PHP :: Bug #67344 :: blenc crashes with opcache enabled

Bug #67344

blenc crashes with opcache enabled

Submitted:

2014-05-26 15:04 UTC

Modified:

2017-01-10 08:31 UTC

Votes:	8
Avg. Score:	4.6 ± 0.5
Reproduced:	7 of 7 (100.0%)
Same Version:	6 (85.7%)
Same OS:	3 (42.9%)

From:

nicolai dot scheer at gmail dot com

Assigned:

Status:

Suspended

Package:

BLENC (PECL)

PHP Version:

5.5.12

OS:

CentOS 6.4 x64

Private report:

CVE-ID:

None

View Developer Edit

[2014-05-26 15:04 UTC] nicolai dot scheer at gmail dot com

Description:
------------
If both opcache and blenc are enabled, blenc crashes php on every second request.

The first request compiles and runs the file correctly. On subsequent runs, php crashes when it tries to serve the script from opcache.

To make things simple, php was started with its embedded webserver (e.g. php -S localhost:8000).

Sometimes the script does not crash, but modifying the main script between two requests my help in producing the crash.

Blenc uses zend_compile_string to compile encrypted files. Somehow the resulting opcode-array is not handled well by opcache.

Example backtrace:

Core was generated by `php -S localhost:8000'.
Program terminated with signal 11, Segmentation fault.
#0  0x00000000a74c5df4 in ?? ()
Missing separate debuginfos, use: debuginfo-install bzip2-libs-1.0.5-7.el6_0.x86_64 cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64 freetype-2.3.11-14.el6_3.1.x86_64 glibc-2.12-1.107.el6_4.5.x86_64 gmp-4.3.1-7.el6_2.2.x86_64 keyutils-libs-1.4-4.el6.x86_64 krb5-libs-1.10.3-10.el6_4.6.x86_64 libX11-1.5.0-4.el6.x86_64 libXau-1.0.6-4.el6.x86_64 libXpm-3.5.10-2.el6.x86_64 libaio-0.3.107-10.el6.x86_64 libcom_err-1.41.12-14.el6_4.2.x86_64 libcurl-7.19.7-37.el6_4.x86_64 libgcc-4.4.7-3.el6.x86_64 libgcrypt-1.4.5-11.el6_4.x86_64 libgpg-error-1.7-4.el6.x86_64 libicu-4.2.1-9.1.el6_2.x86_64 libidn-1.18-2.el6.x86_64 libjpeg-turbo-1.2.1-1.el6.x86_64 libmcrypt-2.5.8-9.el6.x86_64 libpng-1.2.49-1.el6_2.x86_64 libselinux-2.0.94-5.3.el6_4.1.x86_64 libssh2-1.4.2-1.el6.x86_64 libstdc++-4.4.7-3.el6.x86_64 libtidy-0.99.0-19.20070615.1.el6.x86_64 libtool-ltdl-2.2.6-15.5.el6.x86_64 libxcb-1.8.1-1.el6.x86_64 libxml2-2.7.6-12.el6_4.1.x86_64 libxslt-1.1.26-2.el6_3.1.x86_64 nspr-4.9.5-2.el6_4.x86_64 nss-3.14.3-4.el6_4.x86_64 nss-softokn-freebl-3.14.3-3.el6_4.x86_64 nss-util-3.14.3-3.el6_4.x86_64 openldap-2.4.23-32.el6_4.1.x86_64 openssl-1.0.0-27.el6_4.2.x86_64 pcre-7.8-6.el6.x86_64 zlib-1.2.3-29.el6.x86_64
(gdb) bt
#0  0x00000000a74c5df4 in ?? ()
#1  0x000000000086d986 in execute_ex (execute_data=0x7f9c1e5162f8) at /var/local/compile/php/php-5.5/php-5.5.12/Zend/zend_vm_execute.h:363
#2  0x000000000086da09 in zend_execute (op_array=0x7f9c1e5490e0) at /var/local/compile/php/php-5.5/php-5.5.12/Zend/zend_vm_execute.h:388
#3  0x000000000082dc10 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /var/local/compile/php/php-5.5/php-5.5.12/Zend/zend.c:1316
#4  0x0000000000796f7a in php_execute_script (primary_file=0x7fff5221b460) at /var/local/compile/php/php-5.5/php-5.5.12/main/main.c:2506
#5  0x00000000008eacbf in php_cli_server_dispatch_script (server=0xcf5c00, client=0x2071780) at /var/local/compile/php/php-5.5/php-5.5.12/sapi/cli/php_cli_server.c:2015
#6  0x00000000008ebc8c in php_cli_server_dispatch (server=0xcf5c00, client=0x2071780) at /var/local/compile/php/php-5.5/php-5.5.12/sapi/cli/php_cli_server.c:2175
#7  0x00000000008ec3fd in php_cli_server_recv_event_read_request (server=0xcf5c00, client=0x2071780) at /var/local/compile/php/php-5.5/php-5.5.12/sapi/cli/php_cli_server.c:2357
#8  0x00000000008ec799 in php_cli_server_do_event_for_each_fd_callback (_params=0x7fff5221b640, fd=5, event=1)
    at /var/local/compile/php/php-5.5/php-5.5.12/sapi/cli/php_cli_server.c:2448
#9  0x00000000008e7bfb in php_cli_server_poller_iter_on_active (poller=0xcf5c08, opaque=0x7fff5221b640, callback=0x8ec555 <php_cli_server_do_event_for_each_fd_callback>)
    at /var/local/compile/php/php-5.5/php-5.5.12/sapi/cli/php_cli_server.c:951
#10 0x00000000008ec814 in php_cli_server_do_event_for_each_fd (server=0xcf5c00, rhandler=0x8ec306 <php_cli_server_recv_event_read_request>,
    whandler=0x8ec424 <php_cli_server_send_event>) at /var/local/compile/php/php-5.5/php-5.5.12/sapi/cli/php_cli_server.c:2469
#11 0x00000000008ec868 in php_cli_server_do_event_loop (server=0xcf5c00) at /var/local/compile/php/php-5.5/php-5.5.12/sapi/cli/php_cli_server.c:2479
#12 0x00000000008ecb7b in do_cli_server (argc=3, argv=0x1d09160) at /var/local/compile/php/php-5.5/php-5.5.12/sapi/cli/php_cli_server.c:2580
#13 0x00000000008e0f6a in main (argc=3, argv=0x1d09160) at /var/local/compile/php/php-5.5/php-5.5.12/sapi/cli/php_cli.c:1381

