PHP :: Bug #61164 :: Crash with PHP 5.4, APC, $

Bug #61164	Crash with PHP 5.4, APC, $_SERVER and ?: operator
Submitted:	2012-02-21 13:20 UTC	Modified:	2012-02-27 15:22 UTC
From:	cschneid at cschneid dot com	Assigned:	gopalv (profile)
Status:	Closed	Package:	APC (PECL)
PHP Version:	APC-trunk	OS:	Linux openSUSE 11.3 (x86_64)
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	cschneid at cschneid dot com
New email:
PHP Version:		OS:

New Comment:

[2012-02-21 13:20 UTC] cschneid at cschneid dot com

Description:
------------
PHP crashes when combining $_SERVER with ?: operator once APC is loaded into PHP 5.4.

I used a current SVN checkout of PHP 5.4 and APC, compiled it with --enable-debug and used the builtin webserver to test the script below as follows:

$ gdb --args bin/php -S localhost:8000
(gdb) run
...

$ wget -qO - localhost:8000/
Done.
$ wget -qO - localhost:8000/
<second request hangs>




Reproduce code:
---------------
<?php

$_SERVER['HTTP_HOST'] ?: "foo";
exit("Done.\n");


Expected result:
----------------
Done.
Done.


Actual result:
--------------
Done.

Program received signal SIGSEGV, Segmentation fault.
0x00000000007f0d77 in execute (op_array=0x7ffff7fccdb0) at /home/cschneid/src/php-src-5.4/Zend/zend_vm_execute.h:410
410			if ((ret = OPLINE->handler(execute_data TSRMLS_CC)) > 0) {
(gdb) bt
#0  0x00000000007f0d77 in execute (op_array=0x7ffff7fccdb0) at /home/cschneid/src/php-src-5.4/Zend/zend_vm_execute.h:410
#1  0x00000000007b39be in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/cschneid/src/php-src-5.4/Zend/zend.c:1272
#2  0x000000000072a2e1 in php_execute_script (primary_file=0x7fffffffcf90) at /home/cschneid/src/php-src-5.4/main/main.c:2473
#3  0x000000000090751b in php_cli_server_dispatch_script (server=0xeb2e80, client=0x10376f0) at /home/cschneid/src/php-src-5.4/sapi/cli/php_cli_server.c:1869
#4  0x000000000090847a in php_cli_server_dispatch (server=0xeb2e80, client=0x10376f0) at /home/cschneid/src/php-src-5.4/sapi/cli/php_cli_server.c:2030
#5  0x0000000000908b6c in php_cli_server_recv_event_read_request (server=0xeb2e80, client=0x10376f0) at /home/cschneid/src/php-src-5.4/sapi/cli/php_cli_server.c:2208
#6  0x0000000000908eb5 in php_cli_server_do_event_for_each_fd_callback (_params=0x7fffffffd190, fd=7, event=1) at /home/cschneid/src/php-src-5.4/sapi/cli/php_cli_server.c:2294
#7  0x0000000000904383 in php_cli_server_poller_iter_on_active (poller=0xeb2e88, opaque=0x7fffffffd190, callback=0x908cc4 <php_cli_server_do_event_for_each_fd_callback>) at /home/cschneid/src/php-src-5.4/sapi/cli/php_cli_server.c:777
#8  0x0000000000908f78 in php_cli_server_do_event_for_each_fd (server=0xeb2e80, rhandler=0x908aa8 <php_cli_server_recv_event_read_request>, whandler=0x908b93 <php_cli_server_send_event>) at /home/cschneid/src/php-src-5.4/sapi/cli/php_cli_server.c:2320
#9  0x0000000000908fc6 in php_cli_server_do_event_loop (server=0xeb2e80) at /home/cschneid/src/php-src-5.4/sapi/cli/php_cli_server.c:2330
#10 0x00000000009092cf in do_cli_server (argc=3, argv=0x7fffffffe598) at /home/cschneid/src/php-src-5.4/sapi/cli/php_cli_server.c:2431
#11 0x00000000008fdda1 in main (argc=3, argv=0x7fffffffe598) at /home/cschneid/src/php-src-5.4/sapi/cli/php_cli.c:1359

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-02-23 08:40 UTC] sixd@php.net

This has some similarities to https://bugs.php.net/bug.php?id=60845

[2012-02-27 14:08 UTC] gopalv@php.net

Taking a look at this bug - does this happen on an i386 build too?

[2012-02-27 15:21 UTC] gopalv@php.net

Automatic comment from SVN on behalf of gopalv
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=323587
Log: fix bug #61164: handle the JMP_SET_VAR opcode

[2012-02-27 15:22 UTC] gopalv@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: gopalv

[2012-02-27 15:22 UTC] gopalv@php.net

Fixed in SVN

http://news.php.net/php.pecl.cvs/17660

Please test.

[2012-07-21 21:28 UTC] ab@php.net

Automatic comment from SVN on behalf of ab
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=326761
Log: added test for bug #61164

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Wed Apr 24 06:01:29 2024 UTC