php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #65345 Segfault in xhprof_enable()
Submitted: 2013-07-26 15:09 UTC Modified: 2017-10-24 08:25 UTC
Votes:85
Avg. Score:4.7 ± 0.7
Reproduced:76 of 77 (98.7%)
Same Version:51 (67.1%)
Same OS:43 (56.6%)
From: webmaster at mailz dot de Assigned:
Status: Suspended Package: xhprof (PECL)
PHP Version: 5.5.1 OS: Debian Wheezy
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2013-07-26 15:09 UTC] webmaster at mailz dot de
Description:
------------
We are running php 5.5.0 from dotdeb with the newest xhprof 0.9.3 build from pecl. 
After activating the xhprof extension and calling xhprof_enable() we get a 
segfault right away. 

Expected result:
----------------
should not crash

Actual result:
--------------
hp_execute_internal (execute_data=0x7fff4786eda0, fci=0x7fff4786ef60, ret=1) at 
/tmp/pear/temp/xhprof/extension/xhprof.c:1708
1708	/tmp/pear/temp/xhprof/extension/xhprof.c: No such file or directory.
(gdb) bt
#0  hp_execute_internal (execute_data=0x7fff4786eda0, fci=0x7fff4786ef60, ret=1) 
at /tmp/pear/temp/xhprof/extension/xhprof.c:1708
#1  0x00000000006c05ce in zend_call_function ()
#2  0x00000000006c0ccb in zend_lookup_class_ex ()
#3  0x00000000006c1249 in zend_fetch_class ()
#4  0x0000000000716238 in ?? ()
#5  0x000000000073cbe8 in execute_ex ()
#6  0x00007f20e3e3750d in hp_execute_ex (execute_data=0x7f20ee0ef7a8) at 
/tmp/pear/temp/xhprof/extension/xhprof.c:1664
#7  0x000000000077d2d6 in ?? ()
#8  0x000000000073cbe8 in execute_ex ()
#9  0x00000000006cfa29 in zend_execute_scripts ()
#10 0x000000000066deac in php_execute_script ()
#11 0x00000000004324c0 in ?? ()
#12 0x00007f20eb65cead in __libc_start_main () from /lib/x86_64-linux-
gnu/libc.so.6
#13 0x0000000000433c19 in _start ()
(gdb) quit
A debugging session is active.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-07-31 00:17 UTC] berdir@php.net
Can confirm, here's my backtrace:

hp_execute_internal (execute_data=0x7fffaf107340, fci=0x7fffaf1074d0, ret=1) at 
/home/berdir/tools/xhprof/extension/xhprof.c:1708
1708	    temp_variable *retvar = &EX_T(opline->result.var);
(gdb) backtrace
#0  hp_execute_internal (execute_data=0x7fffaf107340, fci=0x7fffaf1074d0, ret=1) 
at /home/berdir/tools/xhprof/extension/xhprof.c:1708
#1  0x00007fadd698dcce in zend_call_function (fci=fci@entry=0x7fffaf1074d0, 
fci_cache=fci_cache@entry=0x7fffaf1074a0)
    at /build/buildd/php5-5.5.1+dfsg/Zend/zend_execute_API.c:959
#2  0x00007fadd698e3c3 in zend_lookup_class_ex (name=name@entry=0x7fadbc12d340 
"Drupal\\Component\\Utility\\Timer", name_length=30, key=0x7fadbc563750, 
    use_autoload=use_autoload@entry=1, ce=ce@entry=0x7fffaf107568) at 
/build/buildd/php5-5.5.1+dfsg/Zend/zend_execute_API.c:1107
#3  0x00007fadd698eb1d in zend_fetch_class_by_name (class_name=0x7fadbc12d340 
"Drupal\\Component\\Utility\\Timer", class_name_len=<optimized out>, key=
<optimized out>, 
    fetch_type=0) at /build/buildd/php5-5.5.1+dfsg/Zend/zend_execute_API.c:1587
#4  0x00007fadd69e2bd4 in ZEND_INIT_STATIC_METHOD_CALL_SPEC_CONST_CONST_HANDLER 
(execute_data=0x7faddad736f8) at /build/buildd/php5-
5.5.1+dfsg/Zend/zend_vm_execute.h:3540
#5  0x00007fadd6a0a448 in execute_ex (execute_data=0x7faddad736f8) at 
/build/buildd/php5-5.5.1+dfsg/Zend/zend_vm_execute.h:356
#6  0x00007fadd699d0f9 in zend_execute_scripts (type=type@entry=8, 
retval=retval@entry=0x0, file_count=file_count@entry=3) at /build/buildd/php5-
5.5.1+dfsg/Zend/zend.c:1316
#7  0x00007fadd693be0c in php_execute_script 
(primary_file=primary_file@entry=0x7fffaf1099e0) at /build/buildd/php5-
5.5.1+dfsg/main/main.c:2484
#8  0x00007fadd6a4d8a2 in php_handler (r=0x7faddacf10a0) at /build/buildd/php5-
5.5.1+dfsg/sapi/apache2handler/sapi_apache2.c:667
#9  0x00007faddaee3b90 in ap_run_handler ()
#10 0x00007faddaee3feb in ap_invoke_handler ()
#11 0x00007faddaef9d7a in ap_process_async_request ()
#12 0x00007faddaefa04f in ap_process_request ()
#13 0x00007faddaef63f5 in ?? ()
#14 0x00007faddaeecef0 in ap_run_process_connection ()
#15 0x00007fadd7316738 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#16 0x00007fadd731697c in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#17 0x00007fadd73177be in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#18 0x00007faddaec9e9e in ap_run_mpm ()
#19 0x00007faddaec329a in main ()

