PHP :: Bug #69621 :: segmentation fault when uploading an image

Bug #69621

segmentation fault when uploading an image

Submitted:

2015-05-11 17:08 UTC

Modified:

2016-08-14 04:22 UTC

Votes:	2
Avg. Score:	2.5 ± 1.5
Reproduced:	2 of 2 (100.0%)
Same Version:	0 (0.0%)
Same OS:	1 (50.0%)

From:

darko_petreski at yahoo dot com

Assigned:

Status:

No Feedback

Package:

*General Issues

PHP Version:

5.5.24

OS:

ubuntu 14.04

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	darko_petreski at yahoo dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2015-05-11 17:08 UTC] darko_petreski at yahoo dot com

Description:
------------
I have a huge website. When I upload ad image I get segmentation fault error.

PHP 5.5.9-1ubuntu4.9 (cli) (built: Apr 17 2015 11:44:57) 
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2014 Zend Technologies
    with Zend OPcache v7.0.3, Copyright (c) 1999-2014, by Zend Technologies
    with Xdebug v2.2.3, Copyright (c) 2002-2013, by Derick Rethans

Linux 3.16.0-37-generic #51~14.04.1-Ubuntu SMP Wed May 6 15:23:14 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

Server version: Apache/2.4.7 (Ubuntu)

