php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #67380 Random Segfault / Core Dump / PHP-FPM
Submitted: 2014-06-04 09:58 UTC Modified: 2021-05-11 04:43 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:0 (0.0%)
From: brandon at cryy dot com Assigned: cmb (profile)
Status: Closed Package: *General Issues
PHP Version: 7.4.16 OS: gcc version 4.6.3 (Ubuntu/Linaro
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2014-06-04 09:58 UTC] brandon at cryy dot com 
Description:
------------
PHP-FPM / Segfault occurs when I attempt to fopen using a compression wrapper, i.e. compress.zlib:// or compress.bzip2://

Test script:
---------------
[problem]
http://pbx50.cryy.com/include/classes/logger-example-class.php

The issue occurs only when using the stream wrappers in this context.

[works?]
<?php
// define $handle
$handle = fopen('compress.zlib://test.foo', 'w');

// define $data
$data = 'test';

fwrite($handle, $data, strlen($data));

fclose($data);
?>



Expected result:
----------------
Not segfault / write compressed data to file (zlib, or bzip2).

Actual result:
--------------
php-fpm[26073]: segfault at 7fffc0b25fd8 ip 00000000007e781d sp 00007fffc0b25fc0 error 6 in php-fpm[400000+96d000]

#0  zend_dtoa (_d=<unavailable>, mode=3, ndigits=5, decpt=0x7fffc0b260e4, sign=0x7fffc0b261dc, rve=0x7fffc0b26098) at /usr/local/src/php-5.5.13/Zend/zend_strtod.c:1443
#1  0x000000000076b376 in __cvt (value=<optimized out>, ndigit=5, decpt=0x7fffc0b260e4, sign=<optimized out>, fmode=1, pad=1) at /usr/local/src/php-5.5.13/main/snprintf.c:91
#2  0x000000000076b605 in php_fcvt (sign=0x7fffc0b261dc, decpt=0x7fffc0b260e4, ndigit=5, value=3.0000000000000001e-05) at /usr/local/src/php-5.5.13/main/snprintf.c:133
#3  php_conv_fp (format=70 'F', num=3.0000000000000001e-05, add_dp=NO, precision=5, dec_point=46 '.', is_negative=0x7fffc0b261dc, buf=0x7fffc0b261f1 "", len=0x7fffc0b261d4) at /usr/local/src/php-5.5.13/main/snprintf.c:384
#4  0x000000000076e46b in xbuf_format_converter (xbuf=0x7fffc0b26a40, fmt=0xcbe680 "F", ap=0x7fffc0b26a88) at /usr/local/src/php-5.5.13/main/spprintf.c:615
#5  0x000000000076e7d4 in vspprintf (pbuf=0x7fffc0b26ba8, max_len=0, format=<optimized out>, ap=<optimized out>) at /usr/local/src/php-5.5.13/main/spprintf.c:799
#6  0x000000000076e8a2 in spprintf (pbuf=<optimized out>, max_len=<optimized out>, format=<optimized out>) at /usr/local/src/php-5.5.13/main/spprintf.c:818
#7  0x000000000071293d in _php_math_number_format_ex_len (d=<optimized out>, dec=5, dec_point=0x7fffc0b26bfc ".", dec_point_len=1, thousand_sep=0x7fffc0b26bf8 ",", thousand_sep_len=1, result_len=0x0)
    at /usr/local/src/php-5.5.13/ext/standard/math.c:1120
#8  0x0000000000714747 in _php_math_number_format (d=<optimized out>, dec=<optimized out>, dec_point=46 '.', thousand_sep=44 ',') at /usr/local/src/php-5.5.13/ext/standard/math.c:1097
#9  0x0000000000714859 in zif_number_format (ht=2, return_value=0x7f38bb59b2f0, return_value_ptr=<optimized out>, this_ptr=<optimized out>, return_value_used=<optimized out>) at /usr/local/src/php-5.5.13/ext/standard/math.c:1248
#10 0x0000000000875d7e in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb6011f0) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:550
#11 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb6011f0) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#12 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb600bd0) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#13 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb600bd0) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#14 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb600290) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#15 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb600290) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#16 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5ffc70) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#17 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5ffc70) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#18 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5ff330) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#19 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5ff330) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#20 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5fed10) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#21 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5fed10) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#22 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5fe3d0) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#23 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5fe3d0) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#24 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5fddb0) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#25 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5fddb0) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#26 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5fd470) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#27 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5fd470) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#28 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5fce50) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#29 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5fce50) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#30 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5fc510) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#31 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5fc510) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#32 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5fbaa8) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#33 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5fbaa8) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#34 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5fb168) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#35 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5fb168) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#36 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5fab48) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#37 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5fab48) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#38 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5fa208) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#39 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5fa208) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#40 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5f9be8) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#41 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5f9be8) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#42 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5f92a8) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#43 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5f92a8) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#44 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5f8c88) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#45 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5f8c88) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#46 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5f8348) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#47 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5f8348) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#48 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5f7d28) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#49 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5f7d28) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#50 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5f73e8) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#51 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5f73e8) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#52 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5f6dc8) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#53 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5f6dc8) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#54 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5f6488) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#55 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5f6488) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#56 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5f5e68) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-06-09 19:03 UTC] brandon at cryy dot com 
I originally thought this issue was specific to something with the compression since the only time it would crash is when I would attempt to use the compression wrappers.

