php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #65628 pcntl_signal may produce segfault
Submitted: 2013-09-06 11:34 UTC Modified: 2017-02-21 16:23 UTC
Votes:2
Avg. Score:4.5 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:2 (100.0%)
From: imprec at gmail dot com Assigned:
Status: Duplicate Package: PCNTL related
PHP Version: 5.5.3 OS: OSX
Private report: No CVE-ID: None
View Developer Edit
 [2013-09-06 11:34 UTC] imprec at gmail dot com 
Description:
------------
Hello,

In a unit test suite, when I call pcntl_signal, I got a segfault :

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x000000179788b729
0x00000001003ec3b2 in zend_objects_store_del_ref ()
(gdb) #0  0x00000001003ec3b2 in zend_objects_store_del_ref ()
No symbol table info available.
#1  0x00000001003b9c7e in _zval_ptr_dtor ()
No symbol table info available.
#2  0x00000001003e5cae in zend_closure_free_storage ()
No symbol table info available.
#3  0x00000001003ec554 in zend_objects_store_del_ref_by_handle_ex ()
No symbol table info available.
#4  0x00000001003ec396 in zend_objects_store_del_ref ()
No symbol table info available.
#5  0x00000001003b9c7e in _zval_ptr_dtor ()
No symbol table info available.
#6  0x00000001003d40b0 in _zend_hash_index_update_or_next_insert ()
No symbol table info available.
#7  0x00000001001c8bfe in zif_pcntl_signal ()
No symbol table info available.
#8  0x00000001003b9524 in dtrace_execute_internal ()
No symbol table info available.
#9  0x000000010043d0c2 in zend_do_fcall_common_helper_SPEC ()
No symbol table info available.
#10 0x00000001003ed10a in execute_ex ()
No symbol table info available.
#11 0x00000001003b9458 in dtrace_execute_ex ()
No symbol table info available.
#12 0x000000010043d036 in zend_do_fcall_common_helper_SPEC ()
No symbol table info available.
#13 0x00000001003ed10a in execute_ex ()
No symbol table info available.
#14 0x00000001003b9458 in dtrace_execute_ex ()
No symbol table info available.
#15 0x000000010043d036 in zend_do_fcall_common_helper_SPEC ()
No symbol table info available.
#16 0x00000001003ed10a in execute_ex ()
No symbol table info available.
#17 0x00000001003b9458 in dtrace_execute_ex ()
No symbol table info available.
#18 0x00000001003bb57a in zend_call_function ()
No symbol table info available.
#19 0x0000000100212268 in zim_reflection_method_invokeArgs ()
No symbol table info available.
#20 0x00000001003b9524 in dtrace_execute_internal ()
No symbol table info available.
#21 0x000000010043d0c2 in zend_do_fcall_common_helper_SPEC ()
No symbol table info available.
#22 0x00000001003ed10a in execute_ex ()
No symbol table info available.
#23 0x00000001003b9458 in dtrace_execute_ex ()
No symbol table info available.
#24 0x000000010043d036 in zend_do_fcall_common_helper_SPEC ()
No symbol table info available.
#25 0x00000001003ed10a in execute_ex ()
No symbol table info available.
#26 0x00000001003b9458 in dtrace_execute_ex ()
No symbol table info available.
#27 0x000000010043d036 in zend_do_fcall_common_helper_SPEC ()
No symbol table info available.
#28 0x00000001003ed10a in execute_ex ()
No symbol table info available.
#29 0x00000001003b9458 in dtrace_execute_ex ()
No symbol table info available.
#30 0x000000010043d036 in zend_do_fcall_common_helper_SPEC ()
No symbol table info available.
#31 0x00000001003ed10a in execute_ex ()
No symbol table info available.
#32 0x00000001003b9458 in dtrace_execute_ex ()
No symbol table info available.
#33 0x000000010043d036 in zend_do_fcall_common_helper_SPEC ()
No symbol table info available.
#34 0x00000001003ed10a in execute_ex ()
No symbol table info available.
#35 0x00000001003b9458 in dtrace_execute_ex ()
No symbol table info available.
#36 0x000000010043d036 in zend_do_fcall_common_helper_SPEC ()
No symbol table info available.
#37 0x00000001003ed10a in execute_ex ()
No symbol table info available.
#38 0x00000001003b9458 in dtrace_execute_ex ()
No symbol table info available.
#39 0x000000010043d036 in zend_do_fcall_common_helper_SPEC ()
No symbol table info available.
#40 0x00000001003ed10a in execute_ex ()
No symbol table info available.
#41 0x00000001003b9458 in dtrace_execute_ex ()
No symbol table info available.
#42 0x000000010043d036 in zend_do_fcall_common_helper_SPEC ()
No symbol table info available.
#43 0x00000001003ed10a in execute_ex ()
No symbol table info available.
#44 0x00000001003b9458 in dtrace_execute_ex ()
No symbol table info available.
#45 0x000000010043d036 in zend_do_fcall_common_helper_SPEC ()
No symbol table info available.
#46 0x00000001003ed10a in execute_ex ()
No symbol table info available.
#47 0x00000001003b9458 in dtrace_execute_ex ()
No symbol table info available.
#48 0x000000010043d036 in zend_do_fcall_common_helper_SPEC ()
No symbol table info available.
#49 0x00000001003ed10a in execute_ex ()
No symbol table info available.
#50 0x00000001003b9458 in dtrace_execute_ex ()
No symbol table info available.
#51 0x00000001003c87ac in zend_execute_scripts ()
No symbol table info available.
#52 0x000000010036e602 in php_execute_script ()
No symbol table info available.
#53 0x0000000100461075 in do_cli ()
No symbol table info available.
#54 0x000000010045fe3d in main ()
No symbol table info available.
(gdb) %                             


