php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72672 lzf_compress
Submitted: 2016-07-25 22:42 UTC Modified: 2017-06-11 04:22 UTC
Votes:5
Avg. Score:3.8 ± 1.6
Reproduced:1 of 3 (33.3%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: robbie dot grigg at gmail dot com Assigned: remi (profile)
Status: No Feedback Package: lzf (PECL)
PHP Version: 7.0.9 OS: Windows 10
Private report: No CVE-ID: None
 [2016-07-25 22:42 UTC] robbie dot grigg at gmail dot com
Description:
------------
Segmentation fault when using lzf_compress(...).
Windows x86 version (using XAMPP) - tried both 1.6.5 and 1.6.4 both Thread Safe and Non-Thread Safe and the same problem occurs.

When running in the php debugger the script runs fine:
[Welcome to phpdbg, the interactive PHP debugger, v0.5.0]
To get help using phpdbg type "help" and press enter
[Please report bugs to <http://bugs.php.net/report.php>]
[Successful compilation of C:\xampp\htdocs\test1.php]
prompt> run
yay
hello there is  a test long stri to compress fred
[Script ended normally]

Test script:
---------------
<?php
$fred = 'hello there this is a test long string to compress fred';
echo function_exists('lzf_compress') ? 'yay' : 'nay';
echo lzf_compress($fred);
?>

Expected result:
----------------
yay
hello there is  a test long stri to compress fred

