PHP :: Bug #73170 :: Segmentation Fault in solr_pcre_replace_into_buffer() at solr_functions

Bug #73170

Segmentation Fault in solr_pcre_replace_into_buffer() at solr_functions_helpers.

Submitted:

2016-09-26 07:03 UTC

Modified:

2016-09-26 08:51 UTC

Votes:	7
Avg. Score:	4.9 ± 0.3
Reproduced:	6 of 6 (100.0%)
Same Version:	4 (66.7%)
Same OS:	5 (83.3%)

From:

rimittal44 at gmail dot com

Assigned:

Status:

Open

Package:

solr (PECL)

PHP Version:

7.0.11

OS:

Debian

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	rimittal44 at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2016-09-26 07:03 UTC] rimittal44 at gmail dot com

Description:
------------
I am using the latest Solr Client from (https://github.com/php/pecl-search_engine-solr/tree/master) which is raising segmentation fault arbitrarily. 

Below is the dump created by gdb.


#0  solr_pcre_replace_into_buffer (buffer=buffer@entry=0x7ffebab89a30, search=search@entry=0x7f72d03bfd56 "/a\\:([0-9]+):{s/i", 
    replace=replace@entry=0x7f72d03bfd3e "O:10:\"SolrObject\":\\1:{s") at /home/foodie/pecl-search_engine-solr/src/php7/solr_functions_helpers.c:1424
1424	    solr_string_set_ex(buffer, (solr_char_t *)result->val, (size_t)result->len);
(gdb) 
(gdb) 
(gdb) bt
#0  solr_pcre_replace_into_buffer (buffer=buffer@entry=0x7ffebab89a30, search=search@entry=0x7f72d03bfd56 "/a\\:([0-9]+):{s/i", 
    replace=replace@entry=0x7f72d03bfd3e "O:10:\"SolrObject\":\\1:{s") at /home/foodie/pecl-search_engine-solr/src/php7/solr_functions_helpers.c:1424
#1  0x00007f72d03b8d03 in solr_sarray_to_sobject (buffer=buffer@entry=0x7ffebab89a30) at /home/foodie/pecl-search_engine-solr/src/php7/solr_functions_helpers.c:1437
#2  0x00007f72d03af301 in solr_response_get_response_impl (execute_data=0x7f72e2214bd0, return_value=0x7f72e2214ba0, return_array=0)
    at /home/foodie/pecl-search_engine-solr/src/php7/php_solr_response.c:276
#3  0x00007f72e493c66a in dtrace_execute_internal () from /usr/lib/apache2/modules/libphp7.0.so
#4  0x00007f72e49d12c0 in ?? () from /usr/lib/apache2/modules/libphp7.0.so
#5  0x00007f72e498c87b in execute_ex () from /usr/lib/apache2/modules/libphp7.0.so
#6  0x00007f72e493c4f8 in dtrace_execute_ex () from /usr/lib/apache2/modules/libphp7.0.so
#7  0x00007f72d360002b in nr_php_execute_enabled () at /home/hudson/slave-workspace/workspace/php-release-agent/label/centos5-64-nrcamp/agent/php_execute.c:1177
#8  0x00007f72d3600662 in nr_php_execute () at /home/hudson/slave-workspace/workspace/php-release-agent/label/centos5-64-nrcamp/agent/php_execute.c:1287
#9  0x00007f72e49d13fd in ?? () from /usr/lib/apache2/modules/libphp7.0.so
#10 0x00007f72e498c87b in execute_ex () from /usr/lib/apache2/modules/libphp7.0.so
#11 0x00007f72e493c4f8 in dtrace_execute_ex () from /usr/lib/apache2/modules/libphp7.0.so
#12 0x00007f72d360002b in nr_php_execute_enabled () at /home/hudson/slave-workspace/workspace/php-release-agent/label/centos5-64-nrcamp/agent/php_execute.c:1177
