php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #71474 Crash because of VM stack corruption on Magento2
Submitted: 2016-01-28 08:36 UTC Modified: 2016-01-28 08:38 UTC
From: dmitry@php.net Assigned: dmitry (profile)
Status: Closed Package: Reproducible crash
PHP Version: 7.0.2 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: dmitry@php.net
New email:
PHP Version: OS:

 

 [2016-01-28 08:36 UTC] dmitry@php.net
Description:
------------
The following commands lead to crash.

$ cd /var/www/html/magento2
$ bin/magento indexer:reindex

backtrace:

Program received signal SIGABRT, Aborted.
#0  0x00007ffff64bacc9 in __GI_raise (sig=sig@entry=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ffff64be0d8 in __GI_abort () at abort.c:89
#2  0x00007ffff64b3b86 in __assert_fail_base (
    fmt=0x7ffff6604830 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", 
    assertion=assertion@entry=0xeab648 "(executor_globals.vm_stack_top) > (zval *) (executor_globals.vm_stack) && (executor_globals.vm_stack_end) > (zval *) (executor_globals.vm_stack) && (executor_globals.vm_stack_top) <= (executor_globals"..., file=file@entry=0xeab620 "/usr/src/php-src/Zend/zend_execute.h", 
    line=line@entry=275, 
    function=function@entry=0xead5a0 <__PRETTY_FUNCTION__.8106> "zend_vm_stack_free_call_frame_ex") at assert.c:92
#3  0x00007ffff64b3c32 in __GI___assert_fail (
    assertion=0xeab648 "(executor_globals.vm_stack_top) > (zval *) (executor_globals.vm_stack) && (executor_globals.vm_stack_end) > (zval *) (executor_globals.vm_stack) && (executor_globals.vm_stack_top) <= (executor_globals"..., 
    file=0xeab620 "/usr/src/php-src/Zend/zend_execute.h", line=275, 
    function=0xead5a0 <__PRETTY_FUNCTION__.8106> "zend_vm_stack_free_call_frame_ex") at assert.c:101
#4  0x00000000008fc6d3 in zend_vm_stack_free_call_frame_ex (call_info=66, 
    call=0x7fffe8ab2ee0) at /usr/src/php-src/Zend/zend_execute.h:275
#5  0x00000000008fc6fb in zend_vm_stack_free_call_frame (call=0x7fffe8ab2ee0)
    at /usr/src/php-src/Zend/zend_execute.h:280
#6  0x00000000009057f9 in ZEND_DO_FCALL_SPEC_HANDLER ()
    at /usr/src/php-src/Zend/zend_vm_execute.h:925
#7  0x0000000000904342 in execute_ex (ex=0x7fffe8ab2ce0)
    at /usr/src/php-src/Zend/zend_vm_execute.h:414
#8  0x000000000088e5e1 in dtrace_execute_ex (execute_data=0x7fffe8ab2ce0)
    at /usr/src/php-src/Zend/zend_dtrace.c:83
#9  0x00000000009052ff in ZEND_DO_FCALL_SPEC_HANDLER ()
    at /usr/src/php-src/Zend/zend_vm_execute.h:800
#10 0x0000000000904342 in execute_ex (ex=0x7fffe8ab2bd0)
    at /usr/src/php-src/Zend/zend_vm_execute.h:414
#11 0x000000000088e5e1 in dtrace_execute_ex (execute_data=0x7fffe8ab2bd0)
    at /usr/src/php-src/Zend/zend_dtrace.c:83
#12 0x00000000009052ff in ZEND_DO_FCALL_SPEC_HANDLER ()

Test script:
---------------
<?php
class foo {
        function __call($name, $args) {
                $a = $b = $c = $d = $e = $f = 1;
        }
}

function test($n, $x) {
//      var_dump($n);
        if ($n > 0) {
                $x->bug();
                test($n - 1, $x);
        }
}

test(3000, new foo());
echo "OK\n";
?>


Expected result:
----------------
OK

Actual result:
--------------
php: /.../zend_execute.h:275: zend_vm_stack_free_call_frame_ex: Assertion `(executor_globals.vm_stack_top) > (zval *) (executor_globals.vm_stack) && (executor_globals.vm_stack_end) > (zval *) (executor_globals.vm_stack) && (executor_globals.vm_stack_top) <= (executor_globals.vm_stack_end)' failed.
Aborted (core dumped)


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-01-28 08:38 UTC] dmitry@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: dmitry
 [2016-01-28 08:55 UTC] dmitry@php.net
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=6039d2d91454e5dc09996d2988d2f38ad8c316ae
Log: Fixed bug #71474 (Crash because of VM stack corruption on Magento2).
 [2016-01-28 08:55 UTC] dmitry@php.net
-Status: Assigned +Status: Closed
 [2016-07-20 11:33 UTC] davey@php.net
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=6039d2d91454e5dc09996d2988d2f38ad8c316ae
Log: Fixed bug #71474 (Crash because of VM stack corruption on Magento2).
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Oct 07 11:01:28 2024 UTC