0x0, 
__zend_orig_lineno=0)
    at /s/php-5.3.2/Zend/zend_alloc.c:2351
#4  0xb79c6105 in zend_multibyte_read_script (buf=0xb7157000 "<?php\n\nclass 
C{\n  funct ion pr(){ print 123; }\n}\n\n", n=50) at 
Zend/zend_language_scanner.l:685
#5  0xb79c5083 in open_file_for_scanning (file_handle=0xbf848aa0) at 
Zend/zend_language_scanner.l:263
#6  0xb79c5290 in compile_file (file_handle=0xbf848aa0, type=8) at 
Zend/zend_language_scanner.l:331
#7  0xb77d0015 in phar_compile_file (file_handle=0xbf848aa0, type=8) at /s/php-
5.3.2/ext/phar/phar.c:3390
#8  0xb6dabbba in xdebug_compile_file (file_handle=0xbf848aa0, type=8) at 
/s/xdebug-2.0.5/xdebug.c:2405
#9  0xb6d81060 in eaccelerator_compile_file (file_handle=0xbf848aa0, type=8) at 
/s/eaccelerator-0.9.6/eaccelerator.c:1252
#10 0xb79c546a in compile_filename (type=8, filename=0x8420ebc) at 
Zend/zend_language_scanner.l:386
#11 0xb7a33dd7 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER 
(execute_data=0x8450258) at /s/php-5.3.2/Zend/zend_vm_execute.h:1916
#12 0xb7a2dbe4 in execute (op_array=0x842205c) at /s/php-
5.3.2/Zend/zend_vm_execute.h:104
#13 0xb6da9456 in xdebug_execute (op_array=0x842205c) at /s/xdebug-
2.0.5/xdebug.c:1562
#14 0xb79f2f5c in zend_call_function (fci=0xbf848ea4, fci_cache=0xbf848e74) at 
/s/php-5.3.2/Zend/zend_execute_API.c:947
#15 0xb7a1be08 in zend_call_method (object_pp=0x841d5d8, obj_ce=0x84208bc, 
fn_proxy=0x841d5d4, function_name=0x841f1c8 "x::autoload\001", 
function_name_len=16, retval_ptr_ptr=0xbf848f44,
    param_count=1, arg1=0x841eed8, arg2=0x0) at /s/php-
5.3.2/Zend/zend_interfaces.c:97
#16 0xb7871cfc in zif_spl_autoload_call (ht=1, return_value=0x841fd94, 
return_value_ptr=0xbf849130, this_ptr=0x0, return_value_used=1) at /s/php-
5.3.2/ext/spl/php_spl.c:395
#17 0xb79f30f4 in zend_call_function (fci=0xbf84910c, fci_cache=0xbf8490f8) at 
/s/php-5.3.2/Zend/zend_execute_API.c:969
#18 0xb79f385d in zend_lookup_class_ex (name=0x8422190 "C", name_length=1, 
use_autoload=1, ce=0xbf84919c) at /s/php-5.3.2/Zend/zend_execute_API.c:1100
#19 0xb79f44b0 in zend_fetch_class (class_name=0x8422190 "C", class_name_len=1, 
fetch_type=4) at /s/php-5.3.2/Zend/zend_execute_API.c:1542
#20 0xb7a30966 in ZEND_FETCH_CLASS_SPEC_CONST_HANDLER (execute_data=0x84501b8) 
at /s/php-5.3.2/Zend/zend_vm_execute.h:724
#21 0xb7a308df in ZEND_USER_OPCODE_SPEC_HANDLER (execute_data=0x84501b8) at 
/s/php-5.3.2/Zend/zend_vm_execute.h:703
#22 0xb7a2dbe4 in execute (op_array=0x841eb88) at /s/php-
5.3.2/Zend/zend_vm_execute.h:104
#23 0xb6da9456 in xdebug_execute (op_array=0x841eb88) at /s/xdebug-
2.0.5/xdebug.c:1562
#24 0xb7a0139d in zend_execute_scripts (type=8, retval=0x0, file_count=3) at 
/s/php-5.3.2/Zend/zend.c:1194
#25 0xb79954b6 in php_execute_script (primary_file=0xbf84b65c) at /s/php-
5.3.2/main/main.c:2260
#26 0xb7acb392 in php_handler (r=0x83a1538) at /s/php-
5.3.2/sapi/apache2handler/sapi_apache2.c:655
#27 0x0807f629 in ap_run_handler (r=0x83a1538) at config.c:157
---Type <return> to continue, or q <return> to quit---
#28 0x08082797 in ap_invoke_handler (r=0x83a1538) at config.c:372
#29 0x080d64f8 in ap_process_request (r=0x83a1538) at http_request.c:282
#30 0x080d36db in ap_process_http_connection (c=0x83e1af0) at http_core.c:190
#31 0x08086769 in ap_run_process_connection (c=0x83e1af0) at connection.c:43
#32 0x08104f1d in child_main (child_num_arg=<value optimized out>) at 
prefork.c:662
#33 0x08105163 in make_child (s=0x8152c98, slot=0) at prefork.c:702
#34 0x08105f3c in ap_mpm_run (_pconf=0x814a550, plog=0x81a47f8, s=0x8152c98) at 
prefork.c:978
#35 0x0806cf25 in main (argc=135562568, argv=0x83df910) at main.c:740