Actual result:
--------------
<<<<BACKTRACE SESSION>>>>
GNU gdb (GDB) 7.8
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-cygwin".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from C:\xampp\apache\bin\httpd.exe...(no debugging symbols found)...done.
(gdb) run -X
Starting program: /cygdrive/c/xampp/apache/bin/httpd.exe -X
[New Thread 8148.0x226c]
warning: `/cygdrive/c/WINDOWS/SYSTEM32/ntdll.dll': Shared library architecture i386:x86-64 is not compatible with target architecture i386.
warning: `/cygdrive/c/WINDOWS/system32/wow64.dll': Shared library architecture i386:x86-64 is not compatible with target architecture i386.
warning: `/cygdrive/c/WINDOWS/system32/wow64win.dll': Shared library architecture i386:x86-64 is not compatible with target architecture i386.
dll path too long
dll path too long
dll path too long
dll path too long
warning: `/cygdrive/c/WINDOWS/system32/wow64cpu.dll': Shared library architecture i386:x86-64 is not compatible with target architecture i386.
[New Thread 8148.0x7ec]
[New Thread 8148.0x8f4]
[New Thread 8148.0x20a4]
[Tue Jul 26 00:29:58.791477 2016] [core:trace3] [pid 8148:tid 524] core.c(3134): Setting LogLevel for all modules to trace8
[New Thread 8148.0xbdc]
[New Thread 8148.0x17ac]
[New Thread 8148.0x320]
[New Thread 8148.0xd84]
[New Thread 8148.0x1d84]
[New Thread 8148.0xdc0]
[New Thread 8148.0x2f0]
[New Thread 8148.0xbc8]
[New Thread 8148.0x2278]
[New Thread 8148.0x21d4]
[New Thread 8148.0x22ac]
[New Thread 8148.0x1eb8]
[New Thread 8148.0x19e0]
[New Thread 8148.0x1de8]
[New Thread 8148.0x408]
[New Thread 8148.0x2190]
[New Thread 8148.0x1ad0]
[New Thread 8148.0x44c]
[New Thread 8148.0x174]
[New Thread 8148.0x1d28]
[New Thread 8148.0x1c80]
[New Thread 8148.0x1e28]
[New Thread 8148.0x20d4]
[New Thread 8148.0x1798]
[New Thread 8148.0x100c]
[New Thread 8148.0x3f4]
[New Thread 8148.0x1c74]
[New Thread 8148.0x84c]
[New Thread 8148.0xf94]
[New Thread 8148.0x2028]
[New Thread 8148.0x1538]
[New Thread 8148.0x14a4]
[New Thread 8148.0x1058]
[New Thread 8148.0x229c]
[New Thread 8148.0x20f8]
[New Thread 8148.0x1568]
[New Thread 8148.0x1a78]
[New Thread 8148.0x928]
[New Thread 8148.0x1700]
[New Thread 8148.0x156c]
[New Thread 8148.0xcf0]
[New Thread 8148.0x19d4]
[New Thread 8148.0x1618]
[New Thread 8148.0x1e08]
[New Thread 8148.0x1594]
[New Thread 8148.0x440]
[New Thread 8148.0x2060]
[New Thread 8148.0x132c]
[New Thread 8148.0x1934]
[New Thread 8148.0x354]
[New Thread 8148.0x1e04]
[New Thread 8148.0x1a40]
[New Thread 8148.0x554]
[New Thread 8148.0x158c]
[New Thread 8148.0x16f8]
[New Thread 8148.0x1ef4]
[New Thread 8148.0x2184]
[New Thread 8148.0xfec]
[New Thread 8148.0x155c]
[New Thread 8148.0x22b8]
[New Thread 8148.0xea0]
[New Thread 8148.0x1ae4]
[New Thread 8148.0x404]
[New Thread 8148.0x11c4]
[New Thread 8148.0x2090]
[New Thread 8148.0xf24]
[New Thread 8148.0x2290]
[New Thread 8148.0x1d6c]
[New Thread 8148.0x1ef8]
[New Thread 8148.0x2234]
[New Thread 8148.0x161c]
[New Thread 8148.0x2158]
[New Thread 8148.0x1aa0]
[New Thread 8148.0x12a4]
[New Thread 8148.0x2020]
[New Thread 8148.0x40c]
[New Thread 8148.0x1b04]
[New Thread 8148.0x13cc]
[New Thread 8148.0x1268]
[New Thread 8148.0x50c]
[New Thread 8148.0x1a80]
[New Thread 8148.0x20ec]
[New Thread 8148.0x199c]
[New Thread 8148.0x908]
[New Thread 8148.0x192c]
[New Thread 8148.0x1908]
[New Thread 8148.0xe20]
[New Thread 8148.0x1424]
[New Thread 8148.0x1484]
[New Thread 8148.0x15bc]
[New Thread 8148.0xa64]
[New Thread 8148.0x1f80]
[New Thread 8148.0x12ec]
[New Thread 8148.0x1eac]
[New Thread 8148.0x3c8]
[New Thread 8148.0x1974]
[New Thread 8148.0xd2c]
[New Thread 8148.0x77c]
[New Thread 8148.0x217c]
[New Thread 8148.0x1cdc]
[New Thread 8148.0x1f88]
[New Thread 8148.0xa50]
[New Thread 8148.0x640]
[New Thread 8148.0x714]
[New Thread 8148.0x708]
[New Thread 8148.0xa28]
[New Thread 8148.0x1e1c]
[New Thread 8148.0x22f0]
[New Thread 8148.0x214c]
[New Thread 8148.0x694]
[New Thread 8148.0x8d0]
[New Thread 8148.0x248]
[New Thread 8148.0x8fc]
[New Thread 8148.0x948]
[New Thread 8148.0x7f8]
[New Thread 8148.0x2084]
[New Thread 8148.0xab0]
[New Thread 8148.0x1c04]
[New Thread 8148.0x828]
[New Thread 8148.0x17f8]
[New Thread 8148.0xbfc]
[New Thread 8148.0x21c0]
[New Thread 8148.0x1b60]
[New Thread 8148.0x1748]
[New Thread 8148.0xc90]
[New Thread 8148.0xad8]
[New Thread 8148.0x718]
[New Thread 8148.0x1110]
[New Thread 8148.0x144c]
[New Thread 8148.0x19a0]
[New Thread 8148.0x1248]
[New Thread 8148.0x1c54]
[New Thread 8148.0x430]
[New Thread 8148.0x10cc]
[New Thread 8148.0x1290]
[New Thread 8148.0x1c1c]
[New Thread 8148.0x284]
[New Thread 8148.0xd00]
[New Thread 8148.0x19bc]
[New Thread 8148.0x1dc8]
[New Thread 8148.0x1d70]
[New Thread 8148.0x11d4]
[New Thread 8148.0x1374]
[New Thread 8148.0x1c60]
[New Thread 8148.0x1e80]
[New Thread 8148.0x140c]
[New Thread 8148.0x1a9c]
[New Thread 8148.0x1e54]
[New Thread 8148.0x5dc]
[New Thread 8148.0xe0c]
[New Thread 8148.0x130c]
[New Thread 8148.0xc88]
[New Thread 8148.0xee8]
[New Thread 8148.0x2070]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 8148.0x5dc]
0x0000002b in ?? ()
(gdb) bt
#0  0x0000002b in ?? ()
#1  0x8b08ec83 in ?? ()
#2  0xc70c2444 in ?? ()
#3  0x00042444 in ?? ()
#4  0x83000000 in ?? ()
#5  0x0f011c78 in ?? ()
#6  0x0000da85 in ?? ()
#7  0x24048d00 in ?? ()
#8  0x24448d50 in ?? ()
#9  0x80685008 in ?? ()
#10 0x6a6a4a32 in ?? () from /cygdrive/c/xampp/php/ext/php_mbstring.dll
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-07-26 06:19 UTC] ab@php.net
Thanks for the report. Please post a backtrace made with Visual Studio or DebugDiag, GDB backtraces are unusable in this case.

