php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #60038 SIGALRM cause segfault in php_error_cb
Submitted: 2011-10-11 09:13 UTC Modified: 2011-10-16 06:03 UTC
From: laruence@php.net Assigned: laruence
Status: Closed Package: Scripting Engine problem
PHP Version: 5.4.0beta1 OS:
Private report: No CVE-ID:
 [2011-10-11 09:13 UTC] laruence@php.net
Description:
------------
in php_error_cb:

freeing PG(last_error_message) and PG(last_error_file) without blocking alarm 
signal.

so there is a chance that php will segfault when max_execution_time limit 
reachead.

since zend_signal was introduced in PHP 5.4,  so I think it's okey to add signal 
block mechanism for this codes.

Test script:
---------------
<?php
error_reporting(E_ALL|E_NOTICE);
set_time_limit(1);

while(1) {   
    $a = $arr['index_miss'];
}
?>

do following steps:
1. gdb php 
2. b php_error_cb
3. r "above script"
4. when breakpoint reach: 
   893			if (PG(last_error_message)) {
   (gdb) 
   894				free(PG(last_error_message));
5. signal SIGPROF
6. next (*n)
*** glibc detected *** double free or corruption (fasttop): 0x0000000001207ca0 ***

Expected result:
----------------
no segfault

Actual result:
--------------
segfault

Patches

bug60038.patch (last revision 2011-10-13 00:42 UTC) by laruence@php.net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-10-11 09:16 UTC] laruence@php.net
The following patch has been added/updated:

Patch Name: bug60038.patch
Revision:   1318324579
URL:        https://bugs.php.net/patch-display.php?bug=60038&patch=bug60038.patch&revision=1318324579
 [2011-10-11 09:27 UTC] laruence@php.net
actully, there are two issue about this segfault I have explained before in my 
blog: http://www.laruence.com/2011/01/27/1854.html and 
http://www.laruence.com/2008/12/31/647.html 

so the point is do you think this is worth fixing?
 [2011-10-11 09:31 UTC] laruence@php.net
-Assigned To: +Assigned To: laruence
 [2011-10-11 09:31 UTC] laruence@php.net
Assign to myself, if there is no objections in ML, I will apply the patch.
 [2011-10-13 00:42 UTC] laruence@php.net
The following patch has been added/updated:

Patch Name: bug60038.patch
Revision:   1318466568
URL:        https://bugs.php.net/patch-display.php?bug=60038&patch=bug60038.patch&revision=1318466568
 [2011-10-13 00:44 UTC] laruence@php.net
updated patch, signal block mechanism only take effect when zend signal enabled.
 [2011-10-16 03:00 UTC] laruence@php.net
Automatic comment from SVN on behalf of laruence
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=318145
Log: Fixed bug #60038 (SIGALRM cause segfault in php_error_cb)
 [2011-10-16 06:03 UTC] laruence@php.net
-Status: Assigned +Status: Closed -PHP Version: 5.3.8 +PHP Version: 5.4.0beta1
 [2011-10-16 06:03 UTC] laruence@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 [2012-04-18 09:48 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=077519d3fbe3aca87f392993c81f526ef2c6b635
Log: Fixed bug #60038 (SIGALRM cause segfault in php_error_cb)
 [2012-07-24 23:39 UTC] rasmus@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=077519d3fbe3aca87f392993c81f526ef2c6b635
Log: Fixed bug #60038 (SIGALRM cause segfault in php_error_cb)
 [2013-11-17 09:35 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=077519d3fbe3aca87f392993c81f526ef2c6b635
Log: Fixed bug #60038 (SIGALRM cause segfault in php_error_cb)
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Fri Apr 18 18:01:58 2014 UTC