php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #52678 Segmentation fault on scripts execution
Submitted: 2010-08-23 16:08 UTC Modified: 2013-02-18 00:34 UTC
Votes:3
Avg. Score:4.3 ± 0.9
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: andrzej dot pruszynski at autodesk dot com Assigned:
Status: No Feedback Package: Reproducible crash
PHP Version: 5.3.3 OS: Solaris 5.10, Spark
Private report: No CVE-ID: None
View Add Comment Developer Edit
Have you experienced this issue?
Rate the importance of this bug to you:

 [2010-08-23 16:08 UTC] andrzej dot pruszynski at autodesk dot com 
Description:
------------
Reading bug reports I've seen #47230, similar, near one year ago.
Apparently there is a problem with memory alignment. I used gcc 4.2.3
and make 3.81 from gcc installation.

Non of system script in CL mode can be executed. In my example script,
when commentting out 'sleep()', there is no crash.

- version ---------------------------------------------------------------
bash-3.2$ sapi/cli/php --version
PHP 5.3.3 (cli) (built: Aug 20 2010 07:45:05)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies

- phpinfo() -------------------------------------------------------------
System => SunOS csdev10 5.10 Generic_142900-02 sun4u
Build Date => Aug 20 2010 07:40:16
Configure Command =>  './configure'  '--without-iconv' '--disable-phar'
Server API => Command Line Interface
Virtual Directory Support => disabled
Configuration File (php.ini) Path => /usr/local/lib
Loaded Configuration File => (none)
Scan this dir for additional .ini files => (none)
Additional .ini files parsed => (none)
PHP API => 20090626
PHP Extension => 20090626
Zend Extension => 220090626
Zend Extension Build => API220090626,NTS
PHP Extension Build => API20090626,NTS
Debug Build => no
Thread Safety => disabled
Zend Memory Manager => enabled
Zend Multibyte Support => disabled



Test script:
---------------
<?php
echo "One\n";
sleep(1);
echo "Two\n";
?>


Expected result:
----------------
Text output: 'One, Two'.

Actual result:
--------------
bash-3.2$ gdb ./sapi/cli/php
GNU gdb 6.7.1
Copyright (C) 2007 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.10"...
(gdb) set args "test01.php"
(gdb) run
Starting program: /local/users/andrzejp/php-5.3.3/sapi/cli/php "test01.php"
warning: Temporarily disabling breakpoints for unloaded shared library "/usr/lib/ld.so.1"
warning: Lowest section in /lib/libpthread.so.1 is .dynamic at 00000074
One

Program received signal SIGSEGV, Segmentation fault.
_zval_ptr_dtor (zval_ptr=0xffbfef3c)
    at /local/users/andrzejp/php-5.3.3/Zend/zend.h:385
warning: Source file is more recent than executable.
385                     return --pz->refcount__gc;
(gdb) bt
#0  _zval_ptr_dtor (zval_ptr=0xffbfef3c)
    at /local/users/andrzejp/php-5.3.3/Zend/zend.h:385
#1  0x002a6830 in zend_do_fcall_common_helper_SPEC (execute_data=0x6dcc70)
    at /local/users/andrzejp/php-5.3.3/Zend/zend_execute.h:318
#2  0x0027a1d0 in execute (op_array=0x5a5d38)
    at /local/users/andrzejp/php-5.3.3/Zend/zend_vm_execute.h:107
#3  0x002565bc in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /local/users/andrzejp/php-5.3.3/Zend/zend.c:1194
#4  0x002034ac in php_execute_script (primary_file=0xffbff718)
    at /local/users/andrzejp/php-5.3.3/main/main.c:2260
#5  0x002e779c in main (argc=2, argv=0xffbff83c)
    at /local/users/andrzejp/php-5.3.3/sapi/cli/php_cli.c:1192

Patches

zend_execute.h.patch (last revision 2010-08-26 14:20 UTC by andrzej dot pruszynski at autodesk dot com)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-08-25 14:04 UTC] andrzej dot pruszynski at autodesk dot com 
Culprit is in zend_vm_stack_clear_multiple() fuction from Zend/zend_execute.h.
Here is the corrected one ['*p = NULL' is moved down one line, after 'zval *q = *(zval **)(--p)' assignment].


static inline void zend_vm_stack_clear_multiple(TSRMLS_D)
{
        void **p = EG(argument_stack)->top - 1;
        int delete_count = (int)(zend_uintptr_t) *p;

        while (--delete_count>=0) {
                zval *q = *(zval **)(--p);
                zval_ptr_dtor(&q);
                *p = NULL;
        }

        zend_vm_stack_free_int(p TSRMLS_CC);
}

So it seems not be memory alignment problem but GCC optimization problem. I suggest it is globally fixed in the code this way, as all Solaris Spark 64 bit can be affected by gcc optimization 'problem'.
 [2010-08-25 14:20 UTC] pajoye@php.net
-Status: Open +Status: Feedback
 [2010-08-25 14:20 UTC] pajoye@php.net 
Can you provide a patch against 5.3 please?
 [2013-02-18 00:34 UTC] php-bugs at lists dot php dot net 
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 18 06:01:28 2024 UTC