Thanks.
 [2016-07-26 07:25 UTC] robbie dot grigg at gmail dot com
Using Visual Studio it breaks on:
>	php_lzf.dll!_chkstk() Line 99	Unknown
I highlighted the line below with >>>

cs10:
        cmp     ecx, eax                ; Is new TOS
    bnd jb      short cs20              ; in probed page?
        mov     eax, ecx                ; yes.
        pop     ecx
        xchg    esp, eax                ; update esp
        mov     eax, dword ptr [eax]    ; get return address
        mov     dword ptr [esp], eax    ; and put it at new TOS
    bnd ret

; Find next lower page and probe
cs20:
        sub     eax, _PAGESIZE_         ; decrease by PAGESIZE
>>>     test    dword ptr [eax],eax     ; probe page.
        jmp     short cs10

_chkstk endp

        end
 [2016-07-26 13:10 UTC] ab@php.net
-Status: Open +Status: Feedback
 [2016-07-26 13:10 UTC] ab@php.net
_chkstk is a routine from the C runtime, i won't tell much without a context. Please show a normal backtrace, that's what I'm asking for. The official PHP builds are native VS builds, GDB won't be compatible enough. Fe here's the info how to get a backtrace with DebuDiag https://bugs.php.net/bugs-generating-backtrace-win32.php

Thanks.
 [2016-07-26 23:52 UTC] robbie dot grigg at gmail dot com
-Status: Feedback +Status: Open
 [2016-07-26 23:52 UTC] robbie dot grigg at gmail dot com
Thread 11 - System ID 11348

Entry point   libhttpd!ap_run_generate_log_id+3290 
Create time   27/07/2016 01:14:39 
Time spent in user mode   0 Days 00:00:00.015 
Time spent in kernel mode   0 Days 00:00:00.000 

This thread is not fully resolved and may or may not be a problem. Further analysis of these threads may be required.

