php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #67926 php-fpm segfaults
Submitted: 2014-08-28 19:49 UTC Modified: 2015-07-22 12:58 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: rmang at lexiconn dot com Assigned:
Status: Not a bug Package: PCRE related
PHP Version: 5.4.32 OS: centOS 6.5 64-bit
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: rmang at lexiconn dot com
New email:
PHP Version: OS:

 

 [2014-08-28 19:49 UTC] rmang at lexiconn dot com 
Description:
------------
Seeing many segfaults with php-fpm on Apache 2.2.7, mod_fastcgi_2.4.7, php 5.4.32, MySQL 5.5.37

kernel: php-fpm[13984]: segfault at 7fff88cb5fe8 ip 00000000004786ed sp 00007fff88cb5f90 error 6 in php-fpm[400000+9a6000]
kernel: php-fpm[13945]: segfault at 7fff88cb5fe8 ip 00000000004786ed sp 00007fff88cb5f90 error 6 in php-fpm[400000+9a6000]
abrt[14082]: Not saving repeating crash in '/usr/local/sbin/php-fpm'
abrt[14079]: Saved core dump of pid 13984 (/usr/local/sbin/php-fpm) to /var/spool/abrt/ccpp-2014-08-28-15:35:35-13984 (547725312 bytes)
abrtd: Directory 'ccpp-2014-08-28-15:35:35-13984' creation detected
abrt[14082]: Saved core dump of pid 13945 to core.13945 (546963456 bytes)

Actual result:
--------------
Program terminated with signal 11, Segmentation fault.
#0  match (eptr=0x9ab0213 "') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", 
    ecode=0x154bd7b "\035\\\035'q", 
    mstart=0x9ab020a "'category') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", offset_top=4, 
    md=0x7fff88cb88a0, eptrb=0x0, rdepth=18) at /home/admin/php-5.4.32/ext/pcre/pcrelib/pcre_exec.c:500
500     {