Test script:
---------------
first script:

<?php

$start = microtime( true );
require_once __DIR__ . '/class_1.phpe';
echo "took: " . number_format( microtime( true ) - $start, 6 ) . "\n";
echo "foo";

second script (class_1.phpe, encrypted using blenc):

<?php
class class_1
{
    public function __construct()
    {
        echo "created object from class 1\n";
    }

}






Expected result:
----------------
php does not crash

Actual result:
--------------
php crashes

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-12-27 16:24 UTC] reinig at siphiniti dot com

Hi,

I'm not an extension developer but for me the first tests are working as soon as you add the following line to the PHP_RINIT_FUNCTION function:

zend_compile_file = blenc_compile;

I hope this helps even though it is a pretty old bug.

[2017-01-04 15:47 UTC] nicolai dot scheer at gmail dot com

Hi!

Overriding zend_compile this way effectively prevents the script from being op-cached at all - so unfortunately this is not an option :(

[2017-01-04 17:45 UTC] reinig at siphiniti dot com

Hi Nicolai,

happy new year ;-)

You are right. No script will be opcached if the zend_compile_file is overwritten in the RINIT Function.

I have another option for you if the blenc script does not have to be opcached but every not encrypted script should be cached. 

Use the opcache.blacklist_filename to exclude the encrypted scripts. they won't be cached of course but all other scripts will be cached.

For sure it's not a 100% solution but for me it is working this way.

Cheers
Phillip

[2017-01-06 12:28 UTC] nicolai dot scheer at gmail dot com

Hi Phillip,

oh yes - happy new year :)

Unfortunately your suggestions is not a viable option for us - be'd need noth, "protection" and opcode caching.

Greetings

Nico

[2017-01-10 08:31 UTC] kalle@php.net

-Status: Open +Status: Suspended

[2017-01-10 08:31 UTC] kalle@php.net

I'm suspending the reports for BLENC as it doesn't seem to have stalled (looking at both repositories I could find on git.php.net and github) and it does not seem compatible with any currently supported version of PHP either. Please unsuspend in case someone takes over this extension

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Dec 22 06:01:30 2024 UTC