PHP :: Bug #69156 :: SegFault on non-phpserialized responses from Solr Server (PHPS RW)

Bug #69156

SegFault on non-phpserialized responses from Solr Server (PHPS RW)

Submitted:

2015-03-02 10:40 UTC

Modified:

2015-03-15 15:42 UTC

Votes:	2
Avg. Score:	3.5 ± 1.5
Reproduced:	2 of 2 (100.0%)
Same Version:	2 (100.0%)
Same OS:	1 (50.0%)

From:

pomyk at go2 dot pl

Assigned:

omars (profile)

Status:

Closed

Package:

solr (PECL)

PHP Version:

All

OS:

Irrelevant

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	pomyk at go2 dot pl
New email:
PHP Version:		OS:

New Comment:

[2015-03-02 10:40 UTC] pomyk at go2 dot pl

Description:
------------
Extension segfaulted when Solr returned the following response:

HTTP/1.1 500 {msg=SolrCore 'core' is not available due to init failure: Could not load conf for core core: Error loading solr config from instancje/c/../../cores/core/conf/solrconfig.xml,trace=org.apache.solr.common.SolrException: SolrCore 'core' is not available due to init failure: Could not load conf for core core: Error loading solr config from instancje/c/../../cores/core/conf/solrconfig.xml \tat org.apache.solr.core.CoreContainer.getCore(CoreContainer.java:745) \tat org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:299) \tat org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:207) \tat org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419) \tat org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:455) \tat org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137) \tat org.eclipse.jetty.


Expected result:
----------------
PHP exception

Actual result:
--------------
segfault:
#0  0x00007f1ebb2e072a in zend_hash_find () from /etc/httpd/modules/libphp5.so
#1  0x00007f1ea144ad7a in hydrate_error_zval () from /usr/lib64/php/modules/solr.so
#2  0x00007f1ea144b22c in solr_get_phpnative_error () from /usr/lib64/php/modules/solr.so
#3  0x00007f1ea144b39e in solr_throw_solr_server_exception () from /usr/lib64/php/modules/solr.so
#4  0x00007f1ea1439aa1 in zim_SolrClient_query () from /usr/lib64/php/modules/solr.so
#5  0x00007f1ebb2c0a7b in dtrace_execute_internal () from /etc/httpd/modules/libphp5.so
#6  0x00007f1ebb384c05 in zend_do_fcall_common_helper_SPEC () from /etc/httpd/modules/libphp5.so
#7  0x00007f1ebb2fd578 in execute_ex () from /etc/httpd/modules/libphp5.so
#8  0x00007f1ebb2c0959 in dtrace_execute_ex () from /etc/httpd/modules/libphp5.so
#9  0x00007f1ebb38527d in zend_do_fcall_common_helper_SPEC () from /etc/httpd/modules/libphp5.so
#10 0x00007f1ebb2fd578 in execute_ex () from /etc/httpd/modules/libphp5.so
#11 0x00007f1ebb2c0959 in dtrace_execute_ex () from /etc/httpd/modules/libphp5.so
#12 0x00007f1ebb38527d in zend_do_fcall_common_helper_SPEC () from /etc/httpd/modules/libphp5.so
#13 0x00007f1ebb2fd578 in execute_ex () from /etc/httpd/modules/libphp5.so
#14 0x00007f1ebb2c0959 in dtrace_execute_ex () from /etc/httpd/modules/libphp5.so
...

Patches

fix_bug_69156v2.diff (last revision 2015-03-02 14:24 UTC by pomyk at go2 dot pl)
fix_bug_69156.diff (last revision 2015-03-02 12:35 UTC by pomyk at go2 dot pl)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-03-02 11:00 UTC] pomyk at go2 dot pl

To trigger the bug wt = 'phps' is important and solr has to return error:

<?
$zapytanie_solr = new SolrQuery();
$zapytanie_solr->setRows(1);
$zapytanie_solr->setStart(0);
$client = new SolrClient(array(
    'hostname' => 'solr.rc.srv.gratka.pl',
    'port' => 8906,
    'path' => 'xxx',
    'timeout' => 1000,
    'wt' => 'phps'
));
$x= $client->query($zapytanie_solr);

[2015-03-08 03:07 UTC] omars@php.net

-Status: Open +Status: Verified -Assigned To: +Assigned To: omars

[2015-03-08 03:31 UTC] omars@php.net

-Summary: segfault on 500 response from Solr +Summary: SegFault on non-phpserialized responses from Solr Server (PHPS RW) -Operating System: CentOS 7 +Operating System: Irrelevant -PHP Version: 5.5.22 +PHP Version: All

[2015-03-08 03:31 UTC] omars@php.net

When solr fails to initialize correctly, or when accessising unknown path on the server, the SegFault occurs.

[2015-03-08 03:37 UTC] omars@php.net

Thanks for spotting the bug and taking the time to do the patch. The patch worked but had a memory leak, since there was an outstanding zval. Any way I've pushed the fix to master, and it will be available on the next release.

[2015-03-15 15:42 UTC] omars@php.net

-Status: Verified +Status: Closed

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Jul 03 15:01:34 2025 UTC