php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73168 segfault on creating array
Submitted: 2016-09-25 14:53 UTC Modified: 2016-09-26 06:38 UTC
From: ryan dot brothers at gmail dot com Assigned:
Status: Duplicate Package: opcache
PHP Version: 7.1.0RC2 OS: Linux
Private report: No CVE-ID: None
 [2016-09-25 14:53 UTC] ryan dot brothers at gmail dot com
Description:
------------
This might be the same underlying issue as what I reported in bug 73156, but the backtrace was different, so I wanted to submit it separately if it's a different issue.

I am getting a segmentation fault on the below code in PHP 7.0 and 7.1 when using Opcache.  I am running on CentOS 7.  The segfault occurs when the array is created in file4.php.


Test script:
---------------
Please download and unzip the below link:

https://drive.google.com/uc?export=download&id=0B37DKbJklxg_VUZxNXlaeHJqYmM

and then run:

php -n -d zend_extension=opcache.so -d opcache.enable_cli=1 file1.php


Expected result:
----------------
No output


Actual result:
--------------
Segmentation fault

backtrace is:
Program received signal SIGSEGV, Segmentation fault.
zend_mm_alloc_small (size=<optimized out>, bin_num=6, heap=0x7fffee200040) at /usr/local/src/php-7.1.0RC2/Zend/zend_alloc.c:1250
1250                    heap->free_slot[bin_num] = p->next_free_slot;
(gdb) bt
#0  zend_mm_alloc_small (size=<optimized out>, bin_num=6, heap=0x7fffee200040) at /usr/local/src/php-7.1.0RC2/Zend/zend_alloc.c:1250
#1  zend_mm_alloc_heap (size=140737488330160, heap=0x7fffee200040) at /usr/local/src/php-7.1.0RC2/Zend/zend_alloc.c:1321
#2  _emalloc (size=size@entry=56) at /usr/local/src/php-7.1.0RC2/Zend/zend_alloc.c:2406
#3  0x000000000081fbe8 in zend_string_alloc (persistent=0, len=27) at /usr/local/src/php-7.1.0RC2/Zend/zend_string.h:122
#4  zend_string_init (persistent=0, len=27, str=0x7ffff7f85b0a "abcabcabcabcabcabcabcabcabc',\n      ),\n    ),\n  ),\n);\n")
    at /usr/local/src/php-7.1.0RC2/Zend/zend_string.h:158
#5  lex_scan (zendlval=zendlval@entry=0x7fffffff9d50) at Zend/zend_language_scanner.l:1990
#6  0x0000000000833beb in zendlex (elem=elem@entry=0x7fffffff9e10) at /usr/local/src/php-7.1.0RC2/Zend/zend_compile.c:1703
#7  0x00000000008175fe in zendparse () at /usr/local/src/php-7.1.0RC2/Zend/zend_language_parser.c:4214
#8  0x0000000000819f07 in zend_compile (type=type@entry=2) at Zend/zend_language_scanner.l:585
#9  0x000000000081b383 in compile_file (file_handle=0x7fffffffac30, type=8) at Zend/zend_language_scanner.l:633
#10 0x00000000006aef10 in phar_compile_file (file_handle=<optimized out>, type=<optimized out>)
    at /usr/local/src/php-7.1.0RC2/ext/phar/phar.c:3305
#11 0x00007fffe7a81e1c in opcache_compile_file (file_handle=file_handle@entry=0x7fffffffac30, type=type@entry=8,
    op_array_p=op_array_p@entry=0x7fffffffab48, key=<optimized out>) at /usr/local/src/php-7.1.0RC2/ext/opcache/ZendAccelerator.c:1513
#12 0x00007fffe7a83b6b in persistent_compile_file (file_handle=0x7fffffffac30, type=8)
    at /usr/local/src/php-7.1.0RC2/ext/opcache/ZendAccelerator.c:1832
#13 0x000000000081b475 in compile_filename (type=type@entry=8, filename=filename@entry=0x7fffd4786c40) at Zend/zend_language_scanner.l:660
#14 0x00000000008afb5a in zend_include_or_eval (inc_filename=0x7fffd4786c40, type=8) at /usr/local/src/php-7.1.0RC2/Zend/zend_execute.c:2835
#15 0x00000000008e4a81 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER () at /usr/local/src/php-7.1.0RC2/Zend/zend_vm_execute.h:3385
#16 0x0000000000896fbb in execute_ex (ex=<optimized out>) at /usr/local/src/php-7.1.0RC2/Zend/zend_vm_execute.h:429
#17 0x00000000008e9bf4 in zend_execute (op_array=0x7fffee281380, op_array@entry=0x7fffd4786d00,
    return_value=return_value@entry=0x7fffee213030) at /usr/local/src/php-7.1.0RC2/Zend/zend_vm_execute.h:474
#18 0x0000000000852874 in zend_execute_scripts (type=type@entry=8, retval=0x7fffee213030, retval@entry=0x0, file_count=file_count@entry=2)
    at /usr/local/src/php-7.1.0RC2/Zend/zend.c:1464
#19 0x00000000007f45ab in php_execute_script (primary_file=primary_file@entry=0x7fffffffd1b0) at /usr/local/src/php-7.1.0RC2/main/main.c:2530
#20 0x00000000008ebd8f in do_cli (argc=2, argv=0x11fdbd0) at /usr/local/src/php-7.1.0RC2/sapi/cli/php_cli.c:990
#21 0x000000000044dd50 in main (argc=2, argv=0x11fdbd0) at /usr/local/src/php-7.1.0RC2/sapi/cli/php_cli.c:1378


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-09-26 06:38 UTC] laruence@php.net
-Status: Open +Status: Duplicate
 [2016-09-26 06:38 UTC] laruence@php.net
dup to #73156
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC