|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2018-08-26 22:48 UTC] aguero dot manuel at yahoo dot com
-Operating System: Ubuntu 16.04
+Operating System: ANY
[2018-08-26 22:48 UTC] aguero dot manuel at yahoo dot com
[2018-09-08 00:42 UTC] nikic@php.net
-Summary: Opcache causes a Segfault when php_uname has
a parameter.(DISABLED FUNCTION)
+Summary: Compile-time evaluation of disabled function
in opcache (SCCP) causes segfault
-Status: Open
+Status: Closed
-Assigned To:
+Assigned To: nikic
[2018-09-08 00:42 UTC] nikic@php.net
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Fri Nov 22 17:01:31 2024 UTC |
Description: ------------ SERVER: UBUNTU 16.04 LEMP STACK. WORDPRESS 4.9.8 php -v PHP 7.2.9-1+ubuntu16.04.1+deb.sury.org+1 (cli) (built: Aug 19 2018 07:16:12) ( NTS ) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies with Zend OPcache v7.2.9-1+ubuntu16.04.1+deb.sury.org+1, Copyright (c) 1999-2018, by Zend Technologies Disabled functions: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,php_uname BUG: Opcache is causing a segfault when php_uname has a parameter, You'll need to disable php_uname to reproduce this issue. This is only an issue on PHP 7.2 with OPCACHE enabled, If you disable OPCACHE then no segfault occurs.I've seen it since 7.2.2 --> 7.2.9 PHP 5.6 & 7.1 don't have this issue. If no parameter is set then it doesn't segfault. Example: php_uname() Examples of When it segfaults: This segfaults even though the parameter 's' is a valid parameter of Mode EX: php_uname( 's' ) If you remove the quotes from the parameter it doesn't segfault. EX: php_uname(s) If you need more information please let me know, Test script: --------------- Many WP plugins use php_uname with a valid parameter so it's not a plugin issue. Here are some examples to reproduce. Install/activate The Better Search and Replace Plugin and it will segfault right away. https://wordpress.org/plugins/better-search-replace/ CODE: https://github.com/deliciousbrains/better-search-replace/blob/8eaab18a9a9c21b23a4431d9a3eaf567d19fcc6c/includes/class-bsr-compatibility.php#L46 Install/activate: The plugin Redirection https://wordpress.org/plugins/redirection/ Once it's activated, go to WP-ADMIN --> tools --> redirection. Then you'll see it segfault. Code: https://github.com/johngodley/redirection/blob/90a74a50b5d5e238e3883d79ae5e09f9aadcd74c/models/fixer.php#L105 Expected result: ---------------- No segfault should occur. If php_uname is disabled, it should just output a warning to the logs without segfaulting just like PHP 5.6 & 7.1. Actual result: -------------- PHP-FPM log: [26-Aug-2018 15:18:07] NOTICE: [pool www] child 18694 started [26-Aug-2018 15:21:32] NOTICE: Terminating ... [26-Aug-2018 15:21:32] NOTICE: exiting, bye-bye! [26-Aug-2018 15:21:32] NOTICE: fpm is running, pid 18726 [26-Aug-2018 15:21:32] NOTICE: ready to handle connections [26-Aug-2018 15:21:32] NOTICE: systemd monitor interval set to 10000ms [26-Aug-2018 15:21:42] WARNING: [pool www] child 18731 exited on signal 11 (SIGSEGV - core dumped) after 10.753898 seconds from start [26-Aug-2018 15:21:42] NOTICE: [pool www] child 18734 started [26-Aug-2018 16:01:11] WARNING: [pool www] child 18730 exited on signal 11 (SIGSEGV - core dumped) after 2379.605258 seconds from start [26-Aug-2018 16:01:11] NOTICE: [pool www] child 18881 started [26-Aug-2018 16:40:29] WARNING: [pool www] child 18881 exited on signal 11 (SIGSEGV - core dumped) after 2357.848971 seconds from start [26-Aug-2018 16:40:29] NOTICE: [pool www] child 19058 started STRACE: [pid 18881] 16:40:28.988115 stat("/var/www/html/wp-content/plugins/better-search-replace/includes/class-bsr-compatibility.php", {st_mode=S_IFREG|0664, st_size=3806, ...}) = 0 <0.000036> [pid 18881] 16:40:28.988205 stat("/var/www/html/wp-content/plugins/better-search-replace/includes/class-bsr-compatibility.php", {st_mode=S_IFREG|0664, st_size=3806, ...}) = 0 <0.000031> [pid 18881] 16:40:28.988289 fcntl(4, F_SETLKW, {l_type=F_WRLCK, l_whence=SEEK_SET, l_start=0, l_len=1}) = 0 <0.000030> [pid 18881] 16:40:28.988366 fcntl(4, F_SETLK, {l_type=F_UNLCK, l_whence=SEEK_SET, l_start=0, l_len=1}) = 0 <0.000030> [pid 18881] 16:40:28.988449 open("/var/www/html/wp-content/plugins/better-search-replace/includes/class-bsr-compatibility.php", O_RDONLY) = 7 <0.000033> [pid 18881] 16:40:28.988534 fstat(7, {st_mode=S_IFREG|0664, st_size=3806, ...}) = 0 <0.000029> [pid 18881] 16:40:28.988613 fstat(7, {st_mode=S_IFREG|0664, st_size=3806, ...}) = 0 <0.000029> [pid 18881] 16:40:28.988691 fstat(7, {st_mode=S_IFREG|0664, st_size=3806, ...}) = 0 <0.000008> [pid 18881] 16:40:28.988726 fstat(7, {st_mode=S_IFREG|0664, st_size=3806, ...}) = 0 <0.000008> [pid 18881] 16:40:28.988759 mmap(NULL, 3806, PROT_READ, MAP_SHARED, 7, 0) = 0x7fa3cce4f000 <0.000010> [pid 18881] 16:40:28.988793 stat("/var/www/html/wp-content/plugins/better-search-replace/includes/class-bsr-compatibility.php", {st_mode=S_IFREG|0664, st_size=3806, ...}) = 0 <0.000009> [pid 18881] 16:40:28.989151 --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=0} --- [pid 18881] 16:40:29.617230 +++ killed by SIGSEGV (core dumped) +++ CORE DUMP. Core was generated by `php-fpm: pool www '. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x000055bc6b74dea5 in _zval_get_string_func () (gdb) bt #0 0x000055bc6b74dea5 in _zval_get_string_func () #1 0x000055bc6b756a0f in zend_make_printable_zval () #2 0x000055bc6b74c43d in concat_function () #3 0x00007fa3c74158d7 in ?? () from /usr/lib/php/20170718/opcache.so #4 0x00007fa3c743f013 in ?? () from /usr/lib/php/20170718/opcache.so #5 0x00007fa3c744243c in ?? () from /usr/lib/php/20170718/opcache.so #6 0x00007fa3c74410dd in ?? () from /usr/lib/php/20170718/opcache.so #7 0x00007fa3c742528b in ?? () from /usr/lib/php/20170718/opcache.so #8 0x00007fa3c74176d0 in ?? () from /usr/lib/php/20170718/opcache.so #9 0x00007fa3c74061f6 in ?? () from /usr/lib/php/20170718/opcache.so #10 0x000055bc6b7bc391 in ?? () #11 0x000055bc6b7fca23 in ?? () #12 0x000055bc6b801a0c in execute_ex () #13 0x000055bc6b80929e in zend_execute () #14 0x000055bc6b7579a3 in zend_execute_scripts () #15 0x000055bc6b6f2bf0 in php_execute_script () #16 0x000055bc6b5a9e69 in ?? () #17 0x00007fa3ca9bc830 in __libc_start_main (main=0x55bc6b5a90b0, argc=4, argv=0x7ffdc743b508, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffdc743b4f8) at ../csu/libc-start.c:291 #18 0x000055bc6b5aac99 in _start ()