php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73170 Segmentation Fault in solr_pcre_replace_into_buffer() at solr_functions_helpers.
Submitted: 2016-09-26 07:03 UTC Modified: 2016-09-26 08:51 UTC
Votes:4
Avg. Score:5.0 ± 0.0
Reproduced:4 of 4 (100.0%)
Same Version:3 (75.0%)
Same OS:3 (75.0%)
From: rimittal44 at gmail dot com Assigned:
Status: Open Package: solr (PECL)
PHP Version: 7.0.11 OS: Debian
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: rimittal44 at gmail dot com
New email:
PHP Version: OS:

 

 [2016-09-26 07:03 UTC] rimittal44 at gmail dot com
Description:
------------
I am using the latest Solr Client from (https://github.com/php/pecl-search_engine-solr/tree/master) which is raising segmentation fault arbitrarily. 

Below is the dump created by gdb.


#0  solr_pcre_replace_into_buffer (buffer=buffer@entry=0x7ffebab89a30, search=search@entry=0x7f72d03bfd56 "/a\\:([0-9]+):{s/i", 
    replace=replace@entry=0x7f72d03bfd3e "O:10:\"SolrObject\":\\1:{s") at /home/foodie/pecl-search_engine-solr/src/php7/solr_functions_helpers.c:1424
1424	    solr_string_set_ex(buffer, (solr_char_t *)result->val, (size_t)result->len);
(gdb) 
(gdb) 
(gdb) bt
#0  solr_pcre_replace_into_buffer (buffer=buffer@entry=0x7ffebab89a30, search=search@entry=0x7f72d03bfd56 "/a\\:([0-9]+):{s/i", 
    replace=replace@entry=0x7f72d03bfd3e "O:10:\"SolrObject\":\\1:{s") at /home/foodie/pecl-search_engine-solr/src/php7/solr_functions_helpers.c:1424
#1  0x00007f72d03b8d03 in solr_sarray_to_sobject (buffer=buffer@entry=0x7ffebab89a30) at /home/foodie/pecl-search_engine-solr/src/php7/solr_functions_helpers.c:1437
#2  0x00007f72d03af301 in solr_response_get_response_impl (execute_data=0x7f72e2214bd0, return_value=0x7f72e2214ba0, return_array=0)
    at /home/foodie/pecl-search_engine-solr/src/php7/php_solr_response.c:276
#3  0x00007f72e493c66a in dtrace_execute_internal () from /usr/lib/apache2/modules/libphp7.0.so
#4  0x00007f72e49d12c0 in ?? () from /usr/lib/apache2/modules/libphp7.0.so
#5  0x00007f72e498c87b in execute_ex () from /usr/lib/apache2/modules/libphp7.0.so
#6  0x00007f72e493c4f8 in dtrace_execute_ex () from /usr/lib/apache2/modules/libphp7.0.so
#7  0x00007f72d360002b in nr_php_execute_enabled () at /home/hudson/slave-workspace/workspace/php-release-agent/label/centos5-64-nrcamp/agent/php_execute.c:1177
#8  0x00007f72d3600662 in nr_php_execute () at /home/hudson/slave-workspace/workspace/php-release-agent/label/centos5-64-nrcamp/agent/php_execute.c:1287
#9  0x00007f72e49d13fd in ?? () from /usr/lib/apache2/modules/libphp7.0.so
#10 0x00007f72e498c87b in execute_ex () from /usr/lib/apache2/modules/libphp7.0.so
#11 0x00007f72e493c4f8 in dtrace_execute_ex () from /usr/lib/apache2/modules/libphp7.0.so
#12 0x00007f72d360002b in nr_php_execute_enabled () at /home/hudson/slave-workspace/workspace/php-release-agent/label/centos5-64-nrcamp/agent/php_execute.c:1177
#13 0x00007f72d3600662 in nr_php_execute () at /home/hudson/slave-workspace/workspace/php-release-agent/label/centos5-64-nrcamp/agent/php_execute.c:1287