#0  match (eptr=0x9ab0213 "') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", 
    ecode=0x154bd7b "\035\\\035'q", 
    mstart=0x9ab020a "'category') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", offset_top=4, 
    md=0x7fff88cb88a0, eptrb=0x0, rdepth=18) at /home/admin/php-5.4.32/ext/pcre/pcrelib/pcre_exec.c:500
#1  0x000000000047972a in match (eptr=0x9ab0213 "') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", 
    ecode=0x154bd76 "\177", 
    mstart=0x9ab020a "'category') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", 
    offset_top=<value optimized out>, md=0x7fff88cb88a0, eptrb=0x2, rdepth=17)
    at /home/admin/php-5.4.32/ext/pcre/pcrelib/pcre_exec.c:973
#2  0x000000000048523c in match (eptr=0x9ab0213 "') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", 
    ecode=0x154bd8b "s", 
    mstart=0x9ab020a "'category') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", offset_top=4, 
    md=0x7fff88cb88a0, eptrb=0x0, rdepth=16) at /home/admin/php-5.4.32/ext/pcre/pcrelib/pcre_exec.c:2039
#3  0x000000000047972a in match (eptr=0x9ab0212 "y') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", 
    ecode=0x154bd86 "q", 
    mstart=0x9ab020a "'category') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", 
    offset_top=<value optimized out>, md=0x7fff88cb88a0, eptrb=0x2, rdepth=15)
    at /home/admin/php-5.4.32/ext/pcre/pcrelib/pcre_exec.c:973
#4  0x000000000048523c in match (eptr=0x9ab0212 "y') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", 
    ecode=0x154bd8b "s", 
    mstart=0x9ab020a "'category') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", offset_top=4, 
    md=0x7fff88cb88a0, eptrb=0x0, rdepth=14) at /home/admin/php-5.4.32/ext/pcre/pcrelib/pcre_exec.c:2039
#5  0x000000000047972a in match (
    eptr=0x9ab0211 "ry') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", ecode=0x154bd86 "q", 
    mstart=0x9ab020a "'category') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", 
    offset_top=<value optimized out>, md=0x7fff88cb88a0, eptrb=0x2, rdepth=13)
    at /home/admin/php-5.4.32/ext/pcre/pcrelib/pcre_exec.c:973
#6  0x000000000048523c in match (
    eptr=0x9ab0211 "ry') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", ecode=0x154bd8b "s", 
    mstart=0x9ab020a "'category') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", offset_top=4, 
    md=0x7fff88cb88a0, eptrb=0x0, rdepth=12) at /home/admin/php-5.4.32/ext/pcre/pcrelib/pcre_exec.c:2039
#7  0x000000000047972a in match (
    eptr=0x9ab0210 "ory') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", ecode=0x154bd86 "q", 
    mstart=0x9ab020a "'category') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", 
    offset_top=<value optimized out>, md=0x7fff88cb88a0, eptrb=0x2, rdepth=11)
    at /home/admin/php-5.4.32/ext/pcre/pcrelib/pcre_exec.c:973
#8  0x000000000048523c in match (
    eptr=0x9ab0210 "ory') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", ecode=0x154bd8b "s", 
    mstart=0x9ab020a "'category') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", offset_top=4, 
    md=0x7fff88cb88a0, eptrb=0x0, rdepth=10) at /home/admin/php-5.4.32/ext/pcre/pcrelib/pcre_exec.c:2039
#9  0x000000000047972a in match (
    eptr=0x9ab020f "gory') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", ecode=0x154bd86 "q", 
    mstart=0x9ab020a "'category') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", 
    offset_top=<value optimized out>, md=0x7fff88cb88a0, eptrb=0x2, rdepth=9)
    at /home/admin/php-5.4.32/ext/pcre/pcrelib/pcre_exec.c:973
#10 0x000000000048523c in match (
    eptr=0x9ab020f "gory') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", ecode=0x154bd8b "s", 
    mstart=0x9ab020a "'category') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", offset_top=4, 
    md=0x7fff88cb88a0, eptrb=0x0, rdepth=8) at /home/admin/php-5.4.32/ext/pcre/pcrelib/pcre_exec.c:2039
#11 0x000000000047972a in match (
    eptr=0x9ab020e "egory') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", ecode=0x154bd86 "q", 
    mstart=0x9ab020a "'category') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", 
    offset_top=<value optimized out>, md=0x7fff88cb88a0, eptrb=0x2, rdepth=7)
    at /home/admin/php-5.4.32/ext/pcre/pcrelib/pcre_exec.c:973
#12 0x000000000048523c in match (
    eptr=0x9ab020e "egory') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", ecode=0x154bd8b "s", 
    mstart=0x9ab020a "'category') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", offset_top=4, 
    md=0x7fff88cb88a0, eptrb=0x0, rdepth=6) at /home/admin/php-5.4.32/ext/pcre/pcrelib/pcre_exec.c:2039
#13 0x000000000047972a in match (

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-08-28 20:14 UTC] aharvey@php.net
-Status: Open +Status: Feedback
 [2014-08-28 20:14 UTC] aharvey@php.net 
It looks like you're overflowing your stack as a result of a recursive regex. Can you reduce your code to a minimal test case, and if so, does it include a preg_*() call?
 [2014-08-28 20:46 UTC] rmang at lexiconn dot com
-Status: Feedback +Status: Open
 [2014-08-28 20:46 UTC] rmang at lexiconn dot com 
Client is using Magento with Google Website Optimizer enabled (the repeating query seems to be from that module). If it's not a bug, we'll troubleshoot the code. Thanks for the quick reply / nudge in the right direction.
 [2015-07-22 12:58 UTC] mike@php.net
-Status: Open +Status: Not a bug -Package: FPM related +Package: PCRE related
 [2015-07-22 12:58 UTC] mike@php.net 
.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Jan 15 10:01:29 2025 UTC