php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75729 opcache segfault when installing Bitrix
Submitted: 2017-12-25 19:00 UTC Modified: 2018-03-24 12:18 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: chipitsine at gmail dot com Assigned: nikic (profile)
Status: Closed Package: opcache
PHP Version: 7.2.1RC1 OS: centos 7
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: chipitsine at gmail dot com
New email:
PHP Version: OS:

 

 [2017-12-25 19:00 UTC] chipitsine at gmail dot com
Description:
------------
during installing of https://www.1c-bitrix.ru/download/start_encode_php5.tar.gz
I got a segfault

however, if I disable opcache, everything is ok

Actual result:
--------------
[root@php72 corefiles]# gdb --core core.httpd.1514227684.1132 `which httpd`GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-100.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/sbin/httpd...Reading symbols from /usr/lib/debug/usr/sbin/httpd.debug...done.
done.
[New LWP 1132]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/usr/sbin/httpd -DFOREGROUND'.
Program terminated with signal 11, Segmentation fault.
#0  __strlen_sse42 () at ../sysdeps/x86_64/multiarch/strlen-sse4.S:31
31		pcmpeqb	(%rdi), %xmm1
(gdb) bt
#0  __strlen_sse42 () at ../sysdeps/x86_64/multiarch/strlen-sse4.S:31
#1  0x00007f5beeec597a in xbuf_format_converter (xbuf=0x7ffc3d252d10, is_char=1 '\001', fmt=<optimized out>, ap=0x7ffc3d252e40)
    at /usr/src/debug/php-7.2.1RC1/main/spprintf.c:604
#2  0x00007f5beef2678a in zend_vspprintf (pbuf=pbuf@entry=0x7ffc3d252d78, max_len=1024, format=<optimized out>, ap=<optimized out>)
    at /usr/src/debug/php-7.2.1RC1/Zend/zend.c:170
#3  0x00007f5beed343ae in php_error_cb (type=16, error_filename=0x7f5beefddd32 "Unknown", error_lineno=0, format=<optimized out>, 
    args=<optimized out>) at /usr/src/debug/php-7.2.1RC1/main/main.c:1037
#4  0x00007f5beed36464 in zend_error (type=type@entry=16, format=format@entry=0x7f5bef0470bf "%s%s%s(): %s")
    at /usr/src/debug/php-7.2.1RC1/Zend/zend.c:1230
#5  0x00007f5beed36d63 in zend_parse_parameters_debug_error (msg=msg@entry=0x7f5bef046f30 "could not obtain parameters for parsing")
    at /usr/src/debug/php-7.2.1RC1/Zend/zend_API.c:828
#6  0x00007f5beef307d6 in zend_parse_va_args (num_args=<optimized out>, type_spec=<optimized out>, va=va@entry=0x7ffc3d253030, 
    flags=flags@entry=0) at /usr/src/debug/php-7.2.1RC1/Zend/zend_API.c:923
#7  0x00007f5beef30936 in zend_parse_parameters (num_args=<optimized out>, type_spec=type_spec@entry=0x7f5be8489450 "sl|l!s")
    at /usr/src/debug/php-7.2.1RC1/Zend/zend_API.c:990
#8  0x00007f5be83a8968 in zif_mb_substr (execute_data=<optimized out>, return_value=0x7ffc3d253200)
    at /usr/src/debug/php-7.2.1RC1/ext/mbstring/mbstring.c:2905
#9  0x00007f5bedbd9354 in ct_eval_func_call (args=0x7ffc3d253210, num_args=3, name=<optimized out>, result=0x7ffc3d253200)
    at /usr/src/debug/php-7.2.1RC1/ext/opcache/Optimizer/sccp.c:844
#10 sccp_visit_instr (scdf=0x7ffc3d253360, opline=<optimized out>, ssa_op=0x7f5bde783bd0)
    at /usr/src/debug/php-7.2.1RC1/ext/opcache/Optimizer/sccp.c:1279
#11 0x00007f5bedbdb47c in scdf_solve (scdf=scdf@entry=0x7ffc3d253360, name=name@entry=0x7f5bedbea4b0 "SCCP")
    at /usr/src/debug/php-7.2.1RC1/ext/opcache/Optimizer/scdf.c:167