I get this backtrace from dgb

Program received signal SIGSEGV, Segmentation fault.
0x00007ff9cbcb5846 in ?? () from /usr/lib/apache2/modules/libphp5.so
(gdb) backtrace full
#0  0x00007ff9cbcb5846 in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#1  0x00007ff9cbcb59dc in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#2  0x00007ff9cbac99c3 in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#3  0x00007ff9cbac9a35 in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#4  0x00007ff9cbaca821 in file_ms_free () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#5  0x00007ff9cbac8b65 in finfo_resource_destructor () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#6  0x00007ff9cbceca50 in list_entry_destructor () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#7  0x00007ff9cbcea891 in zend_hash_del_key_or_index () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#8  0x00007ff9cbcecc31 in _zend_list_delete () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#9  0x00007ff9cbcccee0 in _zval_ptr_dtor () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#10 0x00007ff9cbcfef87 in zend_object_std_dtor () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#11 0x00007ff9cbcfefb9 in zend_objects_free_object_storage () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#12 0x00007ff9cbd04e4c in zend_objects_store_del_ref_by_handle_ex () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#13 0x00007ff9cbd04e73 in zend_objects_store_del_ref () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#14 0x00007ff9cbcccee0 in _zval_ptr_dtor () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#15 0x00007ff9cbcea998 in zend_hash_destroy () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#16 0x00007ff9cbcdbe0b in _zval_dtor_func () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#17 0x00007ff9cbcccee0 in _zval_ptr_dtor () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#18 0x00007ff9cbcfef87 in zend_object_std_dtor () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#19 0x00007ff9cbcfefb9 in zend_objects_free_object_storage () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#20 0x00007ff9cbd04e4c in zend_objects_store_del_ref_by_handle_ex () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#21 0x00007ff9cbd04e73 in zend_objects_store_del_ref () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#22 0x00007ff9cbcccee0 in _zval_ptr_dtor () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#23 0x00007ff9cbcea998 in zend_hash_destroy () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#24 0x00007ff9cbcfef2c in zend_object_std_dtor () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#25 0x00007ff9cbcfefb9 in zend_objects_free_object_storage () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#26 0x00007ff9cbd04e4c in zend_objects_store_del_ref_by_handle_ex () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#27 0x00007ff9cbd04e73 in zend_objects_store_del_ref () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#28 0x00007ff9cbcccee0 in _zval_ptr_dtor () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#29 0x00007ff9cbcea998 in zend_hash_destroy () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#30 0x00007ff9cbcdbe0b in _zval_dtor_func () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#31 0x00007ff9cbcccee0 in _zval_ptr_dtor () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#32 0x00007ff9cbcfef87 in zend_object_std_dtor () from /usr/lib/apache2/modules/libphp5.so
---Type <return> to continue, or q <return> to quit---
No symbol table info available.
#33 0x00007ff9cbcfefb9 in zend_objects_free_object_storage () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#34 0x00007ff9cbd04e4c in zend_objects_store_del_ref_by_handle_ex () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#35 0x00007ff9cbd04e73 in zend_objects_store_del_ref () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#36 0x00007ff9cbcccee0 in _zval_ptr_dtor () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#37 0x00007ff9cbcea998 in zend_hash_destroy () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#38 0x00007ff9cbcdbe0b in _zval_dtor_func () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#39 0x00007ff9cbcccee0 in _zval_ptr_dtor () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#40 0x00007ff9cbcfef87 in zend_object_std_dtor () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#41 0x00007ff9cbcfefb9 in zend_objects_free_object_storage () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#42 0x00007ff9cbd04e4c in zend_objects_store_del_ref_by_handle_ex () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#43 0x00007ff9cbd04e73 in zend_objects_store_del_ref () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#44 0x00007ff9cbcccee0 in _zval_ptr_dtor () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#45 0x00007ff9cbcea998 in zend_hash_destroy () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#46 0x00007ff9cbcdbe0b in _zval_dtor_func () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#47 0x00007ff9cbcccee0 in _zval_ptr_dtor () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#48 0x00007ff9cbcfef87 in zend_object_std_dtor () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#49 0x00007ff9cbcfefb9 in zend_objects_free_object_storage () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#50 0x00007ff9cbd04e4c in zend_objects_store_del_ref_by_handle_ex () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#51 0x00007ff9cbd04e73 in zend_objects_store_del_ref () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#52 0x00007ff9cbcccee0 in _zval_ptr_dtor () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#53 0x00007ff9cbcea998 in zend_hash_destroy () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#54 0x00007ff9cbcdbe0b in _zval_dtor_func () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#55 0x00007ff9cbcccee0 in _zval_ptr_dtor () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#56 0x00007ff9cbcfef87 in zend_object_std_dtor () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#57 0x00007ff9cbcfefb9 in zend_objects_free_object_storage () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#58 0x00007ff9cbd04e4c in zend_objects_store_del_ref_by_handle_ex () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#59 0x00007ff9cbd04e73 in zend_objects_store_del_ref () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#60 0x00007ff9cbcccee0 in _zval_ptr_dtor () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#61 0x00007ff9cbcea998 in zend_hash_destroy () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#62 0x00007ff9cbcdbe0b in _zval_dtor_func () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#63 0x00007ff9cbcccee0 in _zval_ptr_dtor () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#64 0x00007ff9cbcfef87 in zend_object_std_dtor () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
---Type <return> to continue, or q <return> to quit---
#65 0x00007ff9cbcfefb9 in zend_objects_free_object_storage () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#66 0x00007ff9cbd049b7 in zend_objects_store_free_object_storage () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#67 0x00007ff9cbccd5f3 in shutdown_executor () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#68 0x00007ff9cbcdcdc2 in zend_deactivate () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#69 0x00007ff9cbc7d20d in php_request_shutdown () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#70 0x00007ff9cbd8e9af in ?? () from /usr/lib/apache2/modules/libphp5.so
No symbol table info available.
#71 0x00007ff9cfe6c830 in ap_run_handler ()
No symbol table info available.
#72 0x00007ff9cfe6cd79 in ap_invoke_handler ()
No symbol table info available.
#73 0x00007ff9cfe81dfc in ap_internal_redirect ()
No symbol table info available.
#74 0x00007ff9ca08bcfc in ?? () from /usr/lib/apache2/modules/mod_rewrite.so
No symbol table info available.
#75 0x00007ff9cfe6c830 in ap_run_handler ()
No symbol table info available.
#76 0x00007ff9cfe6cd79 in ap_invoke_handler ()
No symbol table info available.
#77 0x00007ff9cfe8233a in ap_process_async_request ()
No symbol table info available.
#78 0x00007ff9cfe82614 in ap_process_request ()
No symbol table info available.
#79 0x00007ff9cfe7f0b2 in ?? ()
No symbol table info available.
#80 0x00007ff9cfe75e70 in ap_run_process_connection ()
No symbol table info available.
#81 0x00007ff9cc6ae767 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
No symbol table info available.
#82 0x00007ff9cc6ae9a6 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
No symbol table info available.
#83 0x00007ff9cc6af60e in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
No symbol table info available.
#84 0x00007ff9cfe536de in ap_run_mpm ()
No symbol table info available.
#85 0x00007ff9cfe4ce76 in main ()
No symbol table info available.


