PHP :: Bug #78471 :: libssh2_sftp_shutdown segfaults (called via ssh2

Bug #78471

libssh2_sftp_shutdown segfaults (called via ssh2_disconnection())

Submitted:

2019-08-28 13:55 UTC

Modified:

2021-02-09 13:18 UTC

Votes:	7
Avg. Score:	4.0 ± 0.9
Reproduced:	7 of 7 (100.0%)
Same Version:	1 (14.3%)
Same OS:	1 (14.3%)

From:

mls at pronego dot com

Assigned:

cmb (profile)

Status:

Duplicate

Package:

ssh2 (PECL)

PHP Version:

7.2.21

OS:

linuxkit docker image

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	mls at pronego dot com
New email:
PHP Version:		OS:

New Comment:

[2019-08-28 13:55 UTC] mls at pronego dot com

Description:
------------
Called ssh2_disconnect() on existing connection after successful file upload.
During execution of the destructors -> segfault
(I'm sorry for not having the debug symbols installed in the docker container)

Test script:
---------------
n/a

Expected result:
----------------
close the connection WITHOUT segfault

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x00007f86ae1f1a9f in libssh2_sftp_shutdown () from /usr/lib/x86_64-linux-gnu/libssh2.so.1
(gdb) bt
#0  0x00007f86ae1f1a9f in libssh2_sftp_shutdown () from /usr/lib/x86_64-linux-gnu/libssh2.so.1
#1  0x00007f86acd69803 in php_ssh2_sftp_dtor (rsrc=<optimized out>) at /tmp/pear/temp/ssh2/ssh2_sftp.c:41
#2  0x000055c87f50604e in ?? ()
#3  0x000055c87f506089 in ?? ()
#4  0x000055c87f503597 in zend_hash_reverse_apply ()
#5  0x000055c87f4e0323 in ?? ()
#6  0x000055c87f4f108b in zend_deactivate ()
#7  0x000055c87f48d63f in php_request_shutdown ()
#8  0x000055c87f5952aa in ?? ()
#9  0x000055c87f15004c in ?? ()
#10 0x00007f86b039209b in __libc_start_main (main=0x55c87f14fbc0, argc=3, argv=0x7fff8ea7a9e8, init=<optimized out>,
    fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff8ea7a9d8) at ../csu/libc-start.c:308
#11 0x000055c87f15014a in _start ()

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2019-08-29 06:22 UTC] mls at pronego dot com

Segfault happens during execution on CLI

[2019-09-05 23:32 UTC] lunar dot rift at gmail dot com

When I call ssh2_disconnect(), I am getting the following error:

Assertion failed: (session), function _libssh2_channel_free, file channel.c, line 2484.
Abort trap: 6

----------

PHP 7.2.23 and ssh2 v1.1.2 installed via Mac Ports on macOS 10.14.6.

[2020-05-25 23:10 UTC] info at dotsamazing dot com

This bug is present in PHP 7.4.3 CLI under Ubuntu 20.04 too, as reported in #79631.

You may try using ssh2_disconnect on the _SFTP handle_ before using ssh2_disconnect using the SSH2 connection handle to avoid the segfault. 

Though it's not a supported way of disconnecting but we've found this to be the only way to avoid segfaults repeatedly on our server.

[2021-02-09 13:18 UTC] cmb@php.net

-Status: Open +Status: Duplicate -Assigned To: +Assigned To: cmb

[2021-02-09 13:18 UTC] cmb@php.net

Closing as duplicate of bug #79631, since that report already has
a detailed analysis.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 22:01:28 2024 UTC