#14 0x00007f72e49d13fd in ?? () from /usr/lib/apache2/modules/libphp7.0.so
#15 0x00007f72e498c87b in execute_ex () from /usr/lib/apache2/modules/libphp7.0.so
#16 0x00007f72e493c4f8 in dtrace_execute_ex () from /usr/lib/apache2/modules/libphp7.0.so
#17 0x00007f72d360016a in nr_php_execute_file () at /home/hudson/slave-workspace/workspace/php-release-agent/label/centos5-64-nrcamp/agent/php_execute.c:837
#18 nr_php_execute_enabled () at /home/hudson/slave-workspace/workspace/php-release-agent/label/centos5-64-nrcamp/agent/php_execute.c:1059
#19 0x00007f72d3600662 in nr_php_execute () at /home/hudson/slave-workspace/workspace/php-release-agent/label/centos5-64-nrcamp/agent/php_execute.c:1287
#20 0x00007f72e49dde8c in ?? () from /usr/lib/apache2/modules/libphp7.0.so
#21 0x00007f72e498c87b in execute_ex () from /usr/lib/apache2/modules/libphp7.0.so
#22 0x00007f72e493c4f8 in dtrace_execute_ex () from /usr/lib/apache2/modules/libphp7.0.so
#23 0x00007f72d360016a in nr_php_execute_file () at /home/hudson/slave-workspace/workspace/php-release-agent/label/centos5-64-nrcamp/agent/php_execute.c:837
#24 nr_php_execute_enabled () at /home/hudson/slave-workspace/workspace/php-release-agent/label/centos5-64-nrcamp/agent/php_execute.c:1059
#25 0x00007f72d3600662 in nr_php_execute () at /home/hudson/slave-workspace/workspace/php-release-agent/label/centos5-64-nrcamp/agent/php_execute.c:1287
#26 0x00007f72e49dd20c in ?? () from /usr/lib/apache2/modules/libphp7.0.so
#27 0x00007f72e498c87b in execute_ex () from /usr/lib/apache2/modules/libphp7.0.so
#28 0x00007f72e493c4f8 in dtrace_execute_ex () from /usr/lib/apache2/modules/libphp7.0.so
#29 0x00007f72d360016a in nr_php_execute_file () at /home/hudson/slave-workspace/workspace/php-release-agent/label/centos5-64-nrcamp/agent/php_execute.c:837
#30 nr_php_execute_enabled () at /home/hudson/slave-workspace/workspace/php-release-agent/label/centos5-64-nrcamp/agent/php_execute.c:1059
#31 0x00007f72d3600662 in nr_php_execute () at /home/hudson/slave-workspace/workspace/php-release-agent/label/centos5-64-nrcamp/agent/php_execute.c:1287
#32 0x00007f72e49e0ec7 in zend_execute () from /usr/lib/apache2/modules/libphp7.0.so
#33 0x00007f72e494c983 in zend_execute_scripts () from /usr/lib/apache2/modules/libphp7.0.so
#34 0x00007f72e48ed200 in php_execute_script () from /usr/lib/apache2/modules/libphp7.0.so
#35 0x00007f72e49e284a in ?? () from /usr/lib/apache2/modules/libphp7.0.so
#36 0x00007f72e94032a0 in ap_run_handler (r=r@entry=0x7f72e92a9bf8) at config.c:169
#37 0x00007f72e94037e9 in ap_invoke_handler (r=r@entry=0x7f72e92a9bf8) at config.c:433
#38 0x00007f72e9418fec in ap_internal_redirect (new_uri=<optimized out>, r=<optimized out>) at http_request.c:648
#39 0x00007f72e2fc2ea2 in handler_redirect (r=0x7f72e927b4e0) at mod_rewrite.c:5106
#40 0x00007f72e94032a0 in ap_run_handler (r=r@entry=0x7f72e927b4e0) at config.c:169
