php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70616 SIGSEGV while lex_scan-ning
Submitted: 2015-10-01 18:55 UTC Modified: 2016-06-20 14:47 UTC
Votes:3
Avg. Score:4.7 ± 0.5
Reproduced:3 of 3 (100.0%)
Same Version:0 (0.0%)
Same OS:2 (66.7%)
From: roctom at gmail dot com Assigned:
Status: Open Package: Reproducible crash
PHP Version: 5.6.13 OS: Cygwin
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2015-10-01 18:55 UTC] roctom at gmail dot com
Description:
------------
Under cygwin:

PHP 5.6.13 (cli) (built: Sep  4 2015 12:40:08)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2015 Zend Technologies

I get the following reproducible SIGSEGV after installing the phpunit/phpunit package.



Test script:
---------------
In a composer.json file

{
	"require": {
		"phpunit/phpunit": "~4"
	}
}

Then run php composer.phar install. It should segfault just after you can read "Generating autoload files".

Expected result:
----------------
No "Program received signal SIGSEGV, Segmentation fault.".

The program completes without crashing.

Actual result:
--------------
Here is a backtrace in gdb:

Program received signal SIGSEGV, Segmentation fault.
lex_scan (zendlval=zendlval@entry=0x228cd0) at Zend/zend_language_scanner.c:2636
2636    Zend/zend_language_scanner.c: No such file or directory.
(gdb) bt
#0  lex_scan (zendlval=zendlval@entry=0x228cd0) at Zend/zend_language_scanner.c:2636
#1  0x00000003f689a69c in zend_strip () at /usr/src/debug/php-5.6.13-1/Zend/zend_highlight.c:174
#2  0x00000003f67c056a in zif_php_strip_whitespace (ht=<optimized out>, return_value=0x6fffeff2798, return_value_ptr=<optimized out>, this_ptr=<optimized out>, return_value_used=1)
    at /usr/src/debug/php-5.6.13-1/ext/standard/basic_functions.c:5241
#3  0x00000003f694c66c in zend_do_fcall_common_helper_SPEC (execute_data=<optimized out>) at /usr/src/debug/php-5.6.13-1/Zend/zend_vm_execute.h:558
#4  0x00000003f68dcb58 in execute_ex (execute_data=0x6fffffbe2f0) at /usr/src/debug/php-5.6.13-1/Zend/zend_vm_execute.h:363
#5  0x00000003f68a80ed in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/debug/php-5.6.13-1/Zend/zend.c:1341
#6  0x00000003f6845c8a in php_execute_script (primary_file=0x22b858) at /usr/src/debug/php-5.6.13-1/main/main.c:2597
#7  0x0000000100402729 in do_cli (argc=3, argv=0x22cb10) at /usr/src/debug/php-5.6.13-1/sapi/cli/php_cli.c:994
#8  0x000000010040b6fb in main (argc=3, argv=0x22cb10) at /usr/src/debug/php-5.6.13-1/sapi/cli/php_cli.c:1378

The zval given to lex_scan:

(gdb) p *(zval *) 0x228cd0
$1 = {value = {lval = 7696551907325, dval = 3.802601888843204e-311, str = {val = 0x6fffe3e0ffd "\n}\n"<error: Cannot access memory at address 0x6fffe3e1000>, len = 1}, ht = 0x6fffe3e0ffd,
    obj = {handle = 4265480189, handlers = 0x1}, ast = 0x6fffe3e0ffd}, refcount__gc = 4278048360, type = 0 '\000', is_ref__gc = 6 '\006'}


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-11-03 00:53 UTC] vangel dot attila at gmail dot com
I got a crash in lex_scan() when trying to use the arcanist tool under cygwin x86 (on Windows 7 64 bit).

To get the stack trace I ran php from gdb:

$ gdb php

then in gdb:

r /path/to/arcanist.php install-certificate

Starting program: /usr/bin/php /path/to/arcanist.php install-certificate
[New Thread 14820.0x39dc]
[New Thread 14820.0x2210]

Program received signal SIGSEGV, Segmentation fault.
0x58e364c7 in lex_scan () from /usr/bin/cygphp5-5-6.dll
(gdb) bt
#0  0x58e364c7 in lex_scan () from /usr/bin/cygphp5-5-6.dll
#1  0x58e504bf in zendlex () from /usr/bin/cygphp5-5-6.dll
#2  0x58e2b41c in zendparse () from /usr/bin/cygphp5-5-6.dll
#3  0x58e315ba in cygphp5-5-6!compile_file () from /usr/bin/cygphp5-5-6.dll
#4  0x58eca897 in execute_ex () from /usr/bin/cygphp5-5-6.dll
#5  0x58e9aea7 in execute_ex () from /usr/bin/cygphp5-5-6.dll
#6  0x58eca273 in execute_ex () from /usr/bin/cygphp5-5-6.dll
#7  0x58e58755 in zend_call_function () from /usr/bin/cygphp5-5-6.dll
#8  0x58e7d03b in zend_call_method () from /usr/bin/cygphp5-5-6.dll
#9  0x58d44685 in zif_spl_autoload_call () from /usr/bin/cygphp5-5-6.dll
#10 0x58e586bd in zend_call_function () from /usr/bin/cygphp5-5-6.dll
#11 0x58e58f8e in zend_lookup_class_ex () from /usr/bin/cygphp5-5-6.dll
#12 0x58e5989a in zend_fetch_class () from /usr/bin/cygphp5-5-6.dll
#13 0x58eb05ed in execute_ex () from /usr/bin/cygphp5-5-6.dll
#14 0x58e9aea7 in execute_ex () from /usr/bin/cygphp5-5-6.dll
#15 0x58eca273 in execute_ex () from /usr/bin/cygphp5-5-6.dll
#16 0x58e67eb2 in zend_execute_scripts () from /usr/bin/cygphp5-5-6.dll
#17 0x58e05bdb in php_execute_script () from /usr/bin/cygphp5-5-6.dll
#18 0x004026c0 in php_register_internal_extensions ()
#19 0x0040b537 in php!main ()
(gdb)


$ php -version
PHP 5.6.14 (cli) (built: Oct 18 2015 04:16:10)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2015 Zend Technologies
 [2015-11-03 00:58 UTC] vangel dot attila at gmail dot com
Sorry, I forgot to mention that by the arcanist tool I meant this one:
https://secure.phabricator.com/book/phabricator/article/arcanist/

arcanist.php is normally run via the 'arc' wrapper script, however I needed to call that directly from gdb.
 [2016-06-20 14:47 UTC] cmb@php.net
-Operating System: Windows 7 +Operating System: Cygwin
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Wed Oct 16 10:01:27 2019 UTC