php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #67926 php-fpm segfaults
Submitted: 2014-08-28 19:49 UTC Modified: 2015-07-22 12:58 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: rmang at lexiconn dot com Assigned:
Status: Not a bug Package: PCRE related
PHP Version: 5.4.32 OS: centOS 6.5 64-bit
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: rmang at lexiconn dot com
New email:
PHP Version: OS:

 

 [2014-08-28 19:49 UTC] rmang at lexiconn dot com
Description:
------------
Seeing many segfaults with php-fpm on Apache 2.2.7, mod_fastcgi_2.4.7, php 5.4.32, MySQL 5.5.37

kernel: php-fpm[13984]: segfault at 7fff88cb5fe8 ip 00000000004786ed sp 00007fff88cb5f90 error 6 in php-fpm[400000+9a6000]
kernel: php-fpm[13945]: segfault at 7fff88cb5fe8 ip 00000000004786ed sp 00007fff88cb5f90 error 6 in php-fpm[400000+9a6000]
abrt[14082]: Not saving repeating crash in '/usr/local/sbin/php-fpm'
abrt[14079]: Saved core dump of pid 13984 (/usr/local/sbin/php-fpm) to /var/spool/abrt/ccpp-2014-08-28-15:35:35-13984 (547725312 bytes)
abrtd: Directory 'ccpp-2014-08-28-15:35:35-13984' creation detected
abrt[14082]: Saved core dump of pid 13945 to core.13945 (546963456 bytes)

Actual result:
--------------
Program terminated with signal 11, Segmentation fault.
#0  match (eptr=0x9ab0213 "') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", 
    ecode=0x154bd7b "\035\\\035'q", 
    mstart=0x9ab020a "'category') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", offset_top=4, 
    md=0x7fff88cb88a0, eptrb=0x0, rdepth=18) at /home/admin/php-5.4.32/ext/pcre/pcrelib/pcre_exec.c:500
500     {

#0  match (eptr=0x9ab0213 "') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", 
    ecode=0x154bd7b "\035\\\035'q", 
    mstart=0x9ab020a "'category') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", offset_top=4, 
    md=0x7fff88cb88a0, eptrb=0x0, rdepth=18) at /home/admin/php-5.4.32/ext/pcre/pcrelib/pcre_exec.c:500
#1  0x000000000047972a in match (eptr=0x9ab0213 "') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", 
    ecode=0x154bd76 "\177", 
    mstart=0x9ab020a "'category') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", 
    offset_top=<value optimized out>, md=0x7fff88cb88a0, eptrb=0x2, rdepth=17)
    at /home/admin/php-5.4.32/ext/pcre/pcrelib/pcre_exec.c:973
#2  0x000000000048523c in match (eptr=0x9ab0213 "') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", 
    ecode=0x154bd8b "s", 
    mstart=0x9ab020a "'category') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", offset_top=4, 
    md=0x7fff88cb88a0, eptrb=0x0, rdepth=16) at /home/admin/php-5.4.32/ext/pcre/pcrelib/pcre_exec.c:2039
#3  0x000000000047972a in match (eptr=0x9ab0212 "y') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", 
    ecode=0x154bd86 "q", 
    mstart=0x9ab020a "'category') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", 
    offset_top=<value optimized out>, md=0x7fff88cb88a0, eptrb=0x2, rdepth=15)
    at /home/admin/php-5.4.32/ext/pcre/pcrelib/pcre_exec.c:973
#4  0x000000000048523c in match (eptr=0x9ab0212 "y') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", 
    ecode=0x154bd8b "s", 
    mstart=0x9ab020a "'category') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", offset_top=4, 
    md=0x7fff88cb88a0, eptrb=0x0, rdepth=14) at /home/admin/php-5.4.32/ext/pcre/pcrelib/pcre_exec.c:2039
#5  0x000000000047972a in match (
    eptr=0x9ab0211 "ry') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", ecode=0x154bd86 "q", 
    mstart=0x9ab020a "'category') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", 
    offset_top=<value optimized out>, md=0x7fff88cb88a0, eptrb=0x2, rdepth=13)
    at /home/admin/php-5.4.32/ext/pcre/pcrelib/pcre_exec.c:973
#6  0x000000000048523c in match (
    eptr=0x9ab0211 "ry') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", ecode=0x154bd8b "s", 
    mstart=0x9ab020a "'category') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", offset_top=4, 
    md=0x7fff88cb88a0, eptrb=0x0, rdepth=12) at /home/admin/php-5.4.32/ext/pcre/pcrelib/pcre_exec.c:2039
#7  0x000000000047972a in match (
    eptr=0x9ab0210 "ory') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", ecode=0x154bd86 "q", 
    mstart=0x9ab020a "'category') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", 
    offset_top=<value optimized out>, md=0x7fff88cb88a0, eptrb=0x2, rdepth=11)
    at /home/admin/php-5.4.32/ext/pcre/pcrelib/pcre_exec.c:973
#8  0x000000000048523c in match (
    eptr=0x9ab0210 "ory') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", ecode=0x154bd8b "s", 
    mstart=0x9ab020a "'category') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", offset_top=4, 
    md=0x7fff88cb88a0, eptrb=0x0, rdepth=10) at /home/admin/php-5.4.32/ext/pcre/pcrelib/pcre_exec.c:2039
#9  0x000000000047972a in match (
    eptr=0x9ab020f "gory') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", ecode=0x154bd86 "q", 
    mstart=0x9ab020a "'category') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", 
    offset_top=<value optimized out>, md=0x7fff88cb88a0, eptrb=0x2, rdepth=9)
    at /home/admin/php-5.4.32/ext/pcre/pcrelib/pcre_exec.c:973
#10 0x000000000048523c in match (
    eptr=0x9ab020f "gory') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", ecode=0x154bd8b "s", 
    mstart=0x9ab020a "'category') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", offset_top=4, 
    md=0x7fff88cb88a0, eptrb=0x0, rdepth=8) at /home/admin/php-5.4.32/ext/pcre/pcrelib/pcre_exec.c:2039
#11 0x000000000047972a in match (
    eptr=0x9ab020e "egory') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", ecode=0x154bd86 "q", 
    mstart=0x9ab020a "'category') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", 
    offset_top=<value optimized out>, md=0x7fff88cb88a0, eptrb=0x2, rdepth=7)
    at /home/admin/php-5.4.32/ext/pcre/pcrelib/pcre_exec.c:973
#12 0x000000000048523c in match (
    eptr=0x9ab020e "egory') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", ecode=0x154bd8b "s", 
    mstart=0x9ab020a "'category') AND (t_def.store_id IN (0, '2')) ORDER BY `t_def`.`store_id` DESC LIMIT 1", offset_top=4, 
    md=0x7fff88cb88a0, eptrb=0x0, rdepth=6) at /home/admin/php-5.4.32/ext/pcre/pcrelib/pcre_exec.c:2039
#13 0x000000000047972a in match (

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-08-28 20:14 UTC] aharvey@php.net
-Status: Open +Status: Feedback
 [2014-08-28 20:14 UTC] aharvey@php.net
It looks like you're overflowing your stack as a result of a recursive regex. Can you reduce your code to a minimal test case, and if so, does it include a preg_*() call?
 [2014-08-28 20:46 UTC] rmang at lexiconn dot com
-Status: Feedback +Status: Open
 [2014-08-28 20:46 UTC] rmang at lexiconn dot com
Client is using Magento with Google Website Optimizer enabled (the repeating query seems to be from that module). If it's not a bug, we'll troubleshoot the code. Thanks for the quick reply / nudge in the right direction.
 [2015-07-22 12:58 UTC] mike@php.net
-Status: Open +Status: Not a bug -Package: FPM related +Package: PCRE related
 [2015-07-22 12:58 UTC] mike@php.net
.
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Mon May 16 16:05:46 2022 UTC