php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72198 PHP built with libconv crashes after iconv() is called
Submitted: 2016-05-11 13:59 UTC Modified: 2018-09-30 16:25 UTC
Votes:10
Avg. Score:4.2 ± 1.0
Reproduced:9 of 9 (100.0%)
Same Version:2 (22.2%)
Same OS:7 (77.8%)
From: marcelo at tpn dot com dot br Assigned:
Status: Open Package: Reproducible crash
PHP Version: 7.0.6 OS: FreeBSD 10.3
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: marcelo at tpn dot com dot br
New email:
PHP Version: OS:

 

 [2016-05-11 13:59 UTC] marcelo at tpn dot com dot br
Description:
------------
PHP built with libconv crashes after iconv() is called

Here are the test results:

1) Without libiconv installed

# php -i | grep ^iconv
iconv
iconv support => enabled
iconv implementation => unknown
iconv library version => unknown
iconv.input_encoding => no value => no value
iconv.internal_encoding => no value => no value
iconv.output_encoding => no value => no value

# php -r 'echo iconv("UTF-8", "UTF-8", "Hello, world.\n");'
Hello, world.

2) With libiconv installed

# php -i | grep ^iconv
iconv
iconv support => enabled
iconv implementation => libiconv
iconv library version => 1.14
iconv.input_encoding => no value => no value
iconv.internal_encoding => no value => no value
iconv.output_encoding => no value => no value