Expected result:
----------------
no segmentation fault

Actual result:
--------------
in the browser I get ERR_EMPTY_RESPONSE

Patches

php (last revision 2015-05-11 17:09 UTC by darko_petreski at yahoo dot com)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-05-19 12:30 UTC] cmb@php.net

-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb

[2015-05-19 12:30 UTC] cmb@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.

The issue seems to be caused by fileinfo resp. libmagic.

[2015-05-24 22:15 UTC] darko_petreski at yahoo dot com

I tried to extract the lines that cause the error from the code of the website but I could not reproduce it with a few lines, sorry. Only the complete code produces this error, but it is too big to post it here.

[2015-05-25 00:15 UTC] cmb@php.net

-Status: Feedback +Status: Open -Assigned To: cmb +Assigned To:

[2015-11-30 13:45 UTC] laurent dot lavaud at ladtech dot fr

Hello,

I have a similar problem, i am running an Ubuntu server 14.04 with the following software versions:

laurentl@server:~$ apache2 -v
Server version: Apache/2.4.7 (Ubuntu)
Server built:   Oct 14 2015 14:20:21

laurentl@server:~$ php -v
PHP 5.5.9-1ubuntu4.14 (cli) (built: Oct 28 2015 01:34:46) 
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2014 Zend Technologies
    with Zend OPcache v7.0.3, Copyright (c) 1999-2014, by Zend Technologies

And now the backtrace:

GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/sbin/apache2...(no debugging symbols found)...done.
[New LWP 7911]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/sbin/apache2 -k start'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f84165bcef7 in zend_hash_destroy () from /usr/lib/apache2/modules/libphp5.so
(gdb) bt
#0  0x00007f84165bcef7 in zend_hash_destroy () from /usr/lib/apache2/modules/libphp5.so
#1  0x00007f84165ae39b in _zval_dtor_func () from /usr/lib/apache2/modules/libphp5.so
#2  0x00007f84165d77a9 in ?? () from /usr/lib/apache2/modules/libphp5.so
#3  0x00007f84165d90c8 in execute_ex () from /usr/lib/apache2/modules/libphp5.so
#4  0x00007f841659f229 in dtrace_execute_ex () from /usr/lib/apache2/modules/libphp5.so
#5  0x00007f841665e921 in ?? () from /usr/lib/apache2/modules/libphp5.so
#6  0x00007f84165d90c8 in execute_ex () from /usr/lib/apache2/modules/libphp5.so
#7  0x00007f841659f229 in dtrace_execute_ex () from /usr/lib/apache2/modules/libphp5.so
#8  0x00007f841665e921 in ?? () from /usr/lib/apache2/modules/libphp5.so
#9  0x00007f84165d90c8 in execute_ex () from /usr/lib/apache2/modules/libphp5.so
#10 0x00007f841659f229 in dtrace_execute_ex () from /usr/lib/apache2/modules/libphp5.so
#11 0x00007f84165b0cb0 in zend_execute_scripts () from /usr/lib/apache2/modules/libphp5.so
#12 0x00007f8416550ae5 in php_execute_script () from /usr/lib/apache2/modules/libphp5.so
#13 0x00007f8416661032 in ?? () from /usr/lib/apache2/modules/libphp5.so
#14 0x00007f841ab49be0 in ap_run_handler ()
#15 0x00007f841ab4a129 in ap_invoke_handler ()
#16 0x00007f841ab5f6ca in ap_process_async_request ()
#17 0x00007f841ab5f9a4 in ap_process_request ()
#18 0x00007f841ab5c442 in ?? ()
#19 0x00007f841ab53220 in ap_run_process_connection ()
#20 0x00007f8416d77767 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#21 0x00007f8416d779a6 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#22 0x00007f8416d7860e in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#23 0x00007f841ab308ae in ap_run_mpm ()
#24 0x00007f841ab2a046 in main ()

[2016-08-06 02:59 UTC] kalle@php.net

-Status: Open +Status: Feedback

[2016-08-06 02:59 UTC] kalle@php.net

It seems like a fair few frames are missing in the backtrace, although it does hint that it is due to something in ext/fileinfo like @cmb said. However without something to reproduce this, it is likely not to get fixed.

Side note; I do suspect it could be a reference error or similar. 

Does this also happen on PHP7?

[2016-08-14 04:22 UTC] php-bugs at lists dot php dot net

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 26 08:01:30 2024 UTC