php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #67380 Random Segfault / Core Dump / PHP-FPM
Submitted: 2014-06-04 09:58 UTC Modified: 2014-06-09 19:06 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:0 (0.0%)
From: brandon at cryy dot com Assigned:
Status: Open Package: *General Issues
PHP Version: 5.5.13 OS: gcc version 4.6.3 (Ubuntu/Linaro
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: brandon at cryy dot com
New email:
PHP Version: OS:

 

 [2014-06-04 09:58 UTC] brandon at cryy dot com
Description:
------------
PHP-FPM / Segfault occurs when I attempt to fopen using a compression wrapper, i.e. compress.zlib:// or compress.bzip2://

Test script:
---------------
[problem]
http://pbx50.cryy.com/include/classes/logger-example-class.php

The issue occurs only when using the stream wrappers in this context.

[works?]
<?php
// define $handle
$handle = fopen('compress.zlib://test.foo', 'w');

// define $data
$data = 'test';

fwrite($handle, $data, strlen($data));

fclose($data);
?>



Expected result:
----------------
Not segfault / write compressed data to file (zlib, or bzip2).

Actual result:
--------------
php-fpm[26073]: segfault at 7fffc0b25fd8 ip 00000000007e781d sp 00007fffc0b25fc0 error 6 in php-fpm[400000+96d000]

#0  zend_dtoa (_d=<unavailable>, mode=3, ndigits=5, decpt=0x7fffc0b260e4, sign=0x7fffc0b261dc, rve=0x7fffc0b26098) at /usr/local/src/php-5.5.13/Zend/zend_strtod.c:1443
#1  0x000000000076b376 in __cvt (value=<optimized out>, ndigit=5, decpt=0x7fffc0b260e4, sign=<optimized out>, fmode=1, pad=1) at /usr/local/src/php-5.5.13/main/snprintf.c:91
#2  0x000000000076b605 in php_fcvt (sign=0x7fffc0b261dc, decpt=0x7fffc0b260e4, ndigit=5, value=3.0000000000000001e-05) at /usr/local/src/php-5.5.13/main/snprintf.c:133
#3  php_conv_fp (format=70 'F', num=3.0000000000000001e-05, add_dp=NO, precision=5, dec_point=46 '.', is_negative=0x7fffc0b261dc, buf=0x7fffc0b261f1 "", len=0x7fffc0b261d4) at /usr/local/src/php-5.5.13/main/snprintf.c:384
#4  0x000000000076e46b in xbuf_format_converter (xbuf=0x7fffc0b26a40, fmt=0xcbe680 "F", ap=0x7fffc0b26a88) at /usr/local/src/php-5.5.13/main/spprintf.c:615
#5  0x000000000076e7d4 in vspprintf (pbuf=0x7fffc0b26ba8, max_len=0, format=<optimized out>, ap=<optimized out>) at /usr/local/src/php-5.5.13/main/spprintf.c:799
#6  0x000000000076e8a2 in spprintf (pbuf=<optimized out>, max_len=<optimized out>, format=<optimized out>) at /usr/local/src/php-5.5.13/main/spprintf.c:818
#7  0x000000000071293d in _php_math_number_format_ex_len (d=<optimized out>, dec=5, dec_point=0x7fffc0b26bfc ".", dec_point_len=1, thousand_sep=0x7fffc0b26bf8 ",", thousand_sep_len=1, result_len=0x0)
    at /usr/local/src/php-5.5.13/ext/standard/math.c:1120
#8  0x0000000000714747 in _php_math_number_format (d=<optimized out>, dec=<optimized out>, dec_point=46 '.', thousand_sep=44 ',') at /usr/local/src/php-5.5.13/ext/standard/math.c:1097
#9  0x0000000000714859 in zif_number_format (ht=2, return_value=0x7f38bb59b2f0, return_value_ptr=<optimized out>, this_ptr=<optimized out>, return_value_used=<optimized out>) at /usr/local/src/php-5.5.13/ext/standard/math.c:1248
#10 0x0000000000875d7e in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb6011f0) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:550
#11 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb6011f0) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#12 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb600bd0) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#13 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb600bd0) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#14 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb600290) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#15 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb600290) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#16 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5ffc70) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#17 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5ffc70) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#18 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5ff330) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#19 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5ff330) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#20 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5fed10) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#21 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5fed10) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#22 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5fe3d0) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#23 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5fe3d0) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#24 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5fddb0) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#25 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5fddb0) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#26 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5fd470) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#27 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5fd470) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#28 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5fce50) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#29 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5fce50) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#30 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5fc510) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#31 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5fc510) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#32 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5fbaa8) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#33 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5fbaa8) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#34 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5fb168) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#35 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5fb168) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#36 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5fab48) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#37 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5fab48) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#38 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5fa208) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#39 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5fa208) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#40 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5f9be8) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#41 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5f9be8) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#42 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5f92a8) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#43 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5f92a8) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#44 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5f8c88) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#45 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5f8c88) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#46 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5f8348) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#47 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5f8348) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#48 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5f7d28) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#49 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5f7d28) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#50 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5f73e8) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#51 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5f73e8) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#52 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5f6dc8) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#53 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5f6dc8) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#54 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5f6488) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584
#55 0x000000000083a3f8 in execute_ex (execute_data=0x7f38bb5f6488) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:363
#56 0x000000000087618b in zend_do_fcall_common_helper_SPEC (execute_data=0x7f38bb5f5e68) at /usr/local/src/php-5.5.13/Zend/zend_vm_execute.h:584

