php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #67959 Segfault when calling phpversion('spl');
Submitted: 2014-09-04 07:48 UTC Modified: 2014-09-04 18:05 UTC
Votes:2
Avg. Score:2.0 ± 1.0
Reproduced:1 of 2 (50.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: arjen at react dot com Assigned: datibbaw
Status: Closed Package: Scripting Engine problem
PHP Version: master-Git-2014-09-04 (Git) OS:
Private report: No CVE-ID:
 [2014-09-04 07:48 UTC] arjen at react dot com
Description:
------------
Crash when calling phpversion('spl') or any other module.

Test script:
---------------
--TEST--
phpversion() module version test
--CREDITS--
Arjen Schol arjen@react.com
--FILE--
<?php
var_dump(phpversion('spl'));
?>
--DONE--
--EXPECT--
string(3) "0.2"

Actual result:
--------------
#0  0x00007ffff36e3d0a in strlen () from /usr/lib/libc.so.6
#1  0x00000000007c70dc in zend_get_module_version (module_name=0x7fff00000000 <error: Cannot access memory at address 0x7fff00000000>) at /home/arjen/phpng/php-src/Zend/zend_API.c:3611
#2  0x00000000006f706a in zif_phpversion (param_count=<optimized out>, return_value=0x7ffff0c18860) at /home/arjen/phpng/php-src/ext/standard/info.c:1200
#3  0x0000000000862cf2 in ZEND_DO_FCALL_SPEC_HANDLER (execute_data=0x7ffff0c185f0) at /home/arjen/phpng/php-src/Zend/zend_vm_execute.h:593
#4  0x00000000007ee8e0 in execute_ex (execute_data=0x7ffff0c185f0) at /home/arjen/phpng/php-src/Zend/zend_vm_execute.h:352
#5  0x00000000007ab28d in zend_call_function (fci=fci@entry=0x7fffffffa940, fci_cache=fci_cache@entry=0x7fffffffa910) at /home/arjen/phpng/php-src/Zend/zend_execute_API.c:850
#6  0x00000000007d7af7 in zend_call_method (object=object@entry=0x0, obj_ce=<optimized out>, obj_ce@entry=0x7ffff0c040e8, fn_proxy=fn_proxy@entry=0x7ffff0c04210, 
    function_name=function_name@entry=0xcf4bf5 "__callstatic", function_name_len=function_name_len@entry=12, retval_ptr=retval_ptr@entry=0x7fffffffaa10, param_count=2, arg1=0x7fffffffa9f0, 
    arg2=0x7fffffffaa00) at /home/arjen/phpng/php-src/Zend/zend_interfaces.c:101
#7  0x00000000007e9a13 in zend_std_callstatic_user_call (param_count=<optimized out>, return_value=0x7ffff0c14570) at /home/arjen/phpng/php-src/Zend/zend_object_handlers.c:1159
#8  0x0000000000862cf2 in ZEND_DO_FCALL_SPEC_HANDLER (execute_data=0x7ffff0c140e0) at /home/arjen/phpng/php-src/Zend/zend_vm_execute.h:593
#9  0x00000000007ee8e0 in execute_ex (execute_data=0x7ffff0c140e0) at /home/arjen/phpng/php-src/Zend/zend_vm_execute.h:352
#10 0x00000000007bd1a2 in zend_execute_scripts (type=0, type@entry=8, retval=0x18, retval@entry=0x0, file_count=-5457978, file_count@entry=3) at /home/arjen/phpng/php-src/Zend/zend.c:1317
#11 0x000000000075b071 in php_execute_script (primary_file=0x7fffffffcf60) at /home/arjen/phpng/php-src/main/main.c:2560
#12 0x0000000000866482 in do_cli (argc=0, argv=0x18) at /home/arjen/phpng/php-src/sapi/cli/php_cli.c:978
#13 0x00000000004393f7 in main (argc=0, argv=0x18) at /home/arjen/phpng/php-src/sapi/cli/php_cli.c:1356


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-09-04 17:30 UTC] aharvey@php.net
-Status: Open +Status: Analyzed
 [2014-09-04 17:30 UTC] aharvey@php.net
This appears to be a zpp issue: ext_name gets set to a junk pointer after zpp is called, hence the segfault. Switching phpversion to use zend_string fixes the issue, but presumably there's an underlying parameter parsing issue that needs to be dealt with.
 [2014-09-04 18:05 UTC] aharvey@php.net
-Status: Analyzed +Status: Closed -Assigned To: +Assigned To: datibbaw
 [2014-09-04 18:05 UTC] aharvey@php.net
Or, alternatively, it was as simple as https://github.com/php/php-src/commit/6951f8adb014f8889cd1eee387c9e8836b5e441b.

Urgh, more coffee. Good work, Florian Margaine.
 [2014-09-04 18:17 UTC] florian at margaine dot com
All credit goes to NikiC for quickly spotting the issue :)
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Feb 26 21:01:35 2017 UTC