This is on Drupal 8, default installation with this in settings.php:

  include_once $path . '/xhprof_lib/utils/xhprof_lib.php';
  include_once $path . '/xhprof_lib/utils/xhprof_runs.php';
  xhprof_enable(XHPROF_FLAGS_MEMORY);

Looks like it doesn't like the Timer class, you can see the source code at 
https://api.drupal.org/api/drupal/core%21lib%21Drupal%21Component%21Utility%21Ti
mer.php/8

full backtrace of the last few calls:

#0  hp_execute_internal (execute_data=0x7fffaf107340, fci=0x7fffaf1074d0, ret=1) 
at /home/berdir/tools/xhprof/extension/xhprof.c:1708
        opline = 0x0
        retvar = <optimized out>
        func = 0x7faddd1e3a38 "spl_autoload_call"
        hp_profile_flag = 1
#1  0x00007fadd698dcce in zend_call_function (fci=fci@entry=0x7fffaf1074d0, 
fci_cache=fci_cache@entry=0x7fffaf1074a0)
    at /build/buildd/php5-5.5.1+dfsg/Zend/zend_execute_API.c:959
        call_via_handler = 0
        i = <optimized out>
        original_return_value = <optimized out>
        calling_symbol_table = <optimized out>
        original_op_array = <optimized out>
        original_opline_ptr = <optimized out>
        current_scope = 0x0
        current_called_scope = 0x0
        calling_scope = 0x0
        called_scope = 0x0
        current_this = 0x0
        execute_data = {opline = 0x0, function_state = {function = 
0x7faddccb7900, arguments = 0x7faddad737a0}, op_array = 0x0, object = 0x0, 
symbol_table = 0x0, 
          prev_execute_data = 0x7faddad736f8, old_error_reporting = 0x0, nested 
= 1 '\001', original_return_value = 0x0, current_scope = 0x0, 
current_called_scope = 0x0, 
          current_this = 0x0, fast_ret = 0x0, call_slots = 0x7faddad73778, call 
= 0x7faddad73758}
        fci_cache_local = {initialized = 1 '\001', function_handler = 
0x7faddad73928, calling_scope = 0x7fadd7108fe0 <executor_globals>, called_scope 
= 0x7faddd1ee700, 
          object_ptr = 0x1}
#2  0x00007fadd698e3c3 in zend_lookup_class_ex (name=name@entry=0x7fadbc12d340 
"Drupal\\Component\\Utility\\Timer", name_length=30, key=0x7fadbc563750, 
    use_autoload=use_autoload@entry=1, ce=ce@entry=0x7fffaf107568) at 
/build/buildd/php5-5.5.1+dfsg/Zend/zend_execute_API.c:1107
        args = {0x7fffaf107470}
        autoload_function = {value = {lval = 140384610727696, dval = 
6.9359213365351112e-310, str = {val = 0x7fadd6dab710 "__autoload", len = 10}, ht 
= 0x7fadd6dab710, obj = {
              handle = 3604657936, handlers = 0x7fad0000000a}}, refcount__gc = 
3709789200, type = 6 '\006', is_ref__gc = 127 '\177'}
        class_name_ptr = 0x7faddd1ee678
        retval_ptr = 0x7faddd1ee1d8
        retval = <optimized out>
        lc_length = <optimized out>
        lc_name = 0x7fadbc12d3a8 "drupal\\component\\utility\\timer"
        lc_free = <optimized out>
        fcall_info = {size = 72, function_table = 0x7faddcc8eb60, function_name 
= 0x7fffaf107480, symbol_table = 0x0, retval_ptr_ptr = 0x7fffaf107478, 
param_count = 1, 
          params = 0x7fffaf107460, object_ptr = 0x0, no_separation = 1 '\001'}
        fcall_cache = {initialized = 1 '\001', function_handler = 
0x7faddccb7900, calling_scope = 0x0, called_scope = 0x0, object_ptr = 0x0}
        dummy = 1 '\001'
        hash = 7423250403100187561
        use_heap = <optimized out>
#3  0x00007fadd698eb1d in zend_fetch_class_by_name (class_name=0x7fadbc12d340 
"Drupal\\Component\\Utility\\Timer", class_name_len=<optimized out>, key=
<optimized out>, 
    fetch_type=0) at /build/buildd/php5-5.5.1+dfsg/Zend/zend_execute_API.c:1587
        pce = <optimized out>
        use_autoload = 1
#4  0x00007fadd69e2bd4 in ZEND_INIT_STATIC_METHOD_CALL_SPEC_CONST_CONST_HANDLER 
(execute_data=0x7faddad736f8) at /build/buildd/php5-
5.5.1+dfsg/Zend/zend_vm_execute.h:3540
        opline = 0x7fadbc563c20
        ce = <optimized out>
        call = 0x7faddad73778
#5  0x00007fadd6a0a448 in execute_ex (execute_data=0x7faddad736f8) at 
/build/buildd/php5-5.5.1+dfsg/Zend/zend_vm_execute.h:356
        ret = <optimized out>
        original_in_execution = 0 '\000'
#6  0x00007fadd699d0f9 in zend_execute_scripts (type=type@entry=8, 
retval=retval@entry=0x0, file_count=file_count@entry=3) at /build/buildd/php5-
5.5.1+dfsg/Zend/zend.c:1316

Anything else I can provide that would help?
 [2013-08-09 12:54 UTC] pajoye@php.net
-Status: Open +Status: Feedback
 [2013-08-09 12:54 UTC] pajoye@php.net
please try latest from the github's master, either facebook or my fork. It should 
work better with 5.5:
https://github.com/facebook/xhprof
https://github.com/pierrejoye/xhprof
 [2013-08-19 16:49 UTC] webmaster at mailz dot de
Hi,

i tried again with the current HEAD from https://github.com/pierrejoye/xhprof and 
still get:
Program received signal SIGSEGV, Segmentation fault.
hp_execute_internal (execute_data=0x7fff35345610, fci=0x7fff353457d0, ret=1) at 
/usr/local/src/xhprof-pr-master/extension/xhprof.c:1783
1783	    temp_variable *retvar = &EX_T(opline->result.var);
(gdb) bt
#0  hp_execute_internal (execute_data=0x7fff35345610, fci=0x7fff353457d0, ret=1) 
at /usr/local/src/xhprof-pr-master/extension/xhprof.c:1783
#1  0x00000000006c107e in zend_call_function ()
#2  0x00000000006c177b in zend_lookup_class_ex ()
#3  0x00000000006c1cf9 in zend_fetch_class ()
#4  0x0000000000716da8 in ?? ()
#5  0x000000000073d968 in execute_ex ()
#6  0x00007fa74a66b62d in hp_execute_ex (execute_data=0x7fa7549247a8) at 
/usr/local/src/xhprof-pr-master/extension/xhprof.c:1738
#7  0x000000000077e056 in ?? ()
#8  0x000000000073d968 in execute_ex ()
#9  0x00000000006d04c9 in zend_execute_scripts ()
#10 0x000000000066e92c in php_execute_script ()
#11 0x000000000043258a in ?? ()
#12 0x00007fa751e91ead in __libc_start_main () from /lib/x86_64-linux-
gnu/libc.so.6
#13 0x0000000000433cd9 in _start ()


We are not already at 5.5.1-1~dotdeb.1

Any ideas?
 [2013-08-19 16:51 UTC] webmaster at mailz dot de
I mean "now already at 5.5.1-1~dotdeb.1" of cause :)
 [2013-10-01 11:40 UTC] maciej dot k dot filipiak at gmail dot com
Workaround is to start profiling like this:

 xhprof_enable(XHPROF_FLAGS_NO_BUILTINS);
 [2013-10-15 11:54 UTC] pecl-dev at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 [2013-10-15 11:58 UTC] webmaster at mailz dot de
-Status: No Feedback +Status: Closed
 [2013-10-15 11:58 UTC] webmaster at mailz dot de
The suggested Hot-Fix works, but the issue still exists as described without it.
 [2013-10-15 11:59 UTC] webmaster at mailz dot de
-Status: Closed +Status: Assigned
 [2013-10-15 11:59 UTC] webmaster at mailz dot de
opening bug
 [2013-10-15 13:22 UTC] maciej dot k dot filipiak at gmail dot com
You can try this patch https://gist.github.com/suside/6991247
 [2013-12-04 07:37 UTC] webmaster at mailz dot de
Hi,

we were finally able to test the patch. It works like a charm. Could we get this commited to the official version somehow?

Sebastian
 [2013-12-13 07:12 UTC] yuantaotao at gmail dot com
Same issue here.


