php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79088 Segmentation fault when instatiating a class
Submitted: 2020-01-09 12:43 UTC Modified: 2020-01-09 12:46 UTC
From: jakub at tuenti dot com Assigned:
Status: Duplicate Package: opcache
PHP Version: 7.4.1 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: jakub at tuenti dot com
New email:
PHP Version: OS:

 

 [2020-01-09 12:43 UTC] jakub at tuenti dot com
Description:
------------
When executing the attached script with opcache enabled, I get segmentation faults. It can be reproduced by running it with the php docker images:

$ docker run -v $PWD/test.php:/test.php -ti php:7.4.1 sh -c "php -dzend_extension=opcache -dopcache.enable_cli=1 /test.php; php -dzend_extension=opcache -dopcache.enable_cli=1 /test.php"
Segmentation fault (core dumped)
Segmentation fault (core dumped)

The script runs fine on 7.3.13, but segfaults on all the 7.4 tags I tested (7.4.0alpha1, 7.4.0 and 7.4.1).

The backtrace I attach is from a custom php image (based on debian buster and using the packages from deb.sury.org).

Test script:
---------------
<?php

class A {
    const B = 'c';
}

class D
{
    public function __construct()
    {
    }
}

class E extends D
{
    static $A = A::B;
}

new E();


Actual result:
--------------
(gdb) bt
#0  __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:65
#1  0x000055d097fe28f5 in xbuf_format_converter (xbuf=0x7ffc2a75f2a0, is_char=1 '\001', fmt=0x55d098128a4c "s::%s() from invalid context", ap=0x7ffc2a75f2f0) at ./main/spprintf.c:596
#2  0x000055d09803f005 in zend_vspprintf (pbuf=0x7ffc2a75f2e8, max_len=0, format=<optimized out>, ap=<optimized out>) at ./Zend/zend.c:190
#3  0x000055d097e8ec81 in zend_throw_error (exception_ce=0x55d0999a1d40, format=0x55d098128a40 "Call to %s %s::%s() from invalid context") at ./Zend/zend.c:1535
#4  0x000055d097e97a29 in zend_std_get_constructor (zobj=<optimized out>) at ./Zend/zend_object_handlers.c:1588
#5  0x000055d0980a40a6 in ZEND_NEW_SPEC_CONST_UNUSED_HANDLER () at ./Zend/zend_vm_execute.h:9226
#6  0x000055d0980bed0a in execute_ex (ex=0x18) at ./Zend/zend_vm_execute.h:54334
#7  0x000055d0980c6271 in zend_execute (op_array=0x7f89566702a0, return_value=<optimized out>) at ./Zend/zend_vm_execute.h:57664
#8  0x000055d0980402c3 in zend_execute_scripts (type=type@entry=8, retval=0x7f8956614020, retval@entry=0x0, file_count=file_count@entry=3) at ./Zend/zend.c:1663
#9  0x000055d097fdfd50 in php_execute_script (primary_file=<optimized out>) at ./main/main.c:2619
#10 0x000055d0980c8316 in do_cli (argc=5, argv=0x55d099944360) at ./sapi/cli/php_cli.c:961
#11 0x000055d097ea77cf in main (argc=5, argv=0x55d099944360) at ./sapi/cli/php_cli.c:1352

(gdb) dump_bt executor_globals.current_execute_data
[0x7f8956614020] (main) /source/test.php:19 



Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-01-09 12:46 UTC] nikic@php.net
-Status: Open +Status: Duplicate
 [2020-01-09 12:46 UTC] nikic@php.net
This is the same issue as bug #78986, which will be fixed in the upcoming PHP 7.4.2 version.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 01:01:30 2024 UTC