PHP :: Bug #69156 :: SegFault on non-phpserialized responses from Solr Server (PHPS RW)

Bug #69156

SegFault on non-phpserialized responses from Solr Server (PHPS RW)

Submitted:

2015-03-02 10:40 UTC

Modified:

2015-03-15 15:42 UTC

Votes:	2
Avg. Score:	3.5 ± 1.5
Reproduced:	2 of 2 (100.0%)
Same Version:	2 (100.0%)
Same OS:	1 (50.0%)

From:

pomyk at go2 dot pl

Assigned:

omars (profile)

Status:

Closed

Package:

solr (PECL)

PHP Version:

All

OS:

Irrelevant

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	pomyk at go2 dot pl
New email:
PHP Version:		OS:

New/Additional Comment:

[2015-03-02 10:40 UTC] pomyk at go2 dot pl

Description:
------------
Extension segfaulted when Solr returned the following response:

HTTP/1.1 500 {msg=SolrCore 'core' is not available due to init failure: Could not load conf for core core: Error loading solr config from instancje/c/../../cores/core/conf/solrconfig.xml,trace=org.apache.solr.common.SolrException: SolrCore 'core' is not available due to init failure: Could not load conf for core core: Error loading solr config from instancje/c/../../cores/core/conf/solrconfig.xml \tat org.apache.solr.core.CoreContainer.getCore(CoreContainer.java:745) \tat org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:299) \tat org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:207) \tat org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419) \tat org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:455) \tat org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137) \tat org.eclipse.jetty.


Expected result:
----------------
PHP exception

Actual result:
--------------
segfault:
#0  0x00007f1ebb2e072a in zend_hash_find () from /etc/httpd/modules/libphp5.so
#1  0x00007f1ea144ad7a in hydrate_error_zval () from /usr/lib64/php/modules/solr.so
#2  0x00007f1ea144b22c in solr_get_phpnative_error () from /usr/lib64/php/modules/solr.so
#3  0x00007f1ea144b39e in solr_throw_solr_server_exception () from /usr/lib64/php/modules/solr.so
#4  0x00007f1ea1439aa1 in zim_SolrClient_query () from /usr/lib64/php/modules/solr.so
#5  0x00007f1ebb2c0a7b in dtrace_execute_internal () from /etc/httpd/modules/libphp5.so
#6  0x00007f1ebb384c05 in zend_do_fcall_common_helper_SPEC () from /etc/httpd/modules/libphp5.so
#7  0x00007f1ebb2fd578 in execute_ex () from /etc/httpd/modules/libphp5.so
#8  0x00007f1ebb2c0959 in dtrace_execute_ex () from /etc/httpd/modules/libphp5.so
#9  0x00007f1ebb38527d in zend_do_fcall_common_helper_SPEC () from /etc/httpd/modules/libphp5.so
#10 0x00007f1ebb2fd578 in execute_ex () from /etc/httpd/modules/libphp5.so
#11 0x00007f1ebb2c0959 in dtrace_execute_ex () from /etc/httpd/modules/libphp5.so
#12 0x00007f1ebb38527d in zend_do_fcall_common_helper_SPEC () from /etc/httpd/modules/libphp5.so
#13 0x00007f1ebb2fd578 in execute_ex () from /etc/httpd/modules/libphp5.so
#14 0x00007f1ebb2c0959 in dtrace_execute_ex () from /etc/httpd/modules/libphp5.so
...

Patches

fix_bug_69156v2.diff (last revision 2015-03-02 14:24 UTC by pomyk at go2 dot pl)
fix_bug_69156.diff (last revision 2015-03-02 12:35 UTC by pomyk at go2 dot pl)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-03-02 11:00 UTC] pomyk at go2 dot pl

To trigger the bug wt = 'phps' is important and solr has to return error:

<?
$zapytanie_solr = new SolrQuery();
$zapytanie_solr->setRows(1);
$zapytanie_solr->setStart(0);
$client = new SolrClient(array(
    'hostname' => 'solr.rc.srv.gratka.pl',
    'port' => 8906,
    'path' => 'xxx',
    'timeout' => 1000,
    'wt' => 'phps'
));
$x= $client->query($zapytanie_solr);

[2015-03-08 03:07 UTC] omars@php.net

-Status: Open +Status: Verified -Assigned To: +Assigned To: omars

[2015-03-08 03:31 UTC] omars@php.net

-Summary: segfault on 500 response from Solr +Summary: SegFault on non-phpserialized responses from Solr Server (PHPS RW) -Operating System: CentOS 7 +Operating System: Irrelevant -PHP Version: 5.5.22 +PHP Version: All

[2015-03-08 03:31 UTC] omars@php.net

When solr fails to initialize correctly, or when accessising unknown path on the server, the SegFault occurs.

[2015-03-08 03:37 UTC] omars@php.net

Thanks for spotting the bug and taking the time to do the patch. The patch worked but had a memory leak, since there was an outstanding zval. Any way I've pushed the fix to master, and it will be available on the next release.

[2015-03-15 15:42 UTC] omars@php.net

-Status: Verified +Status: Closed

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 19 05:01:29 2024 UTC