Description:
------------
We are running php5.5.6 and ran into this problem with xhprof-0.9.3 and xhprof-0.9.4 in pecl.

Actual result:
--------------
(gdb) bt
#0  hp_execute_internal (execute_data=0x7fff0777dc40, fci=0x7fff0777dd80, ret=1) at /home/dennis/code/xhprof-0.9.4/extension/xhprof.c:1708
#1  0x00000000007bef19 in zend_call_function (fci=0x7fff0777dd80, fci_cache=0x7fff0777ddd0)
    at /home/dennis/software/php-5.5.6/Zend/zend_execute_API.c:959
#2  0x00000000006c6505 in zif_array_map (ht=<optimized out>, return_value=0x7fb0632bd8f0, return_value_ptr=<optimized out>, 
    this_ptr=<optimized out>, return_value_used=<optimized out>) at /home/dennis/software/php-5.5.6/ext/standard/array.c:4371
#3  0x00007fb06b57605f in hp_execute_internal (execute_data=0x7fb0734bfa78, fci=0x0, ret=1)
    at /home/dennis/code/xhprof-0.9.4/extension/xhprof.c:1709
#4  0x00000000008770ae in zend_do_fcall_common_helper_SPEC (execute_data=0x7fb0734bfa78)
    at /home/dennis/software/php-5.5.6/Zend/zend_vm_execute.h:552
#5  0x000000000083b778 in execute_ex (execute_data=0x7fb0734bfa78) at /home/dennis/software/php-5.5.6/Zend/zend_vm_execute.h:363
#6  0x00007fb06b5761b9 in hp_execute_ex (execute_data=0x7fb0734bfa78) at /home/dennis/code/xhprof-0.9.4/extension/xhprof.c:1664
#7  0x0000000000878a66 in ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER (execute_data=0x7fb0734bf968)
    at /home/dennis/software/php-5.5.6/Zend/zend_vm_execute.h:8077
#8  0x000000000083b778 in execute_ex (execute_data=0x7fb0734bf968) at /home/dennis/software/php-5.5.6/Zend/zend_vm_execute.h:363
#9  0x00007fb06b5761b9 in hp_execute_ex (execute_data=0x7fb0734bf968) at /home/dennis/code/xhprof-0.9.4/extension/xhprof.c:1664
#10 0x00000000007ce5c3 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/dennis/software/php-5.5.6/Zend/zend.c:1320
#11 0x000000000076c82c in php_execute_script (primary_file=0x7fff07780860) at /home/dennis/software/php-5.5.6/main/main.c:2489
#12 0x00000000004353bd in main (argc=<optimized out>, argv=<optimized out>) at /home/dennis/software/php-5.5.6/sapi/fpm/fpm/fpm_main.c:1933
(gdb)
 [2014-04-15 03:13 UTC] php at narkov dot com
We can confirm that the patch works. Are we able to get the PECL package bumped please?
 [2014-06-26 18:41 UTC] torsten dot burschka at gmail dot com
About 1 year sine the bug was submitted and about 8 month since a valid solution exists... can somebody please patch this "tiny" little problem?
 [2015-01-04 03:23 UTC] hackers365 at gmail dot com
https://github.com/phacility/xhprof
the newerest xhprof fix this issue

https://github.com/phacility/xhprof/commit/55a47c0d8ffeea4b84133fd21103caa816676b5d

Fix XHProf segfault when calling internal functions in PHP 5.5
 [2015-10-24 17:14 UTC] martineznovo+phpbugs at gmail dot com
Happens to me on PHP 5.6.1 openSUSE 13.2 (x86_64)

Patch from [2013-10-15 13:22 UTC] maciej fixes the issue.

Latest version from phacility [2015-01-04 03:23 UTC] hackers365 does not fix the issue for me.
 [2016-06-16 07:18 UTC] gaoqin31 at 163 dot com
My php version is 5.6.22,xhprof is 0.9.2.
when I use xhprof_enable(), i get 

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffcf7eb700 (LWP 27414)]
hp_execute_internal (execute_data=0x7fffcf7e75b0, fci=0x7fffcf7e7740, ret=1, tsrm_ls=0x7fffc00008c0)

but when I use  xhprof_enable(XHPROF_FLAGS_NO_BUILTINS) it work ok。
 [2017-10-24 06:05 UTC] kalle@php.net
-Status: Assigned +Status: Open
 [2017-10-24 08:25 UTC] kalle@php.net
-Status: Open +Status: Suspended
 [2017-10-24 08:25 UTC] kalle@php.net
This package has not had a release for over 4 years, and the last bit of git activity was over 2 years ago, so I think its safe to say this extension is no longer in active development. If development picks back up, then please re-open this report
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Tue Mar 26 16:01:26 2019 UTC