php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #63009 APC 3.1.13 segfaults in ini_lex() with PHP 5.4
Submitted: 2012-09-04 10:56 UTC Modified: 2016-11-18 21:22 UTC
Votes:2
Avg. Score:3.5 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (50.0%)
From: lstrojny@php.net Assigned:
Status: Wont fix Package: APC (PECL)
PHP Version: 5.4.6 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: lstrojny@php.net
New email:
PHP Version: OS:

 

 [2012-09-04 10:56 UTC] lstrojny@php.net 
Description:
------------
PHP 5.4.6 segfaults with APC 3.1.13 enabled. I didn’t manage to extract a 
reproduction case just yet, but a stack trace is attached.

Actual result:
--------------
#0  ini_lex (ini_lval=0x2e08300) at /usr/src/php5.4/source/php5-
5.4.6/Zend/zend_ini_scanner.c:2577
2577	/usr/src/php5.4/source/php5-5.4.6/Zend/zend_ini_scanner.c: No such file or 
directory.
	in /usr/src/php5.4/source/php5-5.4.6/Zend/zend_ini_scanner.c
(gdb) bt full
#0  ini_lex (ini_lval=0x2e08300) at /usr/src/php5.4/source/php5-
5.4.6/Zend/zend_ini_scanner.c:2577
        yybm = '\000' <repeats 255 times>
        yych = 1 '\001'
        yyaccept = 0
#1  0x0000000003d1e890 in ?? ()
No symbol table info available.
#2  0x0000000000000001 in ?? ()
No symbol table info available.
#3  0x0000000000000008 in ?? ()
No symbol table info available.
#4  0x0000000003e1c030 in ?? ()
No symbol table info available.
#5  0x00007feabea301e0 in ?? ()
No symbol table info available.
#6  0x00000000006c21d9 in compare_function (result=0x3d80fd0, 
op1=0x656d616e74736f68, op2=0x2e08300)
    at /usr/src/php5.4/source/php5-5.4.6/Zend/zend_operators.c:1463
        ret = 0
        converted = 64491472
        op1_copy = {value = {lval = 3198424792, dval = 6.9488454402759341e-310, 
str = {val = 0x7feabea416d8 " \027\244\276\352\177", 
              len = 14858208}, ht = 0x7feabea416d8, obj = {handle = 3198424792, 
handlers = 0xe2b7e0}}, refcount__gc = 3838752764, 
          type = 234 '\352', is_ref__gc = 127 '\177'}
        op2_copy = {value = {lval = 7033597, dval = 3.4750586443920542e-317, str = 
{val = 0x6b52fd "", len = 65126448}, 
            ht = 0x6b52fd, obj = {handle = 7033597, handlers = 0x3e1c030}}, 
refcount__gc = 3838739135, type = 234 '\352', 
          is_ref__gc = 127 '\177'}
        op_free = 0x656d616e74736f68
#7  0x0000000003e17858 in ?? ()
No symbol table info available.
#8  0x00000000006b52fd in do_bind_inherited_class (op_array=0x2e08300, 
opline=0x3d80fd0, class_table=0x3d80fc0, parent_ce=0x3d80fd0, 
    compile_time=40 '(') at /usr/src/php5.4/source/php5-
5.4.6/Zend/zend_compile.c:4535
        ce = 0x656d616e74736f68
        pce = 0x20
        found_ce = 0
        op1 = 0x0
        op2 = 0x2e08300
#9  0x0000000003e1c030 in ?? ()
No symbol table info available.
#10 0x00007feae4ce82bf in apc_free_class_entry_after_execution 
(src=0x656d616e74736f68)
    at /usr/src/sandbox/apc/php-apc-3.1.13~internations+1.1/APC-
3.1.13/apc_compile.c:2003
        i = 48268032
#11 0x00007feae4ceb7fc in apc_deactivate () at /usr/src/sandbox/apc/php-apc-
3.1.13~internations+1.1/APC-3.1.13/apc_main.c:948
        pzce = 0x33a9928
        cache_entry = 0x7feabea416d8
#12 apc_request_shutdown () at /usr/src/sandbox/apc/php-apc-
3.1.13~internations+1.1/APC-3.1.13/apc_main.c:1042
No locals.
#13 0x00007feae4ce15c5 in zm_deactivate_apc (type=48268032, 
module_number=64491472)
    at /usr/src/sandbox/apc/php-apc-3.1.13~internations+1.1/APC-
3.1.13/php_apc.c:407
No locals.
#14 0x00000000006c8e64 in zend_fcall_info_argv (fci=0x315c7f0, argc=14856288, 
argv=0x31024a8)
    at /usr/src/php5.4/source/php5-5.4.6/Zend/zend_API.c:3237
        i = 1
#15 0x000000000000002b in ?? ()
No symbol table info available.
#16 0x00007fffa8d452f0 in ?? ()
No symbol table info available.
#17 0x0000000000e2b7e0 in ?? ()
No symbol table info available.
#18 0x0a5aa77755b5f47e in ?? ()
No symbol table info available.
#19 0x000000000315c7f0 in ?? ()
No symbol table info available.
#20 0x00007feae8da52a0 in ?? ()
---Type <return> to continue, or q <return> to quit---
No symbol table info available.
#21 0x0000000000000000 in ?? ()
No symbol table info available.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-09-04 14:44 UTC] laruence@php.net 
hey, this segfault occurred in what situation? I mean what was you doing when this 
ocucrred, and what's your apc configurations?