#13 0x00007f72d3600662 in nr_php_execute () at /home/hudson/slave-workspace/workspace/php-release-agent/label/centos5-64-nrcamp/agent/php_execute.c:1287
#14 0x00007f72e49d13fd in ?? () from /usr/lib/apache2/modules/libphp7.0.so
#15 0x00007f72e498c87b in execute_ex () from /usr/lib/apache2/modules/libphp7.0.so
#16 0x00007f72e493c4f8 in dtrace_execute_ex () from /usr/lib/apache2/modules/libphp7.0.so
#17 0x00007f72d360016a in nr_php_execute_file () at /home/hudson/slave-workspace/workspace/php-release-agent/label/centos5-64-nrcamp/agent/php_execute.c:837
#18 nr_php_execute_enabled () at /home/hudson/slave-workspace/workspace/php-release-agent/label/centos5-64-nrcamp/agent/php_execute.c:1059
#19 0x00007f72d3600662 in nr_php_execute () at /home/hudson/slave-workspace/workspace/php-release-agent/label/centos5-64-nrcamp/agent/php_execute.c:1287
#20 0x00007f72e49dde8c in ?? () from /usr/lib/apache2/modules/libphp7.0.so
#21 0x00007f72e498c87b in execute_ex () from /usr/lib/apache2/modules/libphp7.0.so
#22 0x00007f72e493c4f8 in dtrace_execute_ex () from /usr/lib/apache2/modules/libphp7.0.so
#23 0x00007f72d360016a in nr_php_execute_file () at /home/hudson/slave-workspace/workspace/php-release-agent/label/centos5-64-nrcamp/agent/php_execute.c:837
#24 nr_php_execute_enabled () at /home/hudson/slave-workspace/workspace/php-release-agent/label/centos5-64-nrcamp/agent/php_execute.c:1059
#25 0x00007f72d3600662 in nr_php_execute () at /home/hudson/slave-workspace/workspace/php-release-agent/label/centos5-64-nrcamp/agent/php_execute.c:1287
#26 0x00007f72e49dd20c in ?? () from /usr/lib/apache2/modules/libphp7.0.so
#27 0x00007f72e498c87b in execute_ex () from /usr/lib/apache2/modules/libphp7.0.so
#28 0x00007f72e493c4f8 in dtrace_execute_ex () from /usr/lib/apache2/modules/libphp7.0.so
#29 0x00007f72d360016a in nr_php_execute_file () at /home/hudson/slave-workspace/workspace/php-release-agent/label/centos5-64-nrcamp/agent/php_execute.c:837
#30 nr_php_execute_enabled () at /home/hudson/slave-workspace/workspace/php-release-agent/label/centos5-64-nrcamp/agent/php_execute.c:1059
#31 0x00007f72d3600662 in nr_php_execute () at /home/hudson/slave-workspace/workspace/php-release-agent/label/centos5-64-nrcamp/agent/php_execute.c:1287
#32 0x00007f72e49e0ec7 in zend_execute () from /usr/lib/apache2/modules/libphp7.0.so
#33 0x00007f72e494c983 in zend_execute_scripts () from /usr/lib/apache2/modules/libphp7.0.so
#34 0x00007f72e48ed200 in php_execute_script () from /usr/lib/apache2/modules/libphp7.0.so
#35 0x00007f72e49e284a in ?? () from /usr/lib/apache2/modules/libphp7.0.so
#36 0x00007f72e94032a0 in ap_run_handler (r=r@entry=0x7f72e92a9bf8) at config.c:169
#37 0x00007f72e94037e9 in ap_invoke_handler (r=r@entry=0x7f72e92a9bf8) at config.c:433
#38 0x00007f72e9418fec in ap_internal_redirect (new_uri=<optimized out>, r=<optimized out>) at http_request.c:648
#39 0x00007f72e2fc2ea2 in handler_redirect (r=0x7f72e927b4e0) at mod_rewrite.c:5106
#40 0x00007f72e94032a0 in ap_run_handler (r=r@entry=0x7f72e927b4e0) at config.c:169
