php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #62661 Interactive php-cli crashes if include() is used in auto_prepend_file
Submitted: 2012-07-25 16:12 UTC Modified: 2012-07-26 04:46 UTC
From: pierre at guinoiseau dot eu Assigned: laruence
Status: Closed Package: Reproducible crash
PHP Version: 5.4.5 OS: FreeBSD / Ubuntu
Private report: No CVE-ID:
 [2012-07-25 16:12 UTC] pierre at guinoiseau dot eu
Description:
------------
Hello,

this bug may be related to bug #49000. php-cli crashes in interactive mode if 
you do an include() in auto_prepend_file. An example will explain it better (see 
test scripts):
  % php -d auto_prepend_file=prepend.php -a
  Interactive mode enabled
  
  test 1
  test 2
  Ran out of opcode space!
  You should probably consider writing this huge script into a file!

This was tested with PHP 5.4.5 (from ports) on FreeBSD 8.1 and PHP 5.4.4 (from 
Debian Git repository) on Ubuntu 12.04.

No error if the include file is missing (only the usual warning).

Also, I got another very weird case...
The provided prepend_segfault.php segfaults instead of the error above:
  % php -d auto_prepend_file=prepend_segfault.php -a
  Interactive shell
  
  test 1
  zsh: segmentation fault (core dumped)  php -d 
auto_prepend_file=prepend_segfault.php -a

But there is no segfault and no errors if I remove "$toto = 1".

If I replace one (or both) if/elseif conditions with true or false, it execute 
the script 2 times instead on 5.4.4 (and it segfaults on 5.4.5):
% php -d auto_prepend_file=prepend_towtimes.php -a
  Interactive shell
  
  test 1
  test 1 bis
  test 1
  test 1 bis
  test 2
  php > 

Of course if I remove the include() line, everything is back to normal.

Something is very wrong, isn't it? :)

Test script:
---------------
// prepend.php => weird error
<?php
echo "test 1\n";
include("include.php");
?>

// include.php
<?php
echo "test 2\n";
?>

// prepend_segfault.php => segfaults
<?php
$toto = 1;
if (php_sapi_name() == "cli") {
} elseif (php_sapi_name() == 'fpm-fcgi') {
}
echo "test 1\n";
include("include.php");
?>

// prepend_towtimes.php => script is executed two times (5.4.4) or segfaults (5.4.5)
<?php
$toto = 1;
if (true) {
} elseif (false) {
}
echo "test 1\n";
echo "test 1 bis\n";
include("include.php");
?>


Expected result:
----------------
No weird behaviour and not segfaults when I use include() in an auto_prepend_file 
in interactive mode.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-07-26 01:47 UTC] aharvey@php.net
-Status: Open +Status: Verified
 [2012-07-26 01:47 UTC] aharvey@php.net
Verified on a current 5.4 build.

Backtrace for the prepend_segfault.php case:

#0  0x0000000000a423d6 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x7ffff7f7b240)
    at /home/adam/trees/php-src/5.4/Zend/zend_vm_execute.h:2209
#1  0x0000000000a3935d in execute (op_array=0x7ffff7fb3920)
    at /home/adam/trees/php-src/5.4/Zend/zend_vm_execute.h:410
#2  0x00000000009e5d5a in execute_new_code ()
    at /home/adam/trees/php-src/5.4/Zend/zend_execute_API.c:1322
#3  0x00000000009932cc in zendparse () at /home/adam/trees/php-src/5.4/Zend/zend_language_parser.y:218
#4  0x000000000099b1af in compile_file (file_handle=0x7fffffffa620, type=2)
    at Zend/zend_language_scanner.l:582
#5  0x00000000007335b1 in phar_compile_file (file_handle=0x7fffffffa620, type=2)
    at /home/adam/trees/php-src/5.4/ext/phar/phar.c:3391
#6  0x000000000099b367 in compile_filename (type=2, filename=0x7ffff7fb2ca8)
    at Zend/zend_language_scanner.l:625
#7  0x0000000000a432e7 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (execute_data=0x7ffff7f7b0e8)
    at /home/adam/trees/php-src/5.4/Zend/zend_vm_execute.h:2592
#8  0x0000000000a3935d in execute (op_array=0x7ffff7fb1d40)
    at /home/adam/trees/php-src/5.4/Zend/zend_vm_execute.h:410
#9  0x00000000009f8d57 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/adam/trees/php-src/5.4/Zend/zend.c:1279
#10 0x000000000095f0e1 in php_execute_script (primary_file=0x7fffffffce60)
    at /home/adam/trees/php-src/5.4/main/main.c:2473
#11 0x0000000000b4b9c7 in do_cli (argc=5, argv=0x7fffffffe248)
    at /home/adam/trees/php-src/5.4/sapi/cli/php_cli.c:988
#12 0x0000000000b4cc4a in main (argc=5, argv=0x7fffffffe248)
    at /home/adam/trees/php-src/5.4/sapi/cli/php_cli.c:1364

prepend_twotimes.php executes as described for me (with the double output from prepend_twotimes.php itself), then blocks on a read() syscall. The strace output is at https://gist.github.com/852ba3b100a4a7437e53
 [2012-07-26 04:42 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=b4b3a65f5518803c4a3bca34ac67e139b2547133
Log: Fixed bug #62661 (Interactive php-cli crashes if include() is used in auto_prepend_file)
 [2012-07-26 04:43 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=b4b3a65f5518803c4a3bca34ac67e139b2547133
Log: Fixed bug #62661 (Interactive php-cli crashes if include() is used in auto_prepend_file)
 [2012-07-26 04:46 UTC] laruence@php.net
-Status: Verified +Status: Closed -Assigned To: +Assigned To: laruence
 [2012-07-26 04:46 UTC] laruence@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 04:01:55 2014 UTC