php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #73114 php segfault probably because OpenBSD wx implementation
Submitted: 2016-09-19 15:09 UTC Modified: 2016-11-13 14:39 UTC
Votes:2
Avg. Score:3.5 ± 1.5
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: martin dot larsson2 at gmail dot com Assigned: cmb (profile)
Status: Closed Package: PCRE related
PHP Version: 7.0.11 OS: OpenBSD
Private report: No CVE-ID: None
 [2016-09-19 15:09 UTC] martin dot larsson2 at gmail dot com
Description:
------------
# php-7.0 broke.php                                                                                                                                        
Abort trap (core dumped) 
# 

php segfault probably becouse of OpenBSD wx implementation, must stuff seem to work but preg_replace segfaults php.                                                                                                                                         


Test script:
---------------
<?php
$string = 'April 15, 2003';
$pattern = '/(\w+) (\d+), (\d+)/i';
$replacement = '${1}1,$3';
echo preg_replace($pattern, $replacement, $string);
?>


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-09-19 15:38 UTC] cmb@php.net
-Status: Open +Status: Feedback -Package: Reproducible crash +Package: PCRE related -Assigned To: +Assigned To: cmb
 [2016-09-19 15:38 UTC] cmb@php.net
What's your setting of pcre.jit? If it's 1, please set to 0 and
try again.

Also it would be helpful to know which version of libpcre you're
using.
 [2016-09-19 17:03 UTC] martin dot larsson2 at gmail dot com
-Status: Feedback +Status: Assigned
 [2016-09-19 17:03 UTC] martin dot larsson2 at gmail dot com
pcre-8.38p0 is the version installed.

and yes it works if I use pcre.jit=0
 [2016-09-19 17:49 UTC] cmb@php.net
Thanks. I'll have a closer look at the issue.
 [2016-09-19 17:56 UTC] martin dot larsson2 at gmail dot com
I just checked dmesg, and it says
php-7.0(10468): mmap W^X violation

just to be clear :)
 [2016-11-09 15:10 UTC] ab@php.net
-Status: Assigned +Status: Feedback
 [2016-11-09 15:10 UTC] ab@php.net
@martin dot larsson2 at gmail dot com, could you check bug #72281 please? Seems it's same issue.

thanks.
 [2016-11-09 20:00 UTC] martin dot larsson2 at gmail dot com
-Status: Feedback +Status: Assigned
 [2016-11-09 20:00 UTC] martin dot larsson2 at gmail dot com
ehm, I don't know sorry. Thought https://bugs.php.net/bug.php?id=72281 was a compilation error?
 [2016-11-09 20:13 UTC] cmb@php.net
> Thought https://bugs.php.net/bug.php?id=72281 was a compilation error?

No. Actually it appears to be the very same issue:

 * this ticket: mmap W^X violation
 * the other ticket: it does not allow mapping pages both writable and
   executable

Martin, could you please check whether the patch attached to the other
ticket would solve the issue for you?
 [2016-11-11 14:05 UTC] martin dot larsson2 at gmail dot com
php doesnt compile for me at all, I use the package.

I get wx violation just trying to compile it, and that netbsd patch use some paxctl which openbsd doesnt have.
 [2016-11-11 16:40 UTC] cmb@php.net
Ah, I see, thanks! Please try to build with:

  CFLAGS="-fpie -pie" ./configure …

Cf. <https://www.openbsd.org/papers/asiabsdcon2015-pie-slides.pdf>.
 [2016-11-11 17:39 UTC] martin dot larsson2 at gmail dot com
same error with CFLAGS="-fpie -pie" ./configure

here is paste http://pastebin.ca/3738078
 [2016-11-11 18:11 UTC] cmb@php.net
-Summary: php segfault probably becouse OpenBSD wx implementation +Summary: php segfault probably because OpenBSD wx implementation
 [2016-11-11 18:11 UTC] cmb@php.net
Thanks! I've found an article[1] which includes the commit message
regarding the W^X violation protection. It seems to me that for now you
have to use the "wxallowed" mount option. Alternatively, building PHP
without PCRE JIT support (--without-pcre-jit) should also work (assuming
that this is indeed the only part that uses W|X mmap).

[1] <http://undeadly.org/cgi?action=article&sid=20160527203200>
 [2016-11-11 18:20 UTC] martin dot larsson2 at gmail dot com
yes it works without that, but that we knew from the beginning right?:)

anyways if you want login to my openbsd vm feel free to mail
 [2016-11-11 18:46 UTC] cmb@php.net
> anyways if you want login to my openbsd vm feel free to mail

Thanks for the offer, but that wouldn't help, unfortunately. I've just
found a closely related bug report on the PCRE bug tracker[1] which
makes it clear that the issue would have to be resolved there. However,
that appears to be non-trivial, if possible at all. :-(

I've just emailed the internals mailing list[2] – maybe somebody else
has a solution.

[1] <https://bugs.exim.org/show_bug.cgi?id=1749>
[2] <http://news.php.net/php.internals/96837>
 [2016-11-13 14:35 UTC] cmb@php.net
Automatic comment from SVN on behalf of cmb
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=340988
Log: Document W^X/PaX MPROTECT issues

Fix #72281: PaX MPROTECT breaks php
Fix #73114: php segfault probably because OpenBSD wx implementation
 [2016-11-13 14:38 UTC] cmb@php.net
-Status: Assigned +Status: Closed
 [2016-11-13 14:38 UTC] cmb@php.net
We have decided that this is not an issue that PHP should try to
solve, but rather to document the problem and possible solutions.
 [2016-11-13 14:39 UTC] cmb@php.net
-Type: Bug +Type: Documentation Problem
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat Oct 19 09:01:26 2019 UTC