php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #56553 Compiling runkit into PHP causes PHP to segfault
Submitted: 2005-09-16 15:49 UTC Modified: 2005-09-22 19:40 UTC
From: eric@php.net Assigned: eric (profile)
Status: Closed Package: runkit (PECL)
PHP Version: 5_1 CVS-2005-09-16 (dev) OS: Gentoo Linux
Private report: No CVE-ID: None
 [2005-09-16 15:49 UTC] eric@php.net
Description:
------------
It seems that compiling this into PHP statically with --enable-maintainer-zts and --enable-runkit so it uses the sandbox causes PHP to crash no matter what command/script you run. Also, when this is compiled as a shared object it returns an error about: undefined symbol: compiler_globals

If there's anything else useful you need, let me know.

Reproduce code:
---------------
php -v

Expected result:
----------------
PHP 5.1.0RC2-dev (cli) (built: Sep 16 2005 14:13:47) (DEBUG)
Copyright (c) 1997-2005 The PHP Group
Zend Engine v2.1.0-dev, Copyright (c) 1998-2005 Zend Technologies

Actual result:
--------------
#0  0x083238bf in _emalloc (size=3077986981, __zend_filename=0x85e07ec "/usr/src/php5-200509161830/Zend/zend_API.c", __zend_lineno=2089, 
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/src/php5-200509161830/Zend/zend_alloc.c:177
#1  0x0832405b in _estrndup (s=0x6 <Address 0x6 out of bounds>, length=3077986980, __zend_filename=0x6 <Address 0x6 out of bounds>, 
    __zend_lineno=6, __zend_orig_filename=0x6 <Address 0x6 out of bounds>, __zend_orig_lineno=6)
    at /usr/src/php5-200509161830/Zend/zend_alloc.c:418
#2  0x08347e8f in zend_is_callable_ex (callable=0xb7765aac, check_flags=2, callable_name=0xbf852ff8, callable_name_len=0xbf852f5c, 
    fptr_ptr=0xbf852f58, zobj_ptr_ptr=0xbf852f60, tsrm_ls=0xb7765a9c) at /usr/src/php5-200509161830/Zend/zend_API.c:2089
#3  0x08348537 in zend_is_callable (callable=0x6, check_flags=6, callable_name=0x6) at /usr/src/php5-200509161830/Zend/zend_API.c:2104
#4  0x081e9966 in php_runkit_sandbox_body_write (
    str=0x8858ff8 "PHP 5.1.0RC2-dev (cli) (built: Sep 16 2005 14:13:47) (DEBUG)\nCopyright (c) 1997-2005 The PHP Group\nZend Engine v2.1.0-dev, Copyright (c) 1998-2005 Zend Technologies\n", str_length=165, tsrm_ls=0x0)
    at /usr/src/php5-200509161830/ext/runkit/runkit_sandbox.c:984
#5  0x083067c4 in php_ub_body_write_no_header (str=0x6 <Address 0x6 out of bounds>, str_length=6, tsrm_ls=0x86f7228)
    at /usr/src/php5-200509161830/main/output.c:687
#6  0x083068bf in php_ub_body_write (str=0x6 <Address 0x6 out of bounds>, str_length=6, tsrm_ls=0x86f7228)
    at /usr/src/php5-200509161830/main/output.c:720
#7  0x082f122d in php_printf (format=0x6 <Address 0x6 out of bounds>) at /usr/src/php5-200509161830/main/main.c:395
#8  0x083e758d in main (argc=2, argv=0xbf853364) at /usr/src/php5-200509161830/sapi/cli/php_cli.c:730

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-09-22 18:29 UTC] pollita@php.net
Please try a snapshot.  I havn't managed to reproduce the shared object problem, but the crash in the static build is (probably) fixed as a result of the recent refactor of runkit_sandbox.c
 [2005-09-22 18:30 UTC] pollita@php.net
Please try a snapshot.  I havn't managed to reproduce the shared object problem, but the crash in the static build is (probably) fixed as a result of the recent refactor of runkit_sandbox.c

Erm.... by snapshot I mean just grab the up to date CVS... PECL != Core :p
 [2005-09-22 19:40 UTC] eric@php.net
Works from CVS. I can't reproduce the shared object problem either. I think it was just because I was loading the wrong one, but it works now either way. Thanks.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 09:01:30 2024 UTC