# php -r 'echo iconv("UTF-8", "UTF-8", "Hello, world.\n");'
Bus error (core dumped)

# gdb /usr/local/bin/php /tmp/php.core
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...
Core was generated by `php'.
Program terminated with signal 10, Bus error.
Reading symbols from /lib/libcrypt.so.5...done.
Loaded symbols for /lib/libcrypt.so.5
Reading symbols from /usr/local/lib/libiconv.so.2...done.
Loaded symbols for /usr/local/lib/libiconv.so.2
Reading symbols from /usr/lib/librt.so.1...done.
Loaded symbols for /usr/lib/librt.so.1
Reading symbols from /lib/libm.so.5...done.
Loaded symbols for /lib/libm.so.5
Reading symbols from /usr/local/lib/libxml2.so.2...done.
Loaded symbols for /usr/local/lib/libxml2.so.2
Reading symbols from /lib/libz.so.6...done.
Loaded symbols for /lib/libz.so.6
Reading symbols from /lib/libc.so.7...done.
Loaded symbols for /lib/libc.so.7
Reading symbols from /lib/libthr.so.3...done.
Loaded symbols for /lib/libthr.so.3
Reading symbols from /usr/lib/liblzma.so.5...done.
Loaded symbols for /usr/lib/liblzma.so.5
Reading symbols from /libexec/ld-elf.so.1...done.
Loaded symbols for /libexec/ld-elf.so.1
#0  0x00000008022700d1 in __bsd_iconv () from /lib/libc.so.7
[New Thread 803006400 (LWP 100060/<unknown>)]
(gdb) bt
#0  0x00000008022700d1 in __bsd_iconv () from /lib/libc.so.7
#1  0x00000000006c4c8d in php_iconv_string (in_p=0x8034018d8 "Hello, world.\n", in_len=14, out=0x7fffffffdce8, out_charset=0x80345eb58 "UTF-8", in_charset=0x80345eb58 "UTF-8") at iconv.c:654
#2  0x00000000006c2f14 in php_if_iconv (execute_data=0x8034130a0, return_value=0x803413090) at iconv.c:2462
#3  0x0000000000a1eea3 in ZEND_DO_ICALL_SPEC_HANDLER (execute_data=0x803413030) at zend_vm_execute.h:586
#4  0x00000000009bc0b4 in execute_ex (ex=0x803413030) at zend_vm_execute.h:417
#5  0x00000000009bc223 in zend_execute (op_array=0x80347c000, return_value=0x7fffffffdea0) at zend_vm_execute.h:458
#6  0x000000000093610a in zend_eval_stringl (str=0x7fffffffed4f "echo iconv(\"UTF-8\", \"UTF-8\", \"Hello, world.\\n\");", str_len=48, retval_ptr=0x0, 
    string_name=0xe8bc45 "Command line code") at zend_execute_API.c:1135
#7  0x0000000000936341 in zend_eval_stringl_ex (str=0x7fffffffed4f "echo iconv(\"UTF-8\", \"UTF-8\", \"Hello, world.\\n\");", str_len=48, retval_ptr=0x0, 
    string_name=0xe8bc45 "Command line code", handle_exceptions=1) at zend_execute_API.c:1176
#8  0x00000000009363e3 in zend_eval_string_ex (str=0x7fffffffed4f "echo iconv(\"UTF-8\", \"UTF-8\", \"Hello, world.\\n\");", retval_ptr=0x0, string_name=0xe8bc45 "Command line code", 
    handle_exceptions=1) at zend_execute_API.c:1187
#9  0x0000000000a522f6 in do_cli (argc=3, argv=0x7fffffffeae8) at php_cli.c:1005
#10 0x0000000000a51029 in main (argc=3, argv=0x7fffffffeae8) at php_cli.c:1344
(gdb) bt full
#0  0x00000008022700d1 in __bsd_iconv () from /lib/libc.so.7
No symbol table info available.
#1  0x00000000006c4c8d in php_iconv_string (in_p=0x8034018d8 "Hello, world.\n", in_len=14, out=0x7fffffffdce8, out_charset=0x80345eb58 "UTF-8", in_charset=0x80345eb58 "UTF-8") at iconv.c:654
	cd = 0x8031140c0
	in_left = 14
	out_size = 0
	out_left = 46
	out_p = 0x8034720f8 ""
	bsz = 46
	result = 0
	retval = PHP_ICONV_ERR_SUCCESS
	out_buf = (zend_string *) 0x8034720e0
	ignore_ilseq = 0
#2  0x00000000006c2f14 in php_if_iconv (execute_data=0x8034130a0, return_value=0x803413090) at iconv.c:2462
	in_charset = 0x80345eb58 "UTF-8"
	out_charset = 0x80345eb58 "UTF-8"
	in_buffer = (zend_string *) 0x8034018c0
	in_charset_len = 5
	out_charset_len = 5
	err = PHP_ICONV_ERR_ALLOC
	out_buffer = (zend_string *) 0x0
#3  0x0000000000a1eea3 in ZEND_DO_ICALL_SPEC_HANDLER (execute_data=0x803413030) at zend_vm_execute.h:586
	opline = (const zend_op *) 0x80347c180
	call = (zend_execute_data *) 0x8034130a0
	fbc = (zend_function *) 0x8030c1dc0
	ret = (zval *) 0x803413090
#4  0x00000000009bc0b4 in execute_ex (ex=0x803413030) at zend_vm_execute.h:417
	ret = 0
	execute_data = (zend_execute_data *) 0x803413030
#5  0x00000000009bc223 in zend_execute (op_array=0x80347c000, return_value=0x7fffffffdea0) at zend_vm_execute.h:458
	execute_data = (zend_execute_data *) 0x803413030
#6  0x000000000093610a in zend_eval_stringl (str=0x7fffffffed4f "echo iconv(\"UTF-8\", \"UTF-8\", \"Hello, world.\\n\");", str_len=48, retval_ptr=0x0, 