I've been continually developing and I am now seeing other core dump/segfaults randomly, not entirely sure whats going on but something really weird appears t be happening:

Core was generated by `php-fpm: pool www                                               '.
Program terminated with signal 11, Segmentation fault.
#0  zend_dtoa (_d=<unavailable>, mode=3, ndigits=5, decpt=0x7fffc0b26104, sign=0x7fffc0b261fc, rve=0x7fffc0b260b8) at /usr/local/src/php-5.5.13/Zend/zend_strtod.c:1443
1443	{
(gdb) bt
#0  zend_dtoa (_d=<unavailable>, mode=3, ndigits=5, decpt=0x7fffc0b26104, sign=0x7fffc0b261fc, rve=0x7fffc0b260b8) at /usr/local/src/php-5.5.13/Zend/zend_strtod.c:1443
#1  0x000000000076b376 in __cvt (value=<optimized out>, ndigit=5, decpt=0x7fffc0b26104, sign=<optimized out>, fmode=1, pad=1) at /usr/local/src/php-5.5.13/main/snprintf.c:91
#2  0x000000000076b605 in php_fcvt (sign=0x7fffc0b261fc, decpt=0x7fffc0b26104, ndigit=5, value=4.0000000000000003e-05) at /usr/local/src/php-5.5.13/main/snprintf.c:133
#3  php_conv_fp (format=70 'F', num=4.0000000000000003e-05, add_dp=NO, precision=5, dec_point=46 '.', is_negative=0x7fffc0b261fc, buf=0x7fffc0b26211 "b\262\300\377\177", len=0x7fffc0b261f4)
    at /usr/local/src/php-5.5.13/main/snprintf.c:384
#4  0x000000000076e46b in xbuf_format_converter (xbuf=0x7fffc0b26a60, fmt=0xcbe680 "F", ap=0x7fffc0b26aa8) at /usr/local/src/php-5.5.13/main/spprintf.c:615
#5  0x000000000076e7d4 in vspprintf (pbuf=0x7fffc0b26bc8, max_len=0, format=<optimized out>, ap=<optimized out>) at /usr/local/src/php-5.5.13/main/spprintf.c:799
#6  0x000000000076e8a2 in spprintf (pbuf=<optimized out>, max_len=<optimized out>, format=<optimized out>) at /usr/local/src/php-5.5.13/main/spprintf.c:818
#7  0x000000000071293d in _php_math_number_format_ex_len (d=<optimized out>, dec=5, dec_point=0x7fffc0b26c1c ".", dec_point_len=1, thousand_sep=0x7fffc0b26c18 ",", thousand_sep_len=1, result_len=0x0)
    at /usr/local/src/php-5.5.13/ext/standard/math.c:1120
#8  0x0000000000714747 in _php_math_number_format (d=<optimized out>, dec=<optimized out>, dec_point=46 '.', thousand_sep=44 ',') at /usr/local/src/php-5.5.13/ext/standard/math.c:1097
 [2014-06-09 19:06 UTC] brandon at cryy dot com
-Summary: fopen compress.zlib:// and compress.bzip2 stream wrappers segfault +Summary: Random Segfault / Core Dump / PHP-FPM -Package: *Compression related +Package: *General Issues
 [2014-06-09 19:06 UTC] brandon at cryy dot com 
The issue appears to be non-specific to compression at this point.
 [2021-04-20 12:28 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2021-04-20 12:28 UTC] cmb@php.net 
Does this still happen to you with any of the actively supported
PHP versions[1]?

[1] <https://www.php.net/supported-versions.php>
 [2021-05-02 04:22 UTC] php-bugs at lists dot php dot net 
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 [2021-05-11 04:43 UTC] brandon at cryy dot com
-Status: No Feedback +Status: Closed -PHP Version: 5.5.13 +PHP Version: 7.4.16
 [2021-05-11 04:43 UTC] brandon at cryy dot com 
Issue is resolved in latest stable versions, thank you!
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 09:01:27 2024 UTC