php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #71474 Crash because of VM stack corruption on Magento2
Submitted: 2016-01-28 08:36 UTC Modified: 2016-01-28 08:38 UTC
From: dmitry@php.net Assigned: dmitry
Status: Closed Package: Reproducible crash
PHP Version: 7.0.2 OS: Linux
Private report: No CVE-ID:
 [2016-01-28 08:36 UTC] dmitry@php.net
Description:
------------
The following commands lead to crash.

$ cd /var/www/html/magento2
$ bin/magento indexer:reindex

backtrace:

Program received signal SIGABRT, Aborted.
#0  0x00007ffff64bacc9 in __GI_raise (sig=sig@entry=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ffff64be0d8 in __GI_abort () at abort.c:89
#2  0x00007ffff64b3b86 in __assert_fail_base (
    fmt=0x7ffff6604830 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", 
    assertion=assertion@entry=0xeab648 "(executor_globals.vm_stack_top) > (zval *) (executor_globals.vm_stack) && (executor_globals.vm_stack_end) > (zval *) (executor_globals.vm_stack) && (executor_globals.vm_stack_top) <= (executor_globals"..., file=file@entry=0xeab620 "/usr/src/php-src/Zend/zend_execute.h", 
    line=line@entry=275, 
    function=function@entry=0xead5a0 <__PRETTY_FUNCTION__.8106> "zend_vm_stack_free_call_frame_ex") at assert.c:92
#3  0x00007ffff64b3c32 in __GI___assert_fail (
    assertion=0xeab648 "(executor_globals.vm_stack_top) > (zval *) (executor_globals.vm_stack) && (executor_globals.vm_stack_end) > (zval *) (executor_globals.vm_stack) && (executor_globals.vm_stack_top) <= (executor_globals"..., 
    file=0xeab620 "/usr/src/php-src/Zend/zend_execute.h", line=275, 
    function=0xead5a0 <__PRETTY_FUNCTION__.8106> "zend_vm_stack_free_call_frame_ex") at assert.c:101
#4  0x00000000008fc6d3 in zend_vm_stack_free_call_frame_ex (call_info=66, 
    call=0x7fffe8ab2ee0) at /usr/src/php-src/Zend/zend_execute.h:275
#5  0x00000000008fc6fb in zend_vm_stack_free_call_frame (call=0x7fffe8ab2ee0)
    at /usr/src/php-src/Zend/zend_execute.h:280
#6  0x00000000009057f9 in ZEND_DO_FCALL_SPEC_HANDLER ()
    at /usr/src/php-src/Zend/zend_vm_execute.h:925
#7  0x0000000000904342 in execute_ex (ex=0x7fffe8ab2ce0)
    at /usr/src/php-src/Zend/zend_vm_execute.h:414
#8  0x000000000088e5e1 in dtrace_execute_ex (execute_data=0x7fffe8ab2ce0)
    at /usr/src/php-src/Zend/zend_dtrace.c:83
#9  0x00000000009052ff in ZEND_DO_FCALL_SPEC_HANDLER ()
    at /usr/src/php-src/Zend/zend_vm_execute.h:800
#10 0x0000000000904342 in execute_ex (ex=0x7fffe8ab2bd0)
    at /usr/src/php-src/Zend/zend_vm_execute.h:414
#11 0x000000000088e5e1 in dtrace_execute_ex (execute_data=0x7fffe8ab2bd0)
    at /usr/src/php-src/Zend/zend_dtrace.c:83
#12 0x00000000009052ff in ZEND_DO_FCALL_SPEC_HANDLER ()

Test script:
---------------
<?php
class foo {
        function __call($name, $args) {
                $a = $b = $c = $d = $e = $f = 1;
        }
}

function test($n, $x) {
//      var_dump($n);
        if ($n > 0) {
                $x->bug();
                test($n - 1, $x);
        }
}

test(3000, new foo());
echo "OK\n";
?>


Expected result:
----------------
OK

Actual result:
--------------
php: /.../zend_execute.h:275: zend_vm_stack_free_call_frame_ex: Assertion `(executor_globals.vm_stack_top) > (zval *) (executor_globals.vm_stack) && (executor_globals.vm_stack_end) > (zval *) (executor_globals.vm_stack) && (executor_globals.vm_stack_top) <= (executor_globals.vm_stack_end)' failed.
Aborted (core dumped)


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-01-28 08:38 UTC] dmitry@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: dmitry
 [2016-01-28 08:55 UTC] dmitry@php.net
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=6039d2d91454e5dc09996d2988d2f38ad8c316ae
Log: Fixed bug #71474 (Crash because of VM stack corruption on Magento2).
 [2016-01-28 08:55 UTC] dmitry@php.net
-Status: Assigned +Status: Closed
 [2016-07-20 11:33 UTC] davey@php.net
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=6039d2d91454e5dc09996d2988d2f38ad8c316ae
Log: Fixed bug #71474 (Crash because of VM stack corruption on Magento2).
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Fri Jul 21 08:01:41 2017 UTC