php_lzf!_chkstk+29 
php_lzf!lzf_compress+a 
php_lzf!zif_lzf_compress+78 
php7ts!ZEND_DO_ICALL_SPEC_HANDLER+72 
php7ts!execute_ex+31 
php7ts!zend_execute+187 
php7ts!zend_execute_scripts+106 
php7ts!php_execute_script+3b3 
0x01170000 
php7ts!php_execute_script+c4 
libhttpd!ap_run_handler+25 
libhttpd!ap_invoke_handler+dd 
libhttpd!ap_internal_redirect_handler+1e4 
libhttpd!ap_process_request+11 
libhttpd!ap_byterange_filter+12c7 
libhttpd!ap_run_process_connection+25 
libhttpd!ap_run_generate_log_id+33ae 
kernel32!BaseThreadInitThunk+24 
ntdll!__RtlUserThreadStart+2f 
ntdll!_RtlUserThreadStart+1b 



Exception Information


PHP_LZF!_CHKSTK+29In httpd__PID__12952__Date__07_27_2016__Time_01_15_31AM__149__Second_Chance_Exception_C00000FD.dmp the assembly instruction at php_lzf!_chkstk+29 in C:\xampp\php\ext\php_lzf.dll from The PHP Group has caused a stack overflow exception (0xC00000FD) when trying to read from memory location 0x038d2000 on thread 11




Module Information 

Image Name: C:\xampp\php\ext\php_lzf.dll   Symbol Type:  PDB 
Base address: 0x00905a4d   Time Stamp:  Sun Apr 03 10:15:18 2016  
Checksum: 0x00000000   Comments:  Thanks to Marcin Gibula, Remi Collet 
COM DLL: False   Company Name:  The PHP Group 
ISAPIExtension: False   File Description:  lzf extension 
ISAPIFilter: False   File Version:  7.0.3 
Managed DLL: False   Internal Name:  LZF extension 
VB DLL: False   Legal Copyright:  Copyright © 1997-2016 The PHP Group 
Loaded Image Name:  php_lzf.dll   Legal Trademarks:  PHP 
Mapped Image Name:     Original filename:  php_lzf.dll 
Module name:  php_lzf   Private Build:   
Single Threaded:  False   Product Name:  PHP 
Module Size:  28 KBytes   Product Version:  7.0.3 
Symbol File Name:  c:\xampp\php\ext\php_lzf.pdb   Special Build:  &
 [2016-07-28 08:52 UTC] ab@php.net
-Status: Open +Status: Verified
 [2016-07-28 08:52 UTC] ab@php.net
Thanks for the additional info. Looks like this is an issue in the lzf library. Valgrind is not happy as well

==54828== Conditional jump or move depends on uninitialised value(s)
==54828==    at 0xB6018F6: lzf_compress (lzf_c.c:151)
==54828==    by 0xB601636: zif_lzf_compress (lzf.c:141)


Thanks.
 [2016-10-12 13:14 UTC] robbie dot grigg at gmail dot com
Is there any update on when this might be fixed? Can I help?
 [2017-03-28 08:45 UTC] remi@php.net
Can you please try latest master, I just upgraded the bundled lib to the latest version 3.6 (but cannot reproduce the segfault on Linux, and don't have any Windows env.)
 [2017-03-28 08:46 UTC] remi@php.net
-Assigned To: +Assigned To: remi
 [2017-03-29 15:37 UTC] ab@php.net
I don't see any crash on Windows now. But the valgrind issue still present, same as in the trace I posted previously, using the code from the description. I can trigger a snapshot build, if the reporter is willing to test on Windows. But seems like the issue is present in one or another form, still.

Thanks.
 [2017-05-29 15:38 UTC] remi@php.net
Should be fixed in 1.6.6
 [2017-05-29 15:38 UTC] remi@php.net
-Status: Verified +Status: Feedback
 [2017-06-11 04:22 UTC] pecl-dev at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 [2021-11-21 16:33 UTC] shktlmnt at icloud dot com
This bug is still present on windows!
How can you make things for windows without even testing it???
And why don't you offer option to optimize compression for size, not for speed?
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 30 14:01:28 2024 UTC