Patches

fix-segfault-when-enable-zend-multibyte (last revision 2011-03-30 09:38 UTC by ks dot 08651 at i-revo dot co dot jp)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-03-09 21:40 UTC] kalle@php.net
-Status: Open +Status: Feedback
 [2010-03-09 21:40 UTC] kalle@php.net 
Try disable eaccelerator and/or xdebug and see if it stopped the segfault
 [2010-03-10 06:05 UTC] tsamukawa at maru dot jp 
I tested without using eaccelerator and xdebug mudule.
But problem does not fixed.
 [2010-03-10 06:18 UTC] tsamukawa at maru dot jp 
I tryed this script from CLI repeatedly, no segmentation fault was occured .
 [2010-03-10 22:13 UTC] jani@php.net
-Status: Open +Status: Feedback
 [2010-03-10 22:13 UTC] jani@php.net 
After disabling ALL 3rd party extensions (opcode caches, debuggers, etc.) provide a new backtrace of the crash.
 [2010-03-11 02:34 UTC] tsamukawa at maru dot jp 
I have 2 different backtraces generated.
1st bt is geneated by running same script as the sample.
2nd bt is by script uses calling spl_autoload_register() from inside of another user-defined function. 

---------------------------------------------------------------------------------------
Program received signal SIGSEGV, Segmentation fault.
0xb77c8b44 in autoload_func_info_dtor (alfi=0x7373616c) at /s/php-5.3.2/ext/spl/php_spl.c:362
362             if (alfi->obj) {
(gdb) bt
#0  0xb77c8b44 in autoload_func_info_dtor (alfi=0x7373616c) at /s/php-5.3.2/ext/spl/php_spl.c:362
#1  0xb7966728 in zend_hash_destroy (ht=0x8412154) at /s/php-5.3.2/Zend/zend_hash.c:526
#2  0xb77cb7a5 in zm_deactivate_spl (type=1, module_number=20) at /s/php-5.3.2/ext/spl/php_spl.c:904
#3  0xb795fffc in module_registry_cleanup (module=0x82abd10) at /s/php-5.3.2/Zend/zend_API.c:2150
#4  0xb7966f96 in zend_hash_reverse_apply (ht=0xb7ecaaa0, apply_func=0xb795ffcd <module_registry_cleanup>) at /s/php-
5.3.2/Zend/zend_hash.c:755
#5  0xb7957950 in zend_deactivate_modules () at /s/php-5.3.2/Zend/zend.c:866
#6  0xb78eb409 in php_request_shutdown (dummy=0x0) at /s/php-5.3.2/main/main.c:1607
#7  0xb7a21b2d in php_apache_request_dtor (r=0x83971e0) at /s/php-5.3.2/sapi/apache2handler/sapi_apache2.c:495
#8  0xb7a2241e in php_handler (r=0x83971e0) at /s/php-5.3.2/sapi/apache2handler/sapi_apache2.c:667
#9  0x0807f629 in ap_run_handler (r=0x83971e0) at config.c:157
#10 0x08082797 in ap_invoke_handler (r=0x83971e0) at config.c:372
#11 0x080d64f8 in ap_process_request (r=0x83971e0) at http_request.c:282
#12 0x080d36db in ap_process_http_connection (c=0x83d9810) at http_core.c:190
#13 0x08086769 in ap_run_process_connection (c=0x83d9810) at connection.c:43
#14 0x08104f1d in child_main (child_num_arg=<value optimized out>) at prefork.c:662
#15 0x08105163 in make_child (s=0x8152c98, slot=0) at prefork.c:702
#16 0x08105f3c in ap_mpm_run (_pconf=0x814a550, plog=0x81a47f8, s=0x8152c98) at prefork.c:978
#17 0x0806cf25 in main (argc=135562568, argv=0x83d7630) at main.c:740

---------------------------------------------------------------------------------------
Program received signal SIGSEGV, Segmentation fault.
0xb7ffb402 in __kernel_vsyscall ()
(gdb) bt
#0  0xb7ffb402 in __kernel_vsyscall ()
#1  0x459e61b6 in kill () from /lib/libc.so.6
#2  0xb79e15a1 in zend_mm_panic (message=0xb7f3a690 "zend_mm_heap corrupted") at /s/php-5.3.2/Zend/zend_alloc.c:92
#3  0xb79e3a2e in _zend_mm_alloc_int (heap=0x8284880, size=49, __zend_filename=0xb7f3834b "Zend/zend_language_scanner.l", 
__zend_lineno=690, __zend_orig_filename=0x0,
    __zend_orig_lineno=0) at /s/php-5.3.2/Zend/zend_alloc.c:1827
#4  0xb79e50ff in _emalloc (size=49, __zend_filename=0xb7f3834b "Zend/zend_language_scanner.l", __zend_lineno=690, 
__zend_orig_filename=0x0, __zend_orig_lineno=0)
    at /s/php-5.3.2/Zend/zend_alloc.c:2340
#5  0xb79cc147 in zend_multibyte_read_script (buf=0xb7fee000 "<?php\n\nclass C{\n  functio pr(){ print 123; }\n}\n\n", n=48) 
at Zend/zend_language_scanner.l:690
#6  0xb79cb083 in open_file_for_scanning (file_handle=0xbfe06a00) at Zend/zend_language_scanner.l:263
#7  0xb79cb290 in compile_file (file_handle=0xbfe06a00, type=8) at Zend/zend_language_scanner.l:331
#8  0xb77d6015 in phar_compile_file (file_handle=0xbfe06a00, type=8) at /s/php-5.3.2/ext/phar/phar.c:3390
#9  0xb79cb46a in compile_filename (type=8, filename=0x844809c) at Zend/zend_language_scanner.l:386
#10 0xb7a438d6 in ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER (execute_data=0x8448048) at /s/php-5.3.2/Zend/zend_vm_execute.h:5184
#11 0xb7a33be4 in execute (op_array=0x8413e2c) at /s/php-5.3.2/Zend/zend_vm_execute.h:104
#12 0xb79f8f5c in zend_call_function (fci=0xbfe06d54, fci_cache=0xbfe06d24) at /s/php-5.3.2/Zend/zend_execute_API.c:947
#13 0xb7a21e08 in zend_call_method (object_pp=0x841363c, obj_ce=0x84139e4, fn_proxy=0x8413638, function_name=0x84113d4 
"loader::autoload\001", function_name_len=21, 
    retval_ptr_ptr=0xbfe06df4, param_count=1, arg1=0x8412060, arg2=0x0) at /s/php-5.3.2/Zend/zend_interfaces.c:97
#14 0xb7877cfc in zif_spl_autoload_call (ht=1, return_value=0x8411fd0, return_value_ptr=0xbfe06fe0, this_ptr=0x0, 
return_value_used=1) at /s/php-5.3.2/ext/spl/php_spl.c:395
#15 0xb79f90f4 in zend_call_function (fci=0xbfe06fbc, fci_cache=0xbfe06fa8) at /s/php-5.3.2/Zend/zend_execute_API.c:969
#16 0xb79f985d in zend_lookup_class_ex (name=0x8414cb0 "C", name_length=1, use_autoload=1, ce=0xbfe0704c) at /s/php-
5.3.2/Zend/zend_execute_API.c:1100
#17 0xb79fa4b0 in zend_fetch_class (class_name=0x8414cb0 "C", class_name_len=1, fetch_type=4) at /s/php-
5.3.2/Zend/zend_execute_API.c:1542
#18 0xb7a36966 in ZEND_FETCH_CLASS_SPEC_CONST_HANDLER (execute_data=0x8447f48) at /s/php-5.3.2/Zend/zend_vm_execute.h:724
#19 0xb7a33be4 in execute (op_array=0x83f4e60) at /s/php-5.3.2/Zend/zend_vm_execute.h:104
#20 0xb7a0739d in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /s/php-5.3.2/Zend/zend.c:1194
#21 0xb799b4b6 in php_execute_script (primary_file=0xbfe0941c) at /s/php-5.3.2/main/main.c:2260
#22 0xb7ad1392 in php_handler (r=0x8401f40) at /s/php-5.3.2/sapi/apache2handler/sapi_apache2.c:655
#23 0x0807f629 in ap_run_handler (r=0x8401f40) at config.c:157
#24 0x08082797 in ap_invoke_handler (r=0x8401f40) at config.c:372
#25 0x080d64f8 in ap_process_request (r=0x8401f40) at http_request.c:282
#26 0x080d36db in ap_process_http_connection (c=0x83d9808) at http_core.c:190
#27 0x08086769 in ap_run_process_connection (c=0x83d9808) at connection.c:43
#28 0x08104f1d in child_main (child_num_arg=<value optimized out>) at prefork.c:662
#29 0x08105163 in make_child (s=0x8152c98, slot=0) at prefork.c:702
#30 0x08105f3c in ap_mpm_run (_pconf=0x814a550, plog=0x81a47f8, s=0x8152c98) at prefork.c:978
#31 0x0806cf25 in main (argc=135562568, argv=0x83d7628) at main.c:740
 [2010-04-23 19:40 UTC] felipe@php.net
-Package: Apache2 related +Package: Scripting Engine problem
 [2010-06-08 15:04 UTC] tony2001@php.net
-Status: Open +Status: Feedback
 [2010-06-08 15:04 UTC] tony2001@php.net 
Not reproducible.
The only result I'm able to get is this:
Parse error: syntax error, unexpected T_STRING, expecting T_FUNCTION in /tmp/C.php on line 4
 [2010-06-15 07:36 UTC] tsamukawa at maru dot jp
-Status: Feedback +Status: Open
 [2010-06-15 07:36 UTC] tsamukawa at maru dot jp 
I think this segfault would be occured by these steps:

