php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #73668 "SIGFPE Arithmetic exception" in opcache when divide by minus 1
Submitted: 2016-12-06 12:44 UTC Modified: 2016-12-06 21:28 UTC
From: richardh at channelgrabber dot com Assigned: nikic (profile)
Status: Closed Package: opcache
PHP Version: 7.1.0 OS: Ubuntu 14.04.1 LTS
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: richardh at channelgrabber dot com
New email:
PHP Version: OS:

 

 [2016-12-06 12:44 UTC] richardh at channelgrabber dot com 
Description:
------------
We recently switched to PHP 7.1.0 and noticed that when https://github.com/Setasign/FPDF/blob/master/fpdf.php was included it caused PHP to exit with SIGFPE.

We installed the debug symbols and ran it through GDB a few times, reducing the issue down to lines 901 and 902 (https://github.com/Setasign/FPDF/blob/master/fpdf.php#L901).

From this we created the reduced test case attached below.

The backtrace from the error is:
#0  0x00007ffff5b069a7 in zend_inference_calc_range (op_array=op_array@entry=0x7ffff6075008, ssa=ssa@entry=0x7ffff6097028, var=var@entry=1, 
    widening=widening@entry=0, narrowing=narrowing@entry=1, tmp=tmp@entry=0x7fffffffa7f0)
    at /build/php7.1-kMIlXM/php7.1-7.1.0/ext/opcache/Optimizer/zend_inference.c:727
#1  0x00007ffff5b0c21f in zend_infer_ranges (op_array=op_array@entry=0x7ffff6075008, ssa=ssa@entry=0x7ffff6097028)
    at /build/php7.1-kMIlXM/php7.1-7.1.0/ext/opcache/Optimizer/zend_inference.c:1954
#2  0x00007ffff5b133f3 in zend_ssa_inference (arena=arena@entry=0x7fffffffa960, op_array=op_array@entry=0x7ffff6075008, script=0x7ffff6075000, 
    ssa=ssa@entry=0x7ffff6097028) at /build/php7.1-kMIlXM/php7.1-7.1.0/ext/opcache/Optimizer/zend_inference.c:4181
#3  0x00007ffff5afb7f7 in zend_dfa_analyze_op_array (op_array=0x7ffff6075008, ctx=ctx@entry=0x7fffffffa960, ssa=0x7ffff6097028, flags=0x7ffff6097024)
    at /build/php7.1-kMIlXM/php7.1-7.1.0/ext/opcache/Optimizer/dfa_pass.c:106
#4  0x00007ffff5aef7e7 in zend_optimize_script (script=script@entry=0x7ffff6075000, optimization_level=2147467263, debug_level=0)
    at /build/php7.1-kMIlXM/php7.1-7.1.0/ext/opcache/Optimizer/zend_optimizer.c:967
#5  0x00007ffff5adf1c4 in cache_script_in_shared_memory (from_shared_memory=<synthetic pointer>, key_length=22, 
    key=0x7ffff5d2e6cc <accel_globals+556> "test.php:223344:223384", new_persistent_script=0x7ffff6075000)
    at /build/php7.1-kMIlXM/php7.1-7.1.0/ext/opcache/ZendAccelerator.c:1271
#6  persistent_compile_file (file_handle=<optimized out>, type=8) at /build/php7.1-kMIlXM/php7.1-7.1.0/ext/opcache/ZendAccelerator.c:1863
#7  0x00007ffff589ff9d in xdebug_compile_file (file_handle=<optimized out>, type=<optimized out>) at /build/xdebug-_hXbf9/xdebug-2.5.0/build-7.1/xdebug.c:2153
#8  0x00005555557b469d in zend_execute_scripts ()
#9  0x0000555555754b18 in php_execute_script ()
#10 0x000055555584e1c9 in ?? ()
#11 0x000055555563d92f in main ()


Test script:
---------------
<?php
$a/-1;

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-12-06 21:26 UTC] nikic@php.net 
Automatic comment on behalf of nikic
Revision: http://git.php.net/?p=php-src.git;a=commit;h=76c4a3db080e347663a3999ae38b78cf26dd4c84
Log: Fix bug #73668
 [2016-12-06 21:26 UTC] nikic@php.net
-Status: Open +Status: Closed
 [2016-12-06 21:28 UTC] nikic@php.net
-Assigned To: +Assigned To: nikic
 [2016-12-06 21:28 UTC] nikic@php.net 
That must be a record length reproduce script...
 [2017-01-06 15:17 UTC] nikic@php.net 
Related To: Bug #73881
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Jan 30 17:01:31 2025 UTC