php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69857 segfault with --enable-dtrace
Submitted: 2015-06-17 06:03 UTC Modified: 2015-06-17 06:54 UTC
From: remi@php.net Assigned: remi (profile)
Status: Closed Package: Reproducible crash
PHP Version: 7.0Git-2015-06-17 (Git) OS: GNU/LInux
Private report: No CVE-ID: None
 [2015-06-17 06:03 UTC] remi@php.net
Description:
------------
Regression since 8cfe282 (20150611)

=====================================================================
FAILED TEST SUMMARY
---------------------------------------------------------------------
Bug #54268 (Double free when destroy_zend_class fails) [Zend/tests/bug54268.phpt]
Bug #68412 (Infinite recursion with __call can make the program crash/segfault) [Zend/tests/bug68412.phpt]
=====================================================================

Both raise a segfault, when --enable-dtrace is used (ok without)

Test script:
---------------
./configure --disable-all --enable-dtrace
make
make test

Expected result:
----------------
no segfault

Actual result:
--------------
segfault

$ gdb sapi/cli/php
(gdb) run Zend/tests/bug54268.php
Program received signal SIGSEGV, Segmentation fault.
execute_ex (ex=ex@entry=0x7fffefa15fb0) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
403			((opcode_handler_t)OPLINE->handler)(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU);
(gdb) bt
#0  execute_ex (ex=ex@entry=0x7fffefa15fb0) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#1  0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefa15fb0) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#2  0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#3  0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefa15f40) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#4  0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefa15f40) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#5  0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#6  0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefa15ed0) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#7  0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefa15ed0) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#8  0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#9  0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefa15e60) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#10 0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefa15e60) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#11 0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#12 0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefa15df0) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#13 0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefa15df0) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#14 0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#15 0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefa15d80) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#16 0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefa15d80) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#17 0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#18 0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefa15d10) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#19 0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefa15d10) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#20 0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#21 0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefa15ca0) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#22 0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefa15ca0) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#23 0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#24 0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefa15c30) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#25 0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefa15c30) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#26 0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#27 0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefa15bc0) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#28 0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefa15bc0) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#29 0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#30 0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefa15b50) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#31 0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefa15b50) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#32 0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#33 0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefa15ae0) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#34 0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefa15ae0) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#35 0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#36 0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefa15a70) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#37 0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefa15a70) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#38 0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#39 0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefa15a00) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#40 0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefa15a00) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#41 0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#42 0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefa15990) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#43 0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefa15990) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#44 0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#45 0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefa15920) at /work/build/phpmaster/Zend/zend_vm_execute.h:403


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-06-17 06:07 UTC] remi@php.net
$ gdb sapi/cli/php
(gdb)  run Zend/tests/bug68412.php
Program received signal SIGSEGV, Segmentation fault.
0x00000000005c61d4 in zend_std_get_method (obj_ptr=0x7fffff7ff028, method_name=0x7ffff6655760, key=0x7ffff66621e0) at /work/build/phpmaster/Zend/zend_object_handlers.c:1050
1050	{
(gdb) bt
#0  0x00000000005c61d4 in zend_std_get_method (obj_ptr=0x7fffff7ff028, method_name=0x7ffff6655760, key=0x7ffff66621e0)
    at /work/build/phpmaster/Zend/zend_object_handlers.c:1050
#1  0x0000000000614e14 in ZEND_INIT_METHOD_CALL_SPEC_CV_CONST_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:32391
#2  0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefc87800) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#3  0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefc87800) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#4  0x000000000061b497 in ZEND_CALL_TRAMPOLINE_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:1893
#5  0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefc87800) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#6  0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefc87800) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#7  0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#8  0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefc87760) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#9  0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefc87760) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#10 0x000000000061b497 in ZEND_CALL_TRAMPOLINE_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:1893
#11 0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefc87760) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#12 0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefc87760) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#13 0x000000000061c0cd in ZEND_DO_FCALL_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:791
#14 0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefc876c0) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
#15 0x000000000057ed9a in dtrace_execute_ex (execute_data=0x7fffefc876c0) at /work/build/phpmaster/Zend/zend_dtrace.c:78
#16 0x000000000061b497 in ZEND_CALL_TRAMPOLINE_SPEC_HANDLER () at /work/build/phpmaster/Zend/zend_vm_execute.h:1893
#17 0x00000000005cb9eb in execute_ex (ex=ex@entry=0x7fffefc876c0) at /work/build/phpmaster/Zend/zend_vm_execute.h:403
...
 [2015-06-17 06:54 UTC] remi@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: remi
 [2015-06-17 06:54 UTC] remi@php.net
Known stack exhausion when zend_execute_ex is overridden
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 06:01:30 2024 UTC