#12 0x00007f5bedbda0a5 in sccp_optimize_op_array (ctx=ctx@entry=0x7ffc3d253550, op_array=op_array@entry=0x7f5bde6490d0, 
    ssa=ssa@entry=0x7f5bde69d048, call_map=call_map@entry=0x7f5bde6b0d00)
    at /usr/src/debug/php-7.2.1RC1/ext/opcache/Optimizer/sccp.c:1669
#13 0x00007f5bedbbf723 in zend_dfa_optimize_op_array (op_array=0x7f5bde6490d0, ctx=ctx@entry=0x7ffc3d253550, ssa=0x7f5bde69d048, 
    call_map=0x7f5bde6b0d00) at /usr/src/debug/php-7.2.1RC1/ext/opcache/Optimizer/dfa_pass.c:566
#14 0x00007f5bedbb1922 in zend_optimize_script (script=script@entry=0x7f5bde697000, optimization_level=2147467263, debug_level=0)
    at /usr/src/debug/php-7.2.1RC1/ext/opcache/Optimizer/zend_optimizer.c:1263
---Type <return> to continue, or q <return> to quit---
#15 0x00007f5bedba061a in cache_script_in_shared_memory (from_shared_memory=<synthetic pointer>, key_length=<optimized out>, 
    key=<optimized out>, new_persistent_script=0x7f5bde697000) at /usr/src/debug/php-7.2.1RC1/ext/opcache/ZendAccelerator.c:1321
#16 persistent_compile_file (file_handle=<optimized out>, type=8) at /usr/src/debug/php-7.2.1RC1/ext/opcache/ZendAccelerator.c:1922
#17 0x00007f5beeeeb5fb in compile_filename (type=type@entry=8, filename=filename@entry=0x7f5bede22420)
    at Zend/zend_language_scanner.l:662
#18 0x00007f5beef8c84a in zend_include_or_eval (inc_filename=inc_filename@entry=0x7f5bede22420, type=8)
    at /usr/src/debug/php-7.2.1RC1/Zend/zend_execute.c:2826
#19 0x00007f5beefcd1e3 in ZEND_INCLUDE_OR_EVAL_SPEC_TMPVAR_HANDLER () at /usr/src/debug/php-7.2.1RC1/Zend/zend_vm_execute.h:48631
#20 0x00007f5beefd219a in execute_ex (ex=0x10) at /usr/src/debug/php-7.2.1RC1/Zend/zend_vm_execute.h:63139
#21 0x00007f5beefd9aae in zend_execute (op_array=op_array@entry=0x7f5bede850e0, return_value=return_value@entry=0x7f5be01ccd08)
    at /usr/src/debug/php-7.2.1RC1/Zend/zend_vm_execute.h:63763
#22 0x00007f5beef279b3 in zend_execute_scripts (type=-303946800, type@entry=8, retval=0x7f5be01ccd08, retval@entry=0x0, 
    file_count=file_count@entry=3) at /usr/src/debug/php-7.2.1RC1/Zend/zend.c:1496
#23 0x00007f5beeec28a8 in php_execute_script (primary_file=primary_file@entry=0x7ffc3d255d70)
    at /usr/src/debug/php-7.2.1RC1/main/main.c:2590
#24 0x00007f5beefdbc0a in php_handler (r=<optimized out>) at /usr/src/debug/php-7.2.1RC1/sapi/apache2handler/sapi_apache2.c:701
#25 0x000055e3fb158a10 in ap_run_handler (r=0x55e3fc2a5380) at config.c:168
#26 0x000055e3fb158de9 in ap_invoke_handler (r=r@entry=0x55e3fc2a5380) at config.c:432
#27 0x000055e3fb16d12a in ap_process_async_request (r=r@entry=0x55e3fc2a5380) at http_request.c:317
#28 0x000055e3fb16d404 in ap_process_request (r=r@entry=0x55e3fc2a5380) at http_request.c:363
#29 0x000055e3fb169db2 in ap_process_http_sync_connection (c=0x55e3fc29ee60) at http_core.c:190
#30 ap_process_http_connection (c=0x55e3fc29ee60) at http_core.c:231
#31 0x000055e3fb161e30 in ap_run_process_connection (c=0x55e3fc29ee60) at connection.c:41
#32 0x000055e3fb162218 in ap_process_connection (c=c@entry=0x55e3fc29ee60, csd=<optimized out>) at connection.c:202
#33 0x00007f5bf27e07ef in child_main (child_num_arg=child_num_arg@entry=2) at prefork.c:704
#34 0x00007f5bf27e0a26 in make_child (s=0x55e3fc036348, slot=slot@entry=2) at prefork.c:800
#35 0x00007f5bf27e0a86 in startup_children (number_to_start=3) at prefork.c:818