thanks
 [2012-09-04 15:42 UTC] lstrojny@php.net 
As I said, this kind of segfault randomly occurs with PHP 5.4.6 + APC 3.1.13 on a 
production system.
 [2012-09-10 15:13 UTC] lstrojny@php.net 
Another probably important bit I missed. We are using stat=0.
 [2012-12-05 15:11 UTC] ab@php.net 
Still no repro case for that?
 [2012-12-05 15:11 UTC] ab@php.net
-Status: Open +Status: Feedback
 [2012-12-05 17:46 UTC] lstrojny@php.net
-Status: Feedback +Status: Open
 [2012-12-05 17:46 UTC] lstrojny@php.net 
Unfortunately not.
 [2013-02-18 23:54 UTC] gopalv@php.net 
#8  0x00000000006b52fd in do_bind_inherited_class (op_array=0x2e08300, 
opline=0x3d80fd0, class_table=0x3d80fc0, parent_ce=0x3d80fd0, 

This seems wrong in more ways than one - opline, class_table and parent_ce are 
the same!
 [2013-06-07 09:56 UTC] gergund at gmail dot com 
I have related issue but on 5.3.14 version with backported patches from 5.3.15 
and APC 3.1.13 

#0  0x000000000058efe8 in ini_lex (ini_lval=0x1883310) at 
Zend/zend_ini_scanner.c:2664
2664     if (yych <= '/') goto yy195;
Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.107.el6.x86_64
(gdb) bt
#0  0x000000000058efe8 in ini_lex (ini_lval=0x1883310) at 
Zend/zend_ini_scanner.c:2664
#1  0x000000000189b580 in ?? ()
#2  0x0000000000000000 in ?? ()
(gdb) bt full
#0  0x000000000058efe8 in ini_lex (ini_lval=0x1883310) at 
Zend/zend_ini_scanner.c:2664
        yybm = 
"\204\204\204\204\204\204\204\204\204\206\200\204\204\200\204\204\204\204\204\20
4\204\204\204\204\204\204\204\204\204\204\204\204\206\204\200\204\210\204\204\00
0\204\204\204\204\204\204\204\204\344\344\344\344\344\344\344\344\344䄀
\204\204\204\204\204\244\244\244\244\244\244\244\244\244\244\244\244\244\244\244
\244\244\244\244\244\244\244\244\244\244\244\204\220\200\204\244\204\244\244\244
\244\244\244\244\244\244\244\244\244\244\244\244\244\244\244\244\244\244\244\244
\244\244\244\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204
\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204
\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204
\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204
\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204
\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204
\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204\204"
        yych = 235 '\353'
        yyaccept = 2
#1  0x000000000189b580 in ?? ()
No symbol table info available.
#2  0x0000000000000000 in ?? ()
No symbol table info available.
 [2016-11-18 21:22 UTC] kalle@php.net
-Status: Open +Status: Wont fix
 [2016-11-18 21:22 UTC] kalle@php.net 
APC is no longer supported in favor of opcache that comes bundled with PHP, if you wish to use the user cache, then look at PECL/APCu.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 14:01:32 2024 UTC