#41 0x00007f72e94037e9 in ap_invoke_handler (r=r@entry=0x7f72e927b4e0) at config.c:433
#42 0x00007f72e9418fec in ap_internal_redirect (new_uri=<optimized out>, r=<optimized out>) at http_request.c:648
#43 0x00007f72e2fc2ea2 in handler_redirect (r=0x7f72e944ad40) at mod_rewrite.c:5106
#44 0x00007f72e94032a0 in ap_run_handler (r=r@entry=0x7f72e944ad40) at config.c:169
#45 0x00007f72e94037e9 in ap_invoke_handler (r=r@entry=0x7f72e944ad40) at config.c:433
#46 0x00007f72e9418fec in ap_internal_redirect (new_uri=<optimized out>, r=<optimized out>) at http_request.c:648
#47 0x00007f72e2fc2ea2 in handler_redirect (r=0x7f72e92784c0) at mod_rewrite.c:5106
#48 0x00007f72e94032a0 in ap_run_handler (r=r@entry=0x7f72e92784c0) at config.c:169
#49 0x00007f72e94037e9 in ap_invoke_handler (r=r@entry=0x7f72e92784c0) at config.c:433
#50 0x00007f72e9418fec in ap_internal_redirect (new_uri=<optimized out>, r=<optimized out>) at http_request.c:648
---Type <return> to continue, or q <return> to quit---
#51 0x00007f72e2fc2ea2 in handler_redirect (r=0x7f72e92800a0) at mod_rewrite.c:5106
#52 0x00007f72e94032a0 in ap_run_handler (r=r@entry=0x7f72e92800a0) at config.c:169
#53 0x00007f72e94037e9 in ap_invoke_handler (r=0x7f72e92800a0) at config.c:433
#54 0x00007f72e94196c2 in ap_process_async_request (r=0x7f72e92800a0) at http_request.c:317
#55 0x00007f72e9419860 in ap_process_request (r=0x7f72e92800a0) at http_request.c:363
#56 0x00007f72e9416162 in ap_process_http_sync_connection (c=0x7f72e945e290) at http_core.c:190
#57 ap_process_http_connection (c=0x7f72e945e290) at http_core.c:231
#58 0x00007f72e940cb50 in ap_run_process_connection (c=0x7f72e945e290) at connection.c:41
#59 0x00007f72e4fed7ba in child_main (child_num_arg=-455236288) at prefork.c:704
#60 0x00007f72e4feda01 in make_child (s=0x7f72e960ade0, slot=25) at prefork.c:800
#61 0x00007f72e4fee667 in perform_idle_server_maintenance (p=<optimized out>) at prefork.c:902
#62 prefork_run (_pconf=0x7f72e9649f38 <ap_server_conf>, plog=0x7ffebab8cf0c, s=0x7ffebab8cf10) at prefork.c:1090
#63 0x00007f72e93e8e7e in ap_run_mpm (pconf=0x7f72e9638028, plog=0x7f72e9606028, s=0x7f72e960ade0) at mpm_common.c:94
#64 0x00007f72e93e23c3 in main (argc=3, argv=0x7ffebab8d1f8) at main.c:777

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-09-26 07:09 UTC] rimittal44 at gmail dot com

-Summary: Segmentation Fault SIGSEGV in solr_pcre_replace_into_buffer +Summary: Segmentation Fault in solr_pcre_replace_into_buffer() at solr_fucntions_helpers.

[2016-09-26 07:09 UTC] rimittal44 at gmail dot com

Updated Summary line

[2016-09-26 08:51 UTC] rimittal44 at gmail dot com

-Summary: Segmentation Fault in solr_pcre_replace_into_buffer() at solr_fucntions_helpers. +Summary: Segmentation Fault in solr_pcre_replace_into_buffer() at solr_functions_helpers.

[2016-09-26 08:51 UTC] rimittal44 at gmail dot com

Same Issue is coming from using solr(2.4.0) stable version downloaded from https://pecl.php.net/package/solr.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 19:01:29 2024 UTC