#36 0x00007f5bf27e1790 in prefork_run (_pconf=<optimized out>, plog=0x55e3fc038358, s=0x55e3fc036348) at prefork.c:976
#37 0x000055e3fb13f0fe in ap_run_mpm (pconf=0x55e3fc00b138, plog=0x55e3fc038358, s=0x55e3fc036348) at mpm_common.c:96
#38 0x000055e3fb138726 in main (argc=2, argv=0x7ffc3d256568) at main.c:777
(gdb) 


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-12-26 17:50 UTC] chipitsine at gmail dot com
Note: bitrix requires the following settings

mbstring.func_overload=2
mbstring.internal_encoding=UTF-8

it turns out that them crash opcache.
without those setting opcache works
 [2018-02-05 20:11 UTC] nikic@php.net
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d9e71169e6c0d8cd33e44f5e6a1d1ec3926f3362
Log: Fixed bug #75729
 [2018-02-05 20:11 UTC] nikic@php.net
-Status: Open +Status: Closed
 [2018-03-23 19:41 UTC] info at ihead dot ru
PHP 7.2.3, FreeBSD 11.1 

Problem exists in PHP 7.2.3.
I got segmentation fault when installing 1C-Bitrix (http://www.1c-bitrix.ru/download/scripts/bitrixsetup.php) with mbstring.func_overload=2 after submitting form with database connection parameters.
 [2018-03-24 08:43 UTC] info at ihead dot ru
I found the code which cause segfault:
echo substr(PHP_OS, 0, 3);
 [2018-03-24 09:09 UTC] info at ihead dot ru
In patch 
http://git.php.net/?p=php-src.git;a=commit;h=d9e71169e6c0d8cd33e44f5e6a1d1ec3926f3362
changed code in condition num_args == 2

substr can recieve 3 args, so it is necessary to change the corresponging code in num_args == 3 

--- sccp.c.orig 2018-02-27 19:33:06.000000000 +0300
+++ sccp.c      2018-03-24 12:01:08.808825000 +0300
@@ -820,7 +820,8 @@
                } else if (zend_string_equals_literal(name, "substr")) {
                        if (Z_TYPE_P(args[0]) != IS_STRING
                                        || Z_TYPE_P(args[1]) != IS_LONG
-                                       || Z_TYPE_P(args[2]) != IS_LONG) {
+                                       || Z_TYPE_P(args[2]) != IS_LONG
+                                       || (CG(compiler_options) & ZEND_COMPILE_NO_BUILTIN_STRLEN)) {
                                return FAILURE;
                        }
                        /* pass */
 [2018-03-24 11:44 UTC] chipitsine at gmail dot com
wow
 [2018-03-24 12:18 UTC] nikic@php.net
-Assigned To: +Assigned To: nikic
 [2018-03-24 12:18 UTC] nikic@php.net
@info at ihead dot ru: Right, I missed that case. Fixed in https://github.com/php/php-src/commit/3306577797bb4a8524584a00d6cf482f4d8c9b38
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Nov 23 09:01:28 2024 UTC