php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72670 PHP segfaults when accessing website
Submitted: 2016-07-25 16:51 UTC Modified: 2016-07-26 12:45 UTC
From: rene at renekliment dot cz Assigned:
Status: Open Package: Reproducible crash
PHP Version: 7.0.9 OS: Arch Linux
Private report: No CVE-ID:
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: rene at renekliment dot cz
New email:
PHP Version: OS:

 

 [2016-07-25 16:51 UTC] rene at renekliment dot cz
Description:
------------
I have a website based on an old version of the Nette framework. In order to run it under PHP 7, I've updated it to use Nette 2.4, which works fine under PHP 5.6. When I try to run it under PHP 7, the PHP segfaults. I see no output from PHP, it just crashes.

I'm running Arch Linux with PHP 7.0.9 re-compiled with the 'debug' option. The website also crashes under PHP 7.0.8 @ Ubuntu 16.04.1. I've tested running it under nginx and php built-in webserver - there's no difference there.

Appreciate any help on this.

Actual result:
--------------
renekl@piggy ~/workspace/... (git)-[new-nette] % coredumpctl gdb                                                    
           PID: 4963 (php-fpm)
           UID: 1000 (renekl)
           GID: 1000 (renekl)
        Signal: 11 (SEGV)
     Timestamp: Po 2016-07-25 18:37:03 CEST (13s ago)
  Command Line: php-fpm: pool www                                                
    Executable: /usr/bin/php-fpm
 Control Group: /system.slice/php-fpm.service
          Unit: php-fpm.service
         Slice: system.slice
       Boot ID: 7ec588f9d12a43fd8d9d26baafa56c93
    Machine ID: a7f71c7482e8478c8c56abd5b16288a6
      Hostname: piggy
      Coredump: /var/lib/systemd/coredump/core.php-fpm.1000.7ec588f9d12a43fd8d9d26baafa56c93.4963.1469464623000000000000.lz4
       Message: Process 4963 (php-fpm) of user 1000 dumped core.
                
                Stack trace of thread 4963:
                #0  0x0000000000683e25 _zval_get_string_func (php-fpm)
                #1  0x00000000005490b8 _zval_get_string (php-fpm)
                #2  0x000000000054aa8c zim_reflection_parameter___toString (php-fpm)
                #3  0x000000000067d423 zend_call_function (php-fpm)
                #4  0x00000000006aa412 zend_call_method (php-fpm)
                #5  0x00000000006c5d53 zend_std_cast_object_tostring (php-fpm)
                #6  0x0000000000683d6e _zval_get_string_func (php-fpm)
                #7  0x00000000005cab6e _zval_get_string (php-fpm)
                #8  0x00000000005cafd3 zif_implode (php-fpm)
                #9  0x0000000000710cbf ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (php-fpm)
                #10 0x00000000006cda1b execute_ex (php-fpm)
                #11 0x0000000000720557 zend_execute (php-fpm)
                #12 0x000000000068bad3 zend_execute_scripts (php-fpm)
                #13 0x000000000062c140 php_execute_script (php-fpm)
                #14 0x0000000000433ccc main (php-fpm)
                #15 0x00007f8ca3447741 __libc_start_main (libc.so.6)
                #16 0x0000000000434af9 _start (php-fpm)

GNU gdb (GDB) 7.11.1
...
This GDB was configured as "x86_64-pc-linux-gnu".
...
Reading symbols from /usr/bin/php-fpm...done.
[New LWP 4963]

warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Core was generated by `php-fpm: pool www                                                '.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x0000000000683e25 in _zval_get_string_func (op=op@entry=0x7fff071b36f0) at /tmp/php/src/php-7.0.9/Zend/zend_operators.c:845
845					zval *z = Z_OBJ_HT_P(op)->get(op, &tmp);
(gdb) bt
#0  0x0000000000683e25 in _zval_get_string_func (op=op@entry=0x7fff071b36f0) at /tmp/php/src/php-7.0.9/Zend/zend_operators.c:845
#1  0x00000000005490b8 in _zval_get_string (op=0x7fff071b36f0) at /tmp/php/src/php-7.0.9/Zend/zend_operators.h:266
#2  _parameter_string (str=str@entry=0x7fff071b3740, fptr=0x7f8c97804bb8, arg_info=<optimized out>, offset=<optimized out>, 
    required=<optimized out>, indent=0xbdac0f "") at /tmp/php/src/php-7.0.9/ext/reflection/php_reflection.c:716
#3  0x000000000054aa8c in zim_reflection_parameter___toString (execute_data=<optimized out>, return_value=0x7fff071b39d0)
    at /tmp/php/src/php-7.0.9/ext/reflection/php_reflection.c:2529
#4  0x000000000067d423 in zend_call_function (fci=fci@entry=0x7fff071b38f0, fci_cache=fci_cache@entry=0x7fff071b38c0)
    at /tmp/php/src/php-7.0.9/Zend/zend_execute_API.c:885
#5  0x00000000006aa412 in zend_call_method (object=object@entry=0x7f8c978a51a8, obj_ce=<optimized out>, obj_ce@entry=0x2066460, 
    fn_proxy=fn_proxy@entry=0x2066590, function_name=function_name@entry=0xc1c288 "__tostring", 
    function_name_len=function_name_len@entry=10, retval_ptr=retval_ptr@entry=0x7fff071b39d0, param_count=0, arg1=0x0, arg2=0x0)
    at /tmp/php/src/php-7.0.9/Zend/zend_interfaces.c:104
#6  0x00000000006c5d53 in zend_std_cast_object_tostring (readobj=0x7f8c978a51a8, writeobj=0x7fff071b3a50, type=<optimized out>)
    at /tmp/php/src/php-7.0.9/Zend/zend_object_handlers.c:1568
#7  0x0000000000683d6e in _zval_get_string_func (op=op@entry=0x7f8c978a51a8) at /tmp/php/src/php-7.0.9/Zend/zend_operators.c:841
#8  0x00000000005cab6e in _zval_get_string (op=0x7f8c978a51a8) at /tmp/php/src/php-7.0.9/Zend/zend_operators.h:266
#9  php_implode (delim=delim@entry=0x1f13570, arr=<optimized out>, return_value=return_value@entry=0x7f8ca2016910)
    at /tmp/php/src/php-7.0.9/ext/standard/string.c:1244
#10 0x00000000005cafd3 in zif_implode (execute_data=0x7f8ca2016b50, return_value=0x7f8ca2016910)
    at /tmp/php/src/php-7.0.9/ext/standard/string.c:1325
#11 0x0000000000710cbf in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER () at /tmp/php/src/php-7.0.9/Zend/zend_vm_execute.h:714
#12 0x00000000006cda1b in execute_ex (ex=<optimized out>) at /tmp/php/src/php-7.0.9/Zend/zend_vm_execute.h:414
#13 0x0000000000720557 in zend_execute (op_array=op_array@entry=0x7f8ca2076000, return_value=return_value@entry=0x7f8c97c407a0)
    at /tmp/php/src/php-7.0.9/Zend/zend_vm_execute.h:458
#14 0x000000000068bad3 in zend_execute_scripts (type=-1576966512, type@entry=8, retval=0x7f8c97c407a0, retval@entry=0x0, 
    file_count=file_count@entry=3) at /tmp/php/src/php-7.0.9/Zend/zend.c:1427
#15 0x000000000062c140 in php_execute_script (primary_file=primary_file@entry=0x7fff071b61a0)
    at /tmp/php/src/php-7.0.9/main/main.c:2494
#16 0x0000000000433ccc in main (argc=<optimized out>, argv=<optimized out>) at /tmp/php/src/php-7.0.9/sapi/fpm/fpm/fpm_main.c:1968

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-07-25 17:07 UTC] cmb@php.net
(gdb) zbacktrace
might help to localize the issue.
 [2016-07-25 17:22 UTC] rene at renekliment dot cz
Oh, this is cool! Here it is:

(gdb) zbacktrace
[0x7f8ca2016bd0] ReflectionParameter->__toString() [internal function]
[0x7f8ca2016b50] implode("", array(2)[0x7f8ca2016bc0]) [internal function]
[0x7f8ca2016690] Nette\DI\DependencyChecker::calculateHash(array(93)[0x7f8ca20166f0], array(48)[0x7f8ca2016700]) /home/renekl/workspace/.../libs/Nette/DI/DependencyChecker.php:111 
[0x7f8ca2016270] Nette\DI\DependencyChecker->export() /home/renekl/workspace/.../libs/Nette/DI/DependencyChecker.php:69 
[0x7f8ca20161f0] Nette\DI\Compiler->exportDependencies() /home/renekl/workspace/.../libs/Nette/DI/Compiler.php:143 
[0x7f8ca2015ff0] Nette\DI\ContainerLoader->generate("Container_1214851de2", array(2)[0x7f8ca2016060]) /home/renekl/workspace/.../libs/Nette/DI/ContainerLoader.php:122 
[0x7f8ca2015ae0] Nette\DI\ContainerLoader->loadFile("Container_1214851de2", array(2)[0x7f8ca2015b50]) /home/renekl/workspace/.../libs/Nette/DI/ContainerLoader.php:82 
[0x7f8ca2015970] Nette\DI\ContainerLoader->load(array(2)[0x7f8ca20159d0], array(3)[0x7f8ca20159e0]) /home/renekl/workspace/.../libs/Nette/DI/ContainerLoader.php:47 
[0x7f8ca20157e0] Nette\Configurator->loadContainer() /home/renekl/workspace/.../libs/Nette/Bootstrap/Configurator.php:238 
[0x7f8ca2015660] Nette\Configurator->createContainer() /home/renekl/workspace/.../libs/Nette/Bootstrap/Configurator.php:213 
[0x7f8ca2015250] (main) /home/renekl/workspace/.../app/bootstrap.php:44 
[0x7f8ca2015030] (main) /home/renekl/workspace/.../www/index.php:33
 [2016-07-26 03:37 UTC] laruence@php.net
-Status: Open +Status: Feedback
 [2016-07-26 03:37 UTC] laruence@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.


 [2016-07-26 12:45 UTC] rene at renekliment dot cz
-Status: Feedback +Status: Open
 [2016-07-26 12:45 UTC] rene at renekliment dot cz
So I've been able to solve the thing - probably by updating other outdated libraries. The question is however: Should PHP crash like this? If you need me to provide you with details to investigate this, tell me. Otherwise you can close this - I don't care for it anymore.
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC