PHP :: Bug #69857 :: segfault with --enable-dtrace

Bug #69857	segfault with --enable-dtrace
Submitted:	2015-06-17 06:03 UTC	Modified:	2015-06-17 06:54 UTC
From:	remi@php.net	Assigned:	remi (profile)
Status:	Closed	Package:	Reproducible crash
PHP Version:	7.0Git-2015-06-17 (Git)	OS:	GNU/LInux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	remi@php.net
New email:
PHP Version:		OS:

New Comment:

[2015-06-17 06:03 UTC] remi@php.net

Description:
------------
Regression since 8cfe282 (20150611)

=====================================================================
FAILED TEST SUMMARY
---------------------------------------------------------------------
Bug #54268 (Double free when destroy_zend_class fails) [Zend/tests/bug54268.phpt]
Bug #68412 (Infinite recursion with __call can make the program crash/segfault) [Zend/tests/bug68412.phpt]
=====================================================================

Both raise a segfault, when --enable-dtrace is used (ok without)

Test script:
---------------
./configure --disable-all --enable-dtrace
make
make test

Expected result:
----------------
no segfault

Actual result:
--------------
segfault

$ gdb sapi/cli/php
(gdb) run Zend/tests/bug54268.php
Program received signal SIGSEGV, Segmentation fault.
execute_ex (ex=ex@entry=0x7fffefa15fb0) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
403			((opcode_handler_t)OPLINE->handler)(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU);
(gdb) bt
#0  execute_ex (ex=ex@entry=0x7fffefa15fb0) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#1  0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefa15fb0) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#2  0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#3  0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefa15f40) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#4  0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefa15f40) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#5  0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#6  0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefa15ed0) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#7  0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefa15ed0) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#8  0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#9  0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefa15e60) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#10 0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefa15e60) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#11 0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#12 0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefa15df0) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#13 0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefa15df0) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#14 0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#15 0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefa15d80) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#16 0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefa15d80) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#17 0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#18 0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefa15d10) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#19 0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefa15d10) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#20 0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#21 0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefa15ca0) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#22 0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefa15ca0) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#23 0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#24 0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefa15c30) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#25 0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefa15c30) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#26 0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#27 0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefa15bc0) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#28 0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefa15bc0) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#29 0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#30 0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefa15b50) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#31 0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefa15b50) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#32 0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#33 0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefa15ae0) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#34 0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefa15ae0) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#35 0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#36 0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefa15a70) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#37 0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefa15a70) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#38 0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#39 0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefa15a00) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#40 0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefa15a00) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#41 0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#42 0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefa15990) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#43 0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefa15990) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#44 0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#45 0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefa15920) at /work/build/phpmaster/Zend/zend_vm_execute.h:403

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-06-17 06:07 UTC] remi@php.net

$ gdb sapi/cli/php
(gdb)  run Zend/tests/bug68412.php
Program received signal SIGSEGV, Segmentation fault.
0x00000000005c61d4 in zend_std_get_method (obj_ptr=0x7fffff7ff028, method_name=0x7ffff6655760, key=0x7ffff66621e0) at /work/build/phpmaster/Zend/zend_object_handlers.c:1050
1050	{
(gdb) bt
#0  0x00000000005c61d4 in zend_std_get_method (obj_ptr=0x7fffff7ff028, method_name=0x7ffff6655760, key=0x7ffff66621e0)
    at /work/build/phpmaster/Zend/zend_object_handlers.c:1050
#1  0x0000000000614e14 in ZEND_INIT_METHOD_CALL_SPEC_CV_CONST_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:32391
#2  0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefc87800) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#3  0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefc87800) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#4  0x000000000061b497 in ZEND_CALL_TRAMPOLINE_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:1893
#5  0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefc87800) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#6  0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefc87800) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#7  0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#8  0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefc87760) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#9  0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefc87760) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#10 0x000000000061b497 in ZEND_CALL_TRAMPOLINE_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:1893
#11 0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefc87760) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#12 0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefc87760) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#13 0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#14 0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefc876c0) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#15 0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefc876c0) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#16 0x000000000061b497 in ZEND_CALL_TRAMPOLINE_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:1893
#17 0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefc876c0) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
...

[2015-06-17 06:54 UTC] remi@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: remi

[2015-06-17 06:54 UTC] remi@php.net

Known stack exhausion when zend_execute_ex is overridden

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Dec 22 11:01:30 2024 UTC