php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70224 segfault, apparent stack overflow due to infinite recursion
Submitted: 2015-08-10 01:38 UTC Modified: 2015-08-10 15:44 UTC
From: matt at niagarawebsolutions dot ca Assigned:
Status: Not a bug Package: Apache2 related
PHP Version: 5.5.28 OS: ubuntu-trusty-32
Private report: No CVE-ID: None
 [2015-08-10 01:38 UTC] matt at niagarawebsolutions dot ca
Description:
------------
Apache 2 restarts due to a segmentation fault in mod_php5.  Attaching gdb to obtain a backtrace revealed an apparent problem with an infinite recursive cycle involving execute_ex(), dtrace_execute_ex(), zend_execute() and an unnamed function.

I do not know how to reproduce this bug.  I'm a webdev working with wordpress.  I'm posting the bug report because you'd probably like it if the language handled this situation better, and I'm hoping that the stack trace will hold enough clues to be helpful.  If not, please go ahead and close the report with prejudice.  I don't want to waste anyone's time.

The error came about while attempting to use closures and/or OOP when deferring the execution of functions using hooks in wordpress.  In other situations, this seems to have worked well, so I'm not really sure what the problem is.   For the sake of completeness, the error occurs somewhere within Wordpress'  add_meta_box() function, if you happen to be pursuing a cause.  I'm worried that someone will think I'm trying to report a Wordpress bug to you, so, once again, that's not the problem, no.  The problem is the segfault.

The stack trace repeats for at least 800 frames, maybe more.

Expected result:
----------------
A fatal error message in either the php log or the apache log, rather than a segfault in syslog.

Actual result:
--------------
#0  0xb5e4e2cb in zend_is_callable_ex () from /usr/lib/apache2/modules/libphp5.so
#1  0xb5e4eb82 in zend_fcall_info_init () from /usr/lib/apache2/modules/libphp5.so
#2  0xb5e4ef8a in ?? () from /usr/lib/apache2/modules/libphp5.so
#3  0xb5e503e6 in ?? () from /usr/lib/apache2/modules/libphp5.so
#4  0xb5e50860 in zend_parse_parameters () from /usr/lib/apache2/modules/libphp5.so
#5  0xb5d598a2 in zif_call_user_func_array () from /usr/lib/apache2/modules/libphp5.so
#6  0xb5efb382 in execute_internal () from /usr/lib/apache2/modules/libphp5.so
#7  0xb5e35877 in dtrace_execute_internal () from /usr/lib/apache2/modules/libphp5.so
#8  0xb5efee58 in ?? () from /usr/lib/apache2/modules/libphp5.so
#9  0xb5e72707 in execute_ex () from /usr/lib/apache2/modules/libphp5.so
#10 0xb5e3576d in dtrace_execute_ex () from /usr/lib/apache2/modules/libphp5.so
#11 0xb5efcf35 in zend_execute () from /usr/lib/apache2/modules/libphp5.so
#12 0xb5eff4ed in ?? () from /usr/lib/apache2/modules/libphp5.so
#13 0xb5e72707 in execute_ex () from /usr/lib/apache2/modules/libphp5.so
#14 0xb5e3576d in dtrace_execute_ex () from /usr/lib/apache2/modules/libphp5.so
#15 0xb5efcf35 in zend_execute () from /usr/lib/apache2/modules/libphp5.so
#16 0xb5eff4ed in ?? () from /usr/lib/apache2/modules/libphp5.so
#17 0xb5e72707 in execute_ex () from /usr/lib/apache2/modules/libphp5.so
#18 0xb5e3576d in dtrace_execute_ex () from /usr/lib/apache2/modules/libphp5.so
#19 0xb5efcf35 in zend_execute () from /usr/lib/apache2/modules/libphp5.so
#20 0xb5eff4ed in ?? () from /usr/lib/apache2/modules/libphp5.so
#21 0xb5e72707 in execute_ex () from /usr/lib/apache2/modules/libphp5.so
#22 0xb5e3576d in dtrace_execute_ex () from /usr/lib/apache2/modules/libphp5.so
#23 0xb5efcf35 in zend_execute () from /usr/lib/apache2/modules/libphp5.so
#24 0xb5eff4ed in ?? () from /usr/lib/apache2/modules/libphp5.so
#25 0xb5e72707 in execute_ex () from /usr/lib/apache2/modules/libphp5.so
#26 0xb5e3576d in dtrace_execute_ex () from /usr/lib/apache2/modules/libphp5.so
#27 0xb5efcf35 in zend_execute () from /usr/lib/apache2/modules/libphp5.so
#28 0xb5eff4ed in ?? () from /usr/lib/apache2/modules/libphp5.so
#29 0xb5e72707 in execute_ex () from /usr/lib/apache2/modules/libphp5.so
#30 0xb5e3576d in dtrace_execute_ex () from /usr/lib/apache2/modules/libphp5.so
#31 0xb5efcf35 in zend_execute () from /usr/lib/apache2/modules/libphp5.so
#32 0xb5eff4ed in ?? () from /usr/lib/apache2/modules/libphp5.so
#33 0xb5e72707 in execute_ex () from /usr/lib/apache2/modules/libphp5.so
#34 0xb5e3576d in dtrace_execute_ex () from /usr/lib/apache2/modules/libphp5.so
#35 0xb5efcf35 in zend_execute () from /usr/lib/apache2/modules/libphp5.so
#36 0xb5eff4ed in ?? () from /usr/lib/apache2/modules/libphp5.so
#37 0xb5e72707 in execute_ex () from /usr/lib/apache2/modules/libphp5.so
#38 0xb5e3576d in dtrace_execute_ex () from /usr/lib/apache2/modules/libphp5.so
---Type <return> to continue, or q <return> to quit---


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-08-10 04:28 UTC] matt at niagarawebsolutions dot ca
Actually nothing mysterious about the cause, after all, I found a very simple, self-referential recursion in my own code.  Inexperience with namespaces[1].  So what you have here is the stack trace of everything after that.

If the reported failure is expected under these circumstances, then this bug report can be closed, otherwise if the problem should have been caught, then here's your stack trace.

[1]  Boiled down to essentials, the following should reproduce it:

First, define a function "bar()" in the global namespace.  Then,

<?php
namespace foo;
function bar(){
   return bar();
}
?>
Which essentially should have been:

<?php
namespace foo;
function bar(){
   return \bar();
}
?>
 [2015-08-10 09:45 UTC] bwoebi@php.net
-Status: Open +Status: Not a bug
 [2015-08-10 09:45 UTC] bwoebi@php.net
Correct. You're building with dtrace, hence we need to nest in call stack on each function call and it segfaults. [Without dtrace it would just properly run with an out-of-memory.]

Nothing to do about that...
 [2015-08-10 15:44 UTC] matt at niagarawebsolutions dot ca
Well, d'oh. Noticed dtrace but didn't realize the significance.  Probably checked out the wrong version from the package manager.  Thanks & sorry.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 12:01:30 2024 UTC