    string_name=0xe8bc45 "Command line code") at zend_execute_API.c:1135
	__orig_bailout = (sigjmp_buf *) 0x7fffffffe7c0
	__bailout = {{_sjb = {9658598, 0, 140737488346616, 140737488346896, 140737488349920, 140737488349960, 140737488349928, 3, 140737488290431, 4436701216774, 34414620728, 
      140733193388032}}}
	local_retval = {value = {lval = 34414620672, dval = 1.7003081788693194e-313, counted = 0x803457000, str = 0x803457000, arr = 0x803457000, obj = 0x803457000, res = 0x803457000, 
    ref = 0x803457000, ast = 0x803457000, zv = 0x803457000, ptr = 0x803457000, ce = 0x803457000, func = 0x803457000, ww = {w1 = 54882304, w2 = 8}}, u1 = {v = {type = 0 '\0', 
      type_flags = 0 '\0', const_flags = 0 '\0', reserved = 0 '\0'}, type_info = 0}, u2 = {var_flags = 32767, next = 32767, cache_slot = 32767, lineno = 32767, num_args = 32767, 
    fe_pos = 32767, fe_iter_idx = 32767}}
	pv = {value = {lval = 34414731264, dval = 1.7003136428401099e-313, counted = 0x803472000, str = 0x803472000, arr = 0x803472000, obj = 0x803472000, res = 0x803472000, 
    ref = 0x803472000, ast = 0x803472000, zv = 0x803472000, ptr = 0x803472000, ce = 0x803472000, func = 0x803472000, ww = {w1 = 54992896, w2 = 8}}, u1 = {v = {type = 6 '\006', 
      type_flags = 20 '\024', const_flags = 0 '\0', reserved = 0 '\0'}, type_info = 5126}, u2 = {var_flags = 0, next = 0, cache_slot = 0, lineno = 0, num_args = 0, fe_pos = 0, 
    fe_iter_idx = 0}}
	new_op_array = (zend_op_array *) 0x80347c000
	original_compiler_options = 2
	retval = 54882416
#7  0x0000000000936341 in zend_eval_stringl_ex (str=0x7fffffffed4f "echo iconv(\"UTF-8\", \"UTF-8\", \"Hello, world.\\n\");", str_len=48, retval_ptr=0x0, 
    string_name=0xe8bc45 "Command line code", handle_exceptions=1) at zend_execute_API.c:1176
	result = 1
#8  0x00000000009363e3 in zend_eval_string_ex (str=0x7fffffffed4f "echo iconv(\"UTF-8\", \"UTF-8\", \"Hello, world.\\n\");", retval_ptr=0x0, string_name=0xe8bc45 "Command line code", 
    handle_exceptions=1) at zend_execute_API.c:1187
No locals.
#9  0x0000000000a522f6 in do_cli (argc=3, argv=0x7fffffffeae8) at php_cli.c:1005
	__orig_bailout = (sigjmp_buf *) 0x7fffffffe9b0
	__bailout = {{_sjb = {10818544, 0, 140737488347032, 140737488349520, 140737488349920, 140737488349960, 140737488349928, 3, 15139711, 15150210, 15150224, 0}}}
	c = -1
	file_handle = {handle = {fd = 39419280, fp = 0x802597d90, stream = {handle = 0x802597d90, isatty = 9032672, mmap = {len = 9046320, pos = 9071088, map = 0x8a9ea0, 
        buf = 0x8b2b40 "UH\211?H\203?`H\213\005??\214", old_handle = 0x8a0960, old_closer = 0x11934a0 <cli_sapi_module>}, reader = 0, fsizer = 0x11934a0 <cli_sapi_module>, 
      closer = 0xe73711 <php_init_config.paths_separator+2>}}, filename = 0xe71b48 "-", opened_path = 0x0, type = ZEND_HANDLE_FP, free_filename = 0 '\0'}
	behavior = 6
	reflection_what = 0x0
	request_started = 1
	exit_status = 0
	php_optarg = 0x7fffffffed4f "echo iconv(\"UTF-8\", \"UTF-8\", \"Hello, world.\\n\");"
	orig_optarg = 0x0
	php_optind = 3
	orig_optind = 1
	exec_direct = 0x7fffffffed4f "echo iconv(\"UTF-8\", \"UTF-8\", \"Hello, world.\\n\");"
	exec_run = 0x0
	exec_begin = 0x0
	exec_end = 0x0
	arg_free = 0x7fffffffed4f "echo iconv(\"UTF-8\", \"UTF-8\", \"Hello, world.\\n\");"
	arg_excp = (char **) 0x7fffffffeaf8
	script_file = 0x0
	translated_path = 0x0
	interactive = 0
	lineno = 0
	param_error = 0x0
	hide_argv = 0
#10 0x0000000000a51029 in main (argc=3, argv=0x7fffffffeae8) at php_cli.c:1344
	__orig_bailout = (sigjmp_buf *) 0x0
	__bailout = {{_sjb = {10817537, 0, 140737488349528, 140737488349824, 140737488349920, 140737488349960, 140737488349928, 3, 140737488290687, 140737488349960, 140737488349928, 0}}}
	c = -1
	exit_status = 0
	module_started = 1
	sapi_started = 1
	php_optarg = 0x7fffffffed4f "echo iconv(\"UTF-8\", \"UTF-8\", \"Hello, world.\\n\");"
	php_optind = 3
	use_extended_info = 0
	ini_path_override = 0x0
	ini_entries = 0x80301e080 "html_errors=0\nregister_argc_argv=1\nimplicit_flush=1\noutput_buffering=0\nmax_execution_time=0\nmax_input_time=-1\n"
	ini_entries_len = 110
	ini_ignore = 0
	sapi_module = (sapi_module_struct *) 0x11934a0
(gdb) quit


Test script:
---------------
# php -r 'echo iconv("UTF-8", "UTF-8", "Hello, world.\n");'

Expected result:
----------------
Hello, world.

Actual result:
--------------
Bus error (core dumped)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-05-11 14:13 UTC] marcelo at tpn dot com dot br
https://bugs.php.net/patch-display.php?bug_id=69769&patch=solaris-iconv-patch&revision=latest

I've applied this patch and the problem was fixed to me:

# php -i | grep ^iconv
iconv
iconv support => enabled
iconv implementation => libiconv
iconv library version => OS built-in
iconv.input_encoding => no value => no value
iconv.internal_encoding => no value => no value
iconv.output_encoding => no value => no value

# php -r 'echo iconv("UTF-8", "UTF-8", "Hello, world.\n");'
Hello, world.
 [2016-05-11 15:01 UTC] marcelo at tpn dot com dot br
This bug also happens in the latest versions of PHP 5.3, 5.4, 5.5 and 5.6.
 [2016-12-30 23:24 UTC] david at davidfavor dot com
This PHP5.6 configuration seems to work.

lxd: net12-rmt-si # php --version
PHP 5.6.29-1+deb.sury.org~yakkety+1 (cli) 
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
    with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies
    with Xdebug v2.5.0, Copyright (c) 2002-2016, by Derick Rethans

lxd: net12-rmt-si # php -i | grep ^iconv
iconv
iconv support => enabled
iconv implementation => glibc
iconv library version => 2.24
iconv.input_encoding => no value => no value
iconv.internal_encoding => no value => no value
iconv.output_encoding => no value => no value

lxd: net12-rmt-si # php -r 'echo iconv("UTF-8", "UTF-8", "Hello, world.\n");'
Hello, world.
 [2017-01-16 14:41 UTC] ypnow at 163 dot com
I have the same problem on my freebsd host, looks like it happend when upgrade system of upgrade libiconv part. And after this, iconv never return normal..

System: FreeBSD 11.0 amd64/ FreeBSD 10.3 amd64
PHP: 5.6.27-29, 7.0.14, 7.1.0.
 [2017-01-29 04:05 UTC] bmueller5 at yahoo dot com
Same Problem. PHP-FPM crashes on FreeBSD 10.3 with PHP 5.6.30 and 7.0.14 if iconv is called

bus error (core dumped)  /usr/local/php56/bin/php -r 'echo iconv("UTF-8", "UTF-8", "Hello, world.\n");
 [2017-02-02 23:41 UTC] nti at w4w dot net
I've compiled phpXX-iconv with

CONFIGURE_ARGS+=--with-iconv=/usr/local

Now it works
 [2018-09-30 16:25 UTC] cmb@php.net
> iconv implementation => libiconv
> […]
> #0  0x00000008022700d1 in __bsd_iconv () from /lib/libc.so.7

This looks wrong.
 [2019-05-09 18:39 UTC] phpbugs dot ooglek at 0sg dot net
I am experiencing this on FreeBSD 12.0-RELEASE-p3 compiling PHP 7.3.5 from source using --with-iconv-dir=/usr/local

I've installed libiconv from ports but FreeBSD after 10-CURRENT on 2013-08-13 have iconv installed as part of the OS. It may be that the configure script, regardless of the value of DIR (/usr vs /usr/local) may pick up the port rather than the native library in /usr/lib/i18n/libiconv_std.so.4 vs /usr/local/lib/libiconv.so.2.5.1

I've tried DIR as both /usr and /usr/local without luck, still get the bus error. I'm going to dig a bit more to see if there is a lingering path issue in my environment, another ./configure var that will fix this on FreeBSD, or if another change is required.

It is still an issue when compiling PHP 7.3 from source on FreeBSD. Along with mysqli and mariadb, but that's another bug. :-)
 [2019-05-09 18:49 UTC] phpbugs dot ooglek at 0sg dot net
The documentation from ./configure is misleading.

# ./configure --help | grep -i iconv

  --without-iconv=DIR     Exclude iconv support
  --with-iconv-dir=DIR    XMLRPC-EPI: iconv dir for XMLRPC-EPI

However --with-iconv-dir seems to be not respected, and thus PHP ends up using the BSD version of libiconv, which causes the bus error.

When passing --with-iconv=/usr/local you get the correctly installed from ports libiconv from /usr/local 

Maybe add a failure case in ./configure if the library included is the BSD version? __bsd_iconv that cmb at php dot net mentioned is a likely culprit.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 14:01:29 2024 UTC