PHP :: Bug #59242 :: ZEND_DO_FCALL/ZEND_DO_FCALL_BY

Bug #59242

ZEND_DO_FCALL/ZEND_DO_FCALL_BY_NAME

Submitted:

2010-05-30 00:45 UTC

Modified:

2017-10-24 23:38 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

mat999 at gmail dot com

Assigned:

Status:

Suspended

Package:

optimizer (PECL)

PHP Version:

5.3.2

OS:

Debian Lenny / Linux

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	mat999 at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2010-05-30 00:45 UTC] mat999 at gmail dot com

Description:
------------
All function calls fail. Other scripts run fine.

Reproduce code:
---------------
<?
phpinfo();
?>

Expected result:
----------------
PHP INFO

Actual result:
--------------
Segmentation Fault.

==38934== Process terminating with default action of signal 11 (SIGSEGV)
==38934==  Access not within mapped region at address 0x4D705C9610
==38934==    at 0xB56E31C: optimize_op_array (optimize.c:3828)
==38934==    by 0xB56F915: optimizer_compile_file (optimize.c:4757)
==38934==    by 0x5C2558: phar_compile_file (in /usr/bin/php5)
==38934==    by 0x7461C9: zend_execute_scripts (in /usr/bin/php5)
==38934==    by 0x6EF777: php_execute_script (in /usr/bin/php5)
==38934==    by 0x7D991A: main (in /usr/bin/php5)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2010-05-30 01:30 UTC] mat999 at gmail dot com

And here is another one.

==50370== Invalid read of size 1
==50370==    at 0xB5622A1: mark_used_cb (optimize.c:568)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5623BC: mark_used_cb (optimize.c:591)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB56EBA2: optimize_op_array (optimize.c:4382)
==50370==    by 0xB56F925: optimizer_compile_file (optimize.c:4757)
==50370==    by 0x5C2558: phar_compile_file (in /usr/bin/php5)
==50370==  Address 0xa65b2444c is not stack'd, malloc'd or (recently) free'd
==50370==
==50370== Process terminating with default action of signal 11 (SIGSEGV)
==50370==  Access not within mapped region at address 0xA65B2444C
==50370==    at 0xB5622A1: mark_used_cb (optimize.c:568)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5623BC: mark_used_cb (optimize.c:591)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB56EBA2: optimize_op_array (optimize.c:4382)
==50370==    by 0xB56F925: optimizer_compile_file (optimize.c:4757)
==50370==    by 0x5C2558: phar_compile_file (in /usr/bin/php5)

[2010-05-30 02:37 UTC] mat999 at gmail dot com

another fault, 

<?=dirname(__FILE__);?>


==58293== Invalid read of size 8
==58293==    at 0xB568C14: optimize_to_string_ex (optimize.c:1981)
==58293==    by 0xB5714CE: optimize_fcall_fcr (optimize_fcr.c:1435)
==58293==    by 0xB574D71: optimize_fcall (optimize_fcr.c:1026)
==58293==    by 0xB569F12: optimize_code_block (optimize.c:2478)
==58293==    by 0xB56EBFD: optimize_op_array (optimize.c:4392)
==58293==    by 0xB56F925: optimizer_compile_file (optimize.c:4757)
==58293==    by 0x5C2558: phar_compile_file (in /usr/bin/php5)
==58293==    by 0x7461C9: zend_execute_scripts (in /usr/bin/php5)
==58293==    by 0x6EF777: php_execute_script (in /usr/bin/php5)
==58293==    by 0x7D991A: main (in /usr/bin/php5)
==58293==  Address 0x40 is not stack'd, malloc'd or (recently) free'd
==58293==
==58293== Process terminating with default action of signal 11 (SIGSEGV)
==58293==  Access not within mapped region at address 0x40
==58293==    at 0xB568C14: optimize_to_string_ex (optimize.c:1981)
==58293==    by 0xB5714CE: optimize_fcall_fcr (optimize_fcr.c:1435)
==58293==    by 0xB574D71: optimize_fcall (optimize_fcr.c:1026)
==58293==    by 0xB569F12: optimize_code_block (optimize.c:2478)
==58293==    by 0xB56EBFD: optimize_op_array (optimize.c:4392)
==58293==    by 0xB56F925: optimizer_compile_file (optimize.c:4757)
==58293==    by 0x5C2558: phar_compile_file (in /usr/bin/php5)
==58293==    by 0x7461C9: zend_execute_scripts (in /usr/bin/php5)
==58293==    by 0x6EF777: php_execute_script (in /usr/bin/php5)
==58293==    by 0x7D991A: main (in /usr/bin/php5)

