php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #63101 APC 3.1.13 segfaults in ini_lex() with PHP 5.4 (v2)
Submitted: 2012-09-17 13:37 UTC Modified: 2013-02-18 00:36 UTC
From: lstrojny@php.net Assigned:
Status: No Feedback Package: APC (PECL)
PHP Version: 5.4.7 OS: Debian Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2012-09-17 13:37 UTC] lstrojny@php.net
Description:
------------
APC segfaults in a production environment with the following stack trace

#0  0x000000000069d265 in ini_lex (ini_lval=0x1845300) at 
/usr/src/php5.4/source/php5-5.4.6/Zend/zend_ini_scanner.c:782
        yybm = '\000' <repeats 255 times>
        yych = 1 '\001'
        yyaccept = 0
#1  0x000000000217f468 in ?? ()
No symbol table info available.
#2  0x00000000021763f0 in ?? ()
No symbol table info available.
#3  0x00000000021770b8 in ?? ()
No symbol table info available.
#4  0x0000000002841af0 in ?? ()
No symbol table info available.
#5  0x00007ff9826f9938 in ?? ()
No symbol table info available.
#6  0x00000000006cfdb1 in zend_register_module_ex (module=0x656d616e74736f68)
    at /usr/src/php5.4/source/php5-5.4.6/Zend/zend_API.c:1807
        name_len = 1988846528
        lcname = 0x217f458 "hostnameInvalid"
        module_ptr = 0x48
#7  0x00000000021cb3b8 in ?? ()
No symbol table info available.
#8  0x0000000000000009 in ?? ()
No symbol table info available.
#9  0x0000000000000048 in ?? ()
No symbol table info available.
#10 0x00000000006c21d9 in boolean_xor_function (result=0x656d616e74736f68, 
op1=0x217f468, op2=0x1)
    at /usr/src/php5.4/source/php5-5.4.6/Zend/zend_operators.c:1003
        op1_copy = {value = {lval = 2188422704, dval = 6.9519785332289912e-310, 
str = {
              val = 0x7ff98270ae30 "x\256p\202\371\177", len = 14858208}, ht = 
0x7ff98270ae30, obj = {handle = 2188422704, 
              handlers = 0xe2b7e0}}, refcount__gc = 2822412316, type = 249 '\371', 
is_ref__gc = 127 '\177'}
        op2_copy = {value = {lval = 7033597, dval = 3.4750586443920542e-317, str = 
{val = 0x6b52fd "", len = 42212080}, 
            ht = 0x6b52fd, obj = {handle = 7033597, handlers = 0x2841af0}}, 
refcount__gc = 2822398687, type = 249 '\371', 
          is_ref__gc = 127 '\177'}
        op1_lval = 25449216
#11 0x0000000002844e08 in ?? ()
---Type <return> to continue, or q <return> to quit---
No symbol table info available.
#12 0x00000000006b52fd in zend_do_fetch_static_member (result=0x217f468, 
class_name=0x656d616e74736f68)
    at /usr/src/php5.4/source/php5-5.4.6/Zend/zend_compile.c:761
        class_node = {op_type = -1472554980, u = {op = {constant = 14839904, var = 
14839904, num = 14839904, 
              hash = 14839904, opline_num = 14839904, jmp_addr = 0xe27060, zv = 
0xe27060, literal = 0xe27060, 
              ptr = 0xe27060}, constant = {value = {lval = 14839904, dval = 
7.331886753982098e-317, str = {
                  val = 0xe27060 "", len = 36391144}, ht = 0xe27060, obj = {handle 
= 14839904, handlers = 0x22b48e8}}, 
              refcount__gc = 1, type = 0 '\000', is_ref__gc = 0 '\000'}, op_array 
= 0xe27060}, EA = 28570792}
        fetch_list_ptr = 0x2b
        opline_ptr = 0x656d616e74736f68
        opline = {handler = 0x6b52fd <zend_do_fetch_static_member+1213>, op1 = 
{constant = 42212080, var = 42212080, 
            num = 42212080, hash = 42212080, opline_num = 42212080, jmp_addr = 
0x2841af0, zv = 0x2841af0, 
            literal = 0x2841af0, ptr = 0x2841af0}, op2 = {constant = 2822398687, 
var = 2822398687, num = 2822398687, 
            hash = 2822398687, opline_num = 2822398687, jmp_addr = 0x7ff9a83a62df, 
zv = 0x7ff9a83a62df, 
            literal = 0x7ff9a83a62df, ptr = 0x7ff9a83a62df}, result = {constant = 
32, var = 32, num = 32, hash = 32, 
            opline_num = 32, jmp_addr = 0x20, zv = 0x20, literal = 0x20, ptr = 
0x20}, extended_value = 2188422704, 
          lineno = 14858208, opcode = 0 '\000', op1_type = 0 '\000', op2_type = 0 
'\000', result_type = 0 '\000'}
#13 0x0000000002841af0 in ?? ()
No symbol table info available.
#14 0x00007ff9a83a62df in apc_free_class_entry_after_execution () from 
/usr/lib/php5/20100525/apc.so
No symbol table info available.
#15 0x00007ff9a83a981c in apc_request_shutdown () from 
/usr/lib/php5/20100525/apc.so
No symbol table info available.
#16 0x00007ff9a839f5e5 in zm_deactivate_apc () from /usr/lib/php5/20100525/apc.so
No symbol table info available.
#17 0x00000000006c8e64 in zend_error (type=28570792, format=0x0) at 
/usr/src/php5.4/source/php5-5.4.6/Zend/zend.c:1012
        args = 0x7fff1f126c48
        usr_copy = 0x7fff1f126c28
        retval = 0x0
        z_error_type = 0xfced8ad7a9ea9d6a
        z_error_message = 0x313b43fe64e9d6a
        z_error_filename = 0x0
        z_error_lineno = 0x0
        z_context = 0x7ff9ac4632a0
        error_filename = 0x7ff9ac4632a0 "application/x-www-form-urlencoded"
---Type <return> to continue, or q <return> to quit---
        error_lineno = 0
        orig_user_error_handler = 0x1b96040
        in_compilation = 208 '\320'
        saved_class_entry = 0x7fff00000000
        bp_stack = {top = -1404366848, max = 16809977, elements = 0x0}
        function_call_stack = {top = 5682, max = 0, elements = 0x7fff00000002}
        switch_cond_stack = {top = 6704501, max = 0, elements = 0x7fff1f126fd0}
        foreach_copy_stack = {top = 0, max = 0, elements = 0xe2b7e0}
        object_stack = {top = 0, max = 0, elements = 0x0}
        declare_stack = {top = 7032599, max = 0, elements = 0x0}
        list_stack = {top = 4064, max = 0, elements = 0x0}
        context_stack = {top = 9, max = 0, elements = 0x1}


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-09-17 15:42 UTC] rasmus@php.net
-Status: Open +Status: Feedback
 [2012-09-17 15:42 UTC] rasmus@php.net
This starts at a zend_error(). Which error did you hit?
 [2013-02-18 00:36 UTC] pecl-dev at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Tue Oct 19 14:03:33 2021 UTC