PHP :: Request #72055 :: php-fpm crashes on working with Runkit

Request #72055

php-fpm crashes on working with Runkit

Submitted:

2016-04-19 08:27 UTC

Modified:

2023-04-10 14:08 UTC

Votes:	2
Avg. Score:	3.5 ± 0.5
Reproduced:	2 of 2 (100.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

r at v2u dot org

Assigned:

bukka (profile)

Status:

Wont fix

Package:

FPM related

PHP Version:

5.5.34

OS:

Centos 2.6.32-431.el6.x86_64

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	r at v2u dot org
New email:
PHP Version:		OS:

New Comment:

[2016-04-19 08:27 UTC] r at v2u dot org

Description:
------------
In cli mode the script works fine, but in php-fpm mode the fpm process crash on request finished.

Version and file:
https://github.com/php/php-src/blob/PHP-5.5.33/sapi/fpm/fpm/fastcgi.c#L1073
https://github.com/php/php-src/blob/PHP-5.6.20/sapi/fpm/fpm/fastcgi.c#L1073

compiling arguments:
--prefix=/opt/php5.5 --with-config-file-path=/opt/php5.5/etc --with-mysql --enable-pdo --with-pdo-mysql=/home/pubsrv/mysql-5.5.22 --with-mysqli=/home/pubsrv/mysql-5.5.22/bin/mysql_config --with-iconv-dir=/usr/local/ --enable-fpm --with-pcre-regex --with-zlib --with-bz2 --enable-soap --enable-inline-optimization --enable-mbregex --enable-calendar --with-curl --enable-dba --with-libxml-dir --with-openssl --enable-ftp --with-gd --with-jpeg-dir --with-png-dir --with-zlib-dir --with-freetype-dir --enable-gd-native-ttf --enable-gd-jis-conv --with-mhash --enable-mbstring --with-mcrypt --enable-pcntl --enable-xml --enable-shmop --enable-sockets --enable-zip --with-libdir=lib6 --enable-maintainer-zts --enable-debug

backtrace:

#0  fcgi_finish_request (req=0x0, force_close=force_close@entry=0) at /usr/local/src/php-5.5.33/sapi/fpm/fpm/fastcgi.c:1073
#1  0x00000000007c9bfe in sapi_cgi_deactivate (tsrm_ls=<optimized out>) at /usr/local/src/php-5.5.33/sapi/fpm/fpm/fpm_main.c:851
#2  0x0000000000696865 in sapi_deactivate (tsrm_ls=tsrm_ls@entry=0x271b5f0) at /usr/local/src/php-5.5.33/main/SAPI.c:536
#3  0x000000000068d06a in php_request_shutdown (dummy=dummy@entry=0x271b5f0) at /usr/local/src/php-5.5.33/main/main.c:1822
#4  0x00007f44b6fd1863 in php_runkit_sandbox_dtor (objval=0x7f44bfaa23b8, tsrm_ls=<optimized out>) at /usr/local/src/runkit/runkit_sandbox.c:1804
#5  0x0000000000726dc8 in zend_objects_store_del_ref_by_handle_ex (handle=1, handlers=<optimized out>, tsrm_ls=tsrm_ls@entry=0x24fb090) at /usr/local/src/php-5.5.33/Zend/zend_objects_API.c:226
#6  0x0000000000726e1e in zend_objects_store_del_ref (zobject=0x7f44bfaa21e8, tsrm_ls=0x24fb090) at /usr/local/src/php-5.5.33/Zend/zend_objects_API.c:178
#7  0x00000000006e96d0 in _zval_dtor (zvalue=0x7f44bfaa21e8) at /usr/local/src/php-5.5.33/Zend/zend_variables.h:35
#8  i_zval_ptr_dtor (zval_ptr=0x7f44bfaa21e8) at /usr/local/src/php-5.5.33/Zend/zend_execute.h:81
#9  _zval_ptr_dtor (zval_ptr=<optimized out>) at /usr/local/src/php-5.5.33/Zend/zend_execute_API.c:423
#10 0x0000000000708355 in zend_hash_apply_deleter (ht=ht@entry=0x24fe8d8, p=p@entry=0x7f44bfaa2468) at /usr/local/src/php-5.5.33/Zend/zend_hash.c:650
#11 0x0000000000709f5b in zend_hash_reverse_apply (ht=0x24fe8d8, apply_func=apply_func@entry=0x6e9650 <zval_call_destructor>, tsrm_ls=tsrm_ls@entry=0x24fb090) at /usr/local/src/php-5.5.33/Zend/zend_hash.c:804
#12 0x00000000006e9c8e in shutdown_destructors (tsrm_ls=tsrm_ls@entry=0x24fb090) at /usr/local/src/php-5.5.33/Zend/zend_execute_API.c:214
#13 0x00000000006fadf7 in zend_call_destructors (tsrm_ls=tsrm_ls@entry=0x24fb090) at /usr/local/src/php-5.5.33/Zend/zend.c:930
#14 0x000000000068cfe2 in php_request_shutdown (dummy=dummy@entry=0x0) at /usr/local/src/php-5.5.33/main/main.c:1754
#15 0x0000000000424685 in main (argc=<optimized out>, argv=<optimized out>) at /usr/local/src/php-5.5.33/sapi/fpm/fpm/fpm_main.c:1981





Test script:
---------------
<?php 
new Runkit_Sandbox([]) 
?>


Expected result:
----------------
don't crash the php-fpm processes.
no memory leaks.

Actual result:
--------------
don't crash now, but don't know if this patch is the right solution.

Patches

fpm-dangling-pointer (last revision 2016-04-19 08:28 UTC by r at v2u dot org)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2023-04-10 14:08 UTC] bukka@php.net

-Status: Open +Status: Wont fix

[2023-04-10 14:08 UTC] bukka@php.net

I had a look on this one and the Runkit_Sandbox wasn't really compatible with FPM so that would require some further work to integrate it correctly. I think it has no business to call php_request_shutdown in the first place. Anyway this extension no longer works with PHP 7+ and there is runkit7 that removed the sandbox support so this is no longer an issue.

I also thought about the patch from the generic point of view and we would really need to see the use case for supporting request shutdown out of PHP-FPM. It is probably better to not do that check as this crash can be sort of a good thing as it might show that there is some bigger problem that needs to be addressed in the extension.

[2023-04-10 14:08 UTC] bukka@php.net

-Assigned To: +Assigned To: bukka

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Apr 23 18:01:34 2024 UTC