First, An apache`s process receives a http request. Correct output is produced 
like "syntax error, unexpected ...". It`s seems to be no problem.
Next, the identical apache`s child process receives a request, It produces empty 
responce ("SYSSEGV" error message is saved in error_log).

Apache server version is 2.2.14.
 [2010-12-10 14:25 UTC] tsamukawa at maru dot jp
-PHP Version: 5.3.2 +PHP Version: 5.3.2, 5.3.3
 [2010-12-10 14:25 UTC] tsamukawa at maru dot jp 
This bug is also repoduced in the version of php 5.3.3.
 [2011-11-16 17:58 UTC] felipe@php.net
-Status: Open +Status: Feedback
 [2011-11-16 17:58 UTC] felipe@php.net 
Please try using this snapshot:

  http://snaps.php.net/php5.3-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/
 [2011-11-17 05:52 UTC] tsamukawa at maru dot jp
-Status: Feedback +Status: Open -PHP Version: 5.3.2, 5.3.3 +PHP Version: 5.3.2, 5.3.3, 5.3.9RC
 [2011-11-17 05:52 UTC] tsamukawa at maru dot jp 
> Please try using this snapshot:
>
>   http://snaps.php.net/php5.3-latest.tar.gz

 I tried it, but it does not solve the problem. 
(The name of extracted directory is "php5.3-201111170130", Is it right?)

 I found new another thing.
 SIGSEGV does not appeared if I do not compile php with
the configure script options
"--enable-mbstring --enable-mbregex --enable-zend-multibyte ".

hope this helps..
 [2012-04-07 07:50 UTC] crankycyclops at gmail dot com 
I can confirm that this is still an issue for me with PHP 5.3.10.  I'm running this on FreeBSD 9.  Like the last poster mentioned, I can fix the issue temporarily by compiling without zend-multibyte and mbstring.
 [2014-07-13 02:27 UTC] yohgaki@php.net 
Works for 5.4/5.5.
Closing.
 [2014-07-13 02:27 UTC] yohgaki@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: yohgaki
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Mon Nov 25 03:01:31 2024 UTC