#41 0x00007f72e94037e9 in ap_invoke_handler (r=r@entry=0x7f72e927b4e0) at config.c:433
#42 0x00007f72e9418fec in ap_internal_redirect (new_uri=<optimized out>, r=<optimized out>) at http_request.c:648
#43 0x00007f72e2fc2ea2 in handler_redirect (r=0x7f72e944ad40) at mod_rewrite.c:5106
#44 0x00007f72e94032a0 in ap_run_handler (r=r@entry=0x7f72e944ad40) at config.c:169
#45 0x00007f72e94037e9 in ap_invoke_handler (r=r@entry=0x7f72e944ad40) at config.c:433
#46 0x00007f72e9418fec in ap_internal_redirect (new_uri=<optimized out>, r=<optimized out>) at http_request.c:648
#47 0x00007f72e2fc2ea2 in handler_redirect (r=0x7f72e92784c0) at mod_rewrite.c:5106
#48 0x00007f72e94032a0 in ap_run_handler (r=r@entry=0x7f72e92784c0) at config.c:169
#49 0x00007f72e94037e9 in ap_invoke_handler (r=r@entry=0x7f72e92784c0) at config.c:433
#50 0x00007f72e9418fec in ap_internal_redirect (new_uri=<optimized out>, r=<optimized out>) at http_request.c:648
---Type <return> to continue, or q <return> to quit---
#51 0x00007f72e2fc2ea2 in handler_redirect (r=0x7f72e92800a0) at mod_rewrite.c:5106
#52 0x00007f72e94032a0 in ap_run_handler (r=r@entry=0x7f72e92800a0) at config.c:169
#53 0x00007f72e94037e9 in ap_invoke_handler (r=0x7f72e92800a0) at config.c:433
#54 0x00007f72e94196c2 in ap_process_async_request (r=0x7f72e92800a0) at http_request.c:317
#55 0x00007f72e9419860 in ap_process_request (r=0x7f72e92800a0) at http_request.c:363
#56 0x00007f72e9416162 in ap_process_http_sync_connection (c=0x7f72e945e290) at http_core.c:190
#57 ap_process_http_connection (c=0x7f72e945e290) at http_core.c:231
#58 0x00007f72e940cb50 in ap_run_process_connection (c=0x7f72e945e290) at connection.c:41
#59 0x00007f72e4fed7ba in child_main (child_num_arg=-455236288) at prefork.c:704
#60 0x00007f72e4feda01 in make_child (s=0x7f72e960ade0, slot=25) at prefork.c:800
#61 0x00007f72e4fee667 in perform_idle_server_maintenance (p=<optimized out>) at prefork.c:902
#62 prefork_run (_pconf=0x7f72e9649f38 <ap_server_conf>, plog=0x7ffebab8cf0c, s=0x7ffebab8cf10) at prefork.c:1090
#63 0x00007f72e93e8e7e in ap_run_mpm (pconf=0x7f72e9638028, plog=0x7f72e9606028, s=0x7f72e960ade0) at mpm_common.c:94
#64 0x00007f72e93e23c3 in main (argc=3, argv=0x7ffebab8d1f8) at main.c:777


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-09-26 07:09 UTC] rimittal44 at gmail dot com
-Summary: Segmentation Fault SIGSEGV in solr_pcre_replace_into_buffer +Summary: Segmentation Fault in solr_pcre_replace_into_buffer() at solr_fucntions_helpers.
 [2016-09-26 07:09 UTC] rimittal44 at gmail dot com
Updated Summary line
 [2016-09-26 08:51 UTC] rimittal44 at gmail dot com
-Summary: Segmentation Fault in solr_pcre_replace_into_buffer() at solr_fucntions_helpers. +Summary: Segmentation Fault in solr_pcre_replace_into_buffer() at solr_functions_helpers.
 [2016-09-26 08:51 UTC] rimittal44 at gmail dot com
Same Issue is coming from using solr(2.4.0) stable version downloaded from https://pecl.php.net/package/solr.
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC