php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #81167 Segfault when loading a large file
Submitted: 2021-06-18 09:18 UTC Modified: 2021-06-21 09:40 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: kochnorman at rocketmail dot com Assigned: cmb (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 7.3.19-1~deb10u1 OS: Debian 10
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: kochnorman at rocketmail dot com
New email:
PHP Version: OS:

 

 [2021-06-18 09:18 UTC] kochnorman at rocketmail dot com 
Description:
------------
Sorry first, I use PHP 7.3.19-1~deb10u1, but I could not choose this version.

I encountered problems with a very larges script I have. The minimal (not-)working example I could create can be created and tested with 

perl -e 'sub rstr { my $len = shift; return join("", map { (a..z,A..Z,0..9)[rand 67] } 0..$len) }; print "<?php\n"; my $subname = "a"; foreach (1 .. 1000) { print qq#function test_$subname () { return "#.rstr(100).qq#"; }\n#; $subname++; }' > test.php; php -l test.php

The file compiles, but then crashes with 

[1]    32247 segmentation fault  php -l test.php

I believe a 1000-line-file should not cause this error.

Trying to reduce the length of the file, I even get another message:

perl -e 'sub rstr { my $len = shift; return join("", map { (a..z,A..Z,0..9)[rand 67] } 0..$len) }; print "<?php\n"; my $subname = "a"; foreach (1 .. 1000) { print qq#function test_$subname () { return "#.rstr(100).qq#"; }\n#; $subname++; }' > test.php; php -l test.php

No syntax errors detected in test.php
zend_mm_heap corrupted

I have no idea why this happens.

I can work around this problem by splitting a large file into several smaller ones and then including the smaller files.

Test script:
---------------
Segfault:
perl -e 'sub rstr { my $len = shift; return join("", map { (a..z,A..Z,0..9)[rand 67] } 0..$len) }; print "<?php\n"; my $subname = "a"; foreach (1 .. 1000) { print qq#function test_$subname () { return "#.rstr(100).qq#"; }\n#; $subname++; }' > test.php; php -l test.php


zend_mm_heap corrupted:
perl -e 'sub rstr { my $len = shift; return join("", map { (a..z,A..Z,0..9)[rand 67] } 0..$len) }; print "<?php\n"; my $subname = "a"; foreach (1 .. 1000) { print qq#function test_$subname () { return "#.rstr(100).qq#"; }\n#; $subname++; }' > test.php; php -l test.php

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-06-18 09:25 UTC] nikic@php.net
-Status: Open +Status: Feedback -Package: Compile Failure +Package: Scripting Engine problem
 [2021-06-18 09:25 UTC] nikic@php.net 
I can't reproduce this on any supported PHP version. I also tried this with more functions (50000 instead of 1000) with same result.
 [2021-06-18 09:31 UTC] krakjoe@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

I also cannot reproduce.

A copy of the trace is necessary most likely, and also a list of extensions.
 [2021-06-18 09:53 UTC] kochnorman at rocketmail dot com
-Status: Feedback +Status: Open -PHP Version: 7.3Git-2021-06-18 (Git) +PHP Version: 7.3.19-1~deb10u1
 [2021-06-18 09:53 UTC] kochnorman at rocketmail dot com 
I've created a core dump which is available under https://optimalbliss.de/core-php.329.zip . Sorry for not upload them here, but I found no way of doing that.

My php -m gives me:

[PHP Modules]
calendar
Core
ctype
date
dom
exif
fileinfo
filter
ftp
gd
gettext
hash
http
iconv
imagick
json
libxml
memprof
mysqli
mysqlnd
openssl
pcntl
pcre
PDO
pdo_mysql
Phar
posix
propro
raphf
readline
Reflection
session
shmop
SimpleXML
sockets
sodium
SPL
standard
sysvmsg
sysvsem
sysvshm
tokenizer
wddx
xdebug
xml
xmlreader
xmlwriter
xsl
Zend OPcache
zip
zlib

[Zend Modules]
Xdebug
Zend OPcache

I hope this helps researching this bug.
 [2021-06-18 12:34 UTC] cmb@php.net 
PHP-7.3 is no longer actively supported[1].  Can you please try
with latest PHP 7.4 or 8.0?

[1] <https://www.php.net/supported-versions.php>
 [2021-06-18 12:39 UTC] nikic@php.net 
> I've created a core dump which is available under https://optimalbliss.de/core-php.329.zip . Sorry for not upload them here, but I found no way of doing that.

Would it be possible for you to extract the backtrace from the core dump? Something like "gdb path/to/php path/to/core" and then "bt" should do it. Analyzing a core dump requires the original binary to be available, so it's hard to do this on a different machine.

It may be worth trying whether it works without xdebug. That's the only extension that looks problematic.
 [2021-06-18 12:58 UTC] kochnorman at rocketmail dot co 
I cannot easily update, though I will try and will post when I'm done.

I've disabled xdebug and it doesn't appear in the list anymore. But the segfault still persists. The bt is:


Core was generated by `php -l test.php'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x0000556d88639bb7 in destroy_op_array ()
(gdb) bt
#0  0x0000556d88639bb7 in destroy_op_array ()
#1  0x0000556d8865410d in zend_hash_destroy ()
#2  0x0000556d8864498d in ?? ()
#3  0x0000556d885e52aa in php_module_shutdown ()
#4  0x0000556d884aab77 in ?? ()
#5  0x00007fdad0e7809b in __libc_start_main (main=0x556d884aa6d0, argc=3, argv=0x7fff647f6918, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff647f6908)
    at ../csu/libc-start.c:308
#6  0x0000556d884aac7a in _start ()
 [2021-06-18 13:07 UTC] kochnorman at rocketmail dot com 
I've updated to 7.4.20 and now the segfault is gone and the script works.
 [2021-06-21 09:40 UTC] cmb@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 [2021-06-21 09:40 UTC] cmb@php.net 
> I've updated to 7.4.20 and now the segfault is gone and the
> script works.

Great!  I think we can close this ticket.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun Dec 22 00:01:30 2024 UTC