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-06-09 19:03 UTC] brandon at cryy dot com
I originally thought this issue was specific to something with the compression since the only time it would crash is when I would attempt to use the compression wrappers.

I've been continually developing and I am now seeing other core dump/segfaults randomly, not entirely sure whats going on but something really weird appears t be happening:

Core was generated by `php-fpm: pool www                                               '.
Program terminated with signal 11, Segmentation fault.
#0  zend_dtoa (_d=<unavailable>, mode=3, ndigits=5, decpt=0x7fffc0b26104, sign=0x7fffc0b261fc, rve=0x7fffc0b260b8) at /usr/local/src/php-5.5.13/Zend/zend_strtod.c:1443
1443	{
(gdb) bt
#0  zend_dtoa (_d=<unavailable>, mode=3, ndigits=5, decpt=0x7fffc0b26104, sign=0x7fffc0b261fc, rve=0x7fffc0b260b8) at /usr/local/src/php-5.5.13/Zend/zend_strtod.c:1443
#1  0x000000000076b376 in __cvt (value=<optimized out>, ndigit=5, decpt=0x7fffc0b26104, sign=<optimized out>, fmode=1, pad=1) at /usr/local/src/php-5.5.13/main/snprintf.c:91
#2  0x000000000076b605 in php_fcvt (sign=0x7fffc0b261fc, decpt=0x7fffc0b26104, ndigit=5, value=4.0000000000000003e-05) at /usr/local/src/php-5.5.13/main/snprintf.c:133
#3  php_conv_fp (format=70 'F', num=4.0000000000000003e-05, add_dp=NO, precision=5, dec_point=46 '.', is_negative=0x7fffc0b261fc, buf=0x7fffc0b26211 "b\262\300\377\177", len=0x7fffc0b261f4)
    at /usr/local/src/php-5.5.13/main/snprintf.c:384
#4  0x000000000076e46b in xbuf_format_converter (xbuf=0x7fffc0b26a60, fmt=0xcbe680 "F", ap=0x7fffc0b26aa8) at /usr/local/src/php-5.5.13/main/spprintf.c:615
#5  0x000000000076e7d4 in vspprintf (pbuf=0x7fffc0b26bc8, max_len=0, format=<optimized out>, ap=<optimized out>) at /usr/local/src/php-5.5.13/main/spprintf.c:799
#6  0x000000000076e8a2 in spprintf (pbuf=<optimized out>, max_len=<optimized out>, format=<optimized out>) at /usr/local/src/php-5.5.13/main/spprintf.c:818
#7  0x000000000071293d in _php_math_number_format_ex_len (d=<optimized out>, dec=5, dec_point=0x7fffc0b26c1c ".", dec_point_len=1, thousand_sep=0x7fffc0b26c18 ",", thousand_sep_len=1, result_len=0x0)
    at /usr/local/src/php-5.5.13/ext/standard/math.c:1120
#8  0x0000000000714747 in _php_math_number_format (d=<optimized out>, dec=<optimized out>, dec_point=46 '.', thousand_sep=44 ',') at /usr/local/src/php-5.5.13/ext/standard/math.c:1097
 [2014-06-09 19:06 UTC] brandon at cryy dot com
-Summary: fopen compress.zlib:// and compress.bzip2 stream wrappers segfault +Summary: Random Segfault / Core Dump / PHP-FPM -Package: *Compression related +Package: *General Issues
 [2014-06-09 19:06 UTC] brandon at cryy dot com
The issue appears to be non-specific to compression at this point.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Mon Nov 30 06:01:22 2020 UTC