The symbol seems not available whereas I compiled my PHP with the enable-debug 
option :

php --version
PHP 5.5.3 (cli) (built: Aug 26 2013 15:34:46) (DEBUG)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2013 Zend Technologies

Expected result:
----------------
No seg fault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-09-06 13:11 UTC] johannes@php.net
-Status: Open +Status: Feedback
 [2013-09-06 13:11 UTC] johannes@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.

It is really hard to figure out what is causing this. Please try to reduce the code as much as possible (throw out other tests, run test code manually outside the test framework etc)
 [2013-09-06 13:14 UTC] imprec at gmail dot com
-Status: Feedback +Status: Open
 [2013-09-06 13:14 UTC] imprec at gmail dot com 
Hi Johannes,

I failed at trying to reproduce the segfault with a simple script.
The error occurs on PHP 5.4 and PHP 5.5 (not PHP 5.3).

The unit test suite of this project https://github.com/alchemy-fr/task-
manager/tree/0b5f77bdc01d2357a69c75d05921f82bc463f020 (at this commit) reproduces 
the bug.
 [2017-02-21 16:18 UTC] rioux dot jeff at gmail dot com 
Here is my test:
==============================================================================
$ php -v
PHP 5.5.38 (cli) (built: Feb 21 2017 10:11:01) (DEBUG)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2015 Zend Technologies
$ php -m
[PHP Modules]
Core
ctype
date
dom
ereg
fileinfo
filter
hash
iconv
json
libxml
pcre
PDO
pdo_sqlite
Phar
posix
Reflection
session
SimpleXML
SPL
sqlite3
standard
tokenizer
xml
xmlreader
xmlwriter

[Zend Modules]

$ uname -a
Darwin test 15.6.0 Darwin Kernel Version 15.6.0: Mon Jan  9 23:07:29 PST 2017; root:xnu-3248.60.11.2.1~1/RELEASE_X86_64 x86_64
$ cat  ~/test.php 
<?php


function handleSignal($signo)
{
	$signals = array(
	  SIGTERM => "SIGTERM",
	  SIGINT => "SIGINT"
	);
	$signal = $signals[$signo];

	echo "Received received {$signal}... Shutting down\n";
	die(0);
}

if (function_exists("pcntl_signal"))
{
	pcntl_signal(SIGTERM, "handleSignal");
	pcntl_signal(SIGINT, "handleSignal");
}

while (true)
{
	sleep(1);
	echo ".\n";
	if (function_exists("pcntl_signal_dispatch")) pcntl_signal_dispatch();
}
$ /usr/local/opt/php55/bin/php  ~/test.php 
.
.
.
^CSegmentation fault: 11 (core dumped)
==============================================================================

Here the trace I was able to produce:

==============================================================================
$ lldb /usr/local/opt/php55/bin/php -c core.11075 
(lldb) target create "/usr/local/opt/php55/bin/php" --core "core.11075"
warning: (x86_64) /cores/core.11075 load command 155 LC_SEGMENT_64 has a fileoff + filesize (0x30430000) that extends beyond the end of the file (0x3042f000), the segment will be truncated to match
warning: (x86_64) /cores/core.11075 load command 156 LC_SEGMENT_64 has a fileoff (0x30430000) that extends beyond the end of the file (0x3042f000), ignoring this section
Core file '/cores/core.11075' (x86_64) was loaded.
(lldb) bt
* thread #1: tid = 0x0000, 0x0000000103b55393 php`zend_signal_handler_unblock + 55, stop reason = signal SIGSTOP
  * frame #0: 0x0000000103b55393 php`zend_signal_handler_unblock + 55
    frame #1: 0x0000000103ba9f1b php`zend_do_fcall_common_helper_SPEC + 1936
    frame #2: 0x0000000103b5cd68 php`execute_ex + 971
    frame #3: 0x0000000103b2a2a1 php`dtrace_execute_ex + 226
    frame #4: 0x0000000104b63b61 xdebug.so`xdebug_execute_ex + 2352
    frame #5: 0x0000000103b380e1 php`zend_execute_scripts + 491
    frame #6: 0x0000000103ae4729 php`php_execute_script + 800
    frame #7: 0x0000000103bceee6 php`do_cli + 3734
    frame #8: 0x0000000103bcded0 php`main + 1276
    frame #9: 0x00007fff985295ad libdyld.dylib`start + 1
    frame #10: 0x00007fff985295ad libdyld.dylib`start + 1

==============================================================================
 [2017-02-21 16:23 UTC] requinix@php.net
-Status: Open +Status: Duplicate
 [2017-02-21 16:23 UTC] requinix@php.net 
Closing in favor of bug #71433.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 11:01:30 2024 UTC