[2010-05-30 04:00 UTC] mat999 at gmail dot com

Last bug fixed, dont know if its the correct patch but it fixes the problem.

new definition of the OPTIMIZE_TO_FOOTER struct

flags!=NULL check can be removed, that was just a debug check

======

#define OPTIMIZE_TO_FOOTER                               \
	if (flags!=NULL && flags & OPTIMIZE_TO_DEL_PREV) {                  \
		SET_TO_NOP_EX(prev);                             \
	}                                                    \
	if (flags!=NULL && flags & OPTIMIZE_TO_DEL_OP) {                    \
		if (op && op->opcode == ZEND_FETCH_DIM_R) {	     \
			if (op) {	                                 \
				zval_dtor(&__OP2_VAL(op));      	     \
				SET_TO_NOP(op);	                         \
			}	                                         \
		} else {	                                     \
			if (op) {	                                 \
				zval_dtor(&__OP1_VAL(op));	             \
				SET_TO_NOP(op);	                         \
			}	                                         \
			if(cbl->jmp_2!=NULL){ \
				CB_DEL_PRED(cbl->jmp_2, cbl);       	     \
				cbl->jmp_2 = NULL;	                         \
			}
		}                                                \
	}

[2010-05-30 04:03 UTC] mat999 at gmail dot com

Just a reminder, still havent patched this bug.  Still looking for the cause.

==50370== Invalid read of size 1
==50370==    at 0xB5622A1: mark_used_cb (optimize.c:568)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5623BC: mark_used_cb (optimize.c:591)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB56EBA2: optimize_op_array (optimize.c:4382)
==50370==    by 0xB56F925: optimizer_compile_file (optimize.c:4757)
==50370==    by 0x5C2558: phar_compile_file (in /usr/bin/php5)
==50370==  Address 0xa65b2444c is not stack'd, malloc'd or (recently)
free'd
==50370==
==50370== Process terminating with default action of signal 11
(SIGSEGV)
==50370==  Access not within mapped region at address 0xA65B2444C
==50370==    at 0xB5622A1: mark_used_cb (optimize.c:568)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5623BC: mark_used_cb (optimize.c:591)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==50370==    by 0xB56EBA2: optimize_op_array (optimize.c:4382)
==50370==    by 0xB56F925: optimizer_compile_file (optimize.c:4757)
==50370==    by 0x5C2558: phar_compile_file (in /usr/bin/php5)

[2010-05-30 04:32 UTC] mat999 at gmail dot com

Found a test case for the bug above.

<?
if (version_compare('5.3.2','6.0.0-dev', '>='))
{
        echo '1';
}
?>


==17706== Invalid read of size 1
==17706==    at 0xB5622A1: mark_used_cb (optimize.c:568)
==17706==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==17706==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==17706==    by 0xB56EBD2: optimize_op_array (optimize.c:4405)
==17706==    by 0xB56F955: optimizer_compile_file (optimize.c:4780)
==17706==    by 0x5C2558: phar_compile_file (in /usr/bin/php5)
==17706==    by 0x7461C9: zend_execute_scripts (in /usr/bin/php5)
==17706==    by 0x6EF777: php_execute_script (in /usr/bin/php5)
==17706==    by 0x7D991A: main (in /usr/bin/php5)
==17706==  Address 0xa65b2b70c is not stack'd, malloc'd or (recently) free'd
==17706==
==17706== Process terminating with default action of signal 11 (SIGSEGV)
==17706==  Access not within mapped region at address 0xA65B2B70C
==17706==    at 0xB5622A1: mark_used_cb (optimize.c:568)
==17706==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==17706==    by 0xB5622FC: mark_used_cb (optimize.c:579)
==17706==    by 0xB56EBD2: optimize_op_array (optimize.c:4405)
==17706==    by 0xB56F955: optimizer_compile_file (optimize.c:4780)
==17706==    by 0x5C2558: phar_compile_file (in /usr/bin/php5)
==17706==    by 0x7461C9: zend_execute_scripts (in /usr/bin/php5)
==17706==    by 0x6EF777: php_execute_script (in /usr/bin/php5)
==17706==    by 0x7D991A: main (in /usr/bin/php5)

[2017-10-24 23:38 UTC] kalle@php.net

-Status: Open +Status: Suspended

[2017-10-24 23:38 UTC] kalle@php.net

The optimizer pecl extension had not had a release since 2008 and its safe to say that development has ceased in favor of alternatives such as opcache included with PHP as of PHP5.5+, I'm gonna suspend this in case the package does pick back up development, and in that case it should be re-opened

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 17:01:58 2024 UTC