php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #73602 Crash on php_date
Submitted: 2016-11-24 16:29 UTC Modified: 2021-03-14 04:22 UTC
Votes:2
Avg. Score:3.5 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (50.0%)
From: fjg at digixo dot com Assigned: cmb (profile)
Status: No Feedback Package: Date/time related
PHP Version: 5.6.28 OS: Ubuntu 16.04.1 LTS
Private report: No CVE-ID: None
View Add Comment Developer Edit
Have you experienced this issue?
Rate the importance of this bug to you:

 [2016-11-24 16:29 UTC] fjg at digixo dot com 
Description:
------------
Running a production batch ends in a SIGSEGV. It just loads data from MySQL and synchronize another partner (convert to JSON... and call their API).

See traces:
$ php -v
PHP 5.6.28 (cli) (built: Nov 24 2016 10:28:04) 
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
    with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies


$ uname -a
Linux digixo4 4.4.0-34-generic #53-Ubuntu SMP Wed Jul 27 16:06:39 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:        16.04
Codename:       xenial

(gdb) bt 10
#0  format_converter (odp=odp@entry=0x7fffff7ff560, fmt=0xa24818 "%s%04lld", ap=ap@entry=0x7fffff7ff570) at /opt/arc/build/php-5.6.28/main/snprintf.c:588
#1  0x00000000008f3fab in strx_printv (ap=0x7fffff7ff570, format=0xa24818 "%s%04lld", len=32, buf=0x7fffff7ff6e0 "7\004\067X", ccp=<synthetic pointer>) at /opt/arc/build/php-5.6.28/main/snprintf.c:1230
#2  ap_php_slprintf (buf=buf@entry=0x7fffff7ff6e0 "7\004\067X", len=len@entry=32, format=format@entry=0xa24818 "%s%04lld") at /opt/arc/build/php-5.6.28/main/snprintf.c:1246
#3  0x000000000044585a in date_format (format=format@entry=0x7fffe3ffa898 "Y-m-d", format_len=format_len@entry=5, t=t@entry=0x1db594a0, localtime=localtime@entry=1) at /opt/arc/build/php-5.6.28/ext/date/php_date.c:1134
#4  0x000000000044dc0a in php_format_date (format=0x7fffe3ffa898 "Y-m-d", format_len=5, ts=1480000567, localtime=localtime@entry=1) at /opt/arc/build/php-5.6.28/ext/date/php_date.c:1263
#5  0x000000000044e4e8 in php_date (return_value_ptr=<optimized out>, this_ptr=<optimized out>, return_value_used=<optimized out>, localtime=1, return_value=0x2db57290, ht=1) at /opt/arc/build/php-5.6.28/ext/date/php_date.c:1239
#6  zif_date (ht=1, return_value=0x2db57290, return_value_ptr=<optimized out>, this_ptr=<optimized out>, return_value_used=<optimized out>) at /opt/arc/build/php-5.6.28/ext/date/php_date.c:1370
#7  0x0000000000a1878f in zend_do_fcall_common_helper_SPEC (execute_data=<optimized out>) at /opt/arc/build/php-5.6.28/Zend/zend_vm_execute.h:558
#8  0x00000000009a1330 in execute_ex (execute_data=0x2daf59a8) at /opt/arc/build/php-5.6.28/Zend/zend_vm_execute.h:363
#9  0x00007fffe82bfade in nr_php_execute_enabled () at /home/hudson/slave-workspace/workspace/php-release-agent/label/centos5-64-nrcamp/agent/php_execute.c:1167
(More stack frames follow...)


#0  format_converter (odp=odp@entry=0x7fffff7ff560, fmt=0xa24818 "%s%04lld", ap=ap@entry=0x7fffff7ff570) at /opt/arc/build/php-5.6.28/main/snprintf.c:588
        sp = <optimized out>
        bep = <optimized out>
        cc = <optimized out>
        i = <optimized out>
        s = <optimized out>
        s_len = <error reading variable s_len (Cannot access memory at address 0x7fffff7fecd4)>
        free_zcopy = <error reading variable free_zcopy (Cannot access memory at address 0x7fffff7fecd8)>
        zvp = <optimized out>
        zcopy = <error reading variable zcopy (Cannot access memory at address 0x7fffff7fece0)>
        min_width = <optimized out>
        precision = <optimized out>
        adjust = <optimized out>
        pad_char = <optimized out>
        prefix_char = <optimized out>
        fp_num = <optimized out>
        i_num = <optimized out>
        ui_num = <optimized out>
        num_buf = <error reading variable num_buf (Cannot access memory at address 0x7fffff7fed10)>
        char_buf = <error reading variable char_buf (Cannot access memory at address 0x7fffff7fed00)>
        lconv = <optimized out>
        modifier = <optimized out>
        alternate_form = <optimized out>
        print_sign = <optimized out>
        print_blank = <optimized out>
        adjust_precision = <optimized out>
        adjust_width = <optimized out>
        is_negative = <error reading variable is_negative (Cannot access memory at address 0x7fffff7fecdc)>
#1  0x00000000008f3fab in strx_printv (ap=0x7fffff7ff570, format=0xa24818 "%s%04lld", len=32, buf=0x7fffff7ff6e0 "7\004\067X", ccp=<synthetic pointer>) at /opt/arc/build/php-5.6.28/main/snprintf.c:1230
        od = {buf_end = 0x7fffff7ff6ff "", nextb = 0x7fffff7ff6e0 "7\004\067X"}
        cc = <optimized out>
#2  ap_php_slprintf (buf=buf@entry=0x7fffff7ff6e0 "7\004\067X", len=len@entry=32, format=format@entry=0xa24818 "%s%04lld") at /opt/arc/build/php-5.6.28/main/snprintf.c:1246
        cc = <optimized out>
        ap = <error reading variable ap (Attempt to dereference a generic pointer.)>
#3  0x000000000044585a in date_format (format=format@entry=0x7fffe3ffa898 "Y-m-d", format_len=format_len@entry=5, t=t@entry=0x1db594a0, localtime=localtime@entry=1) at /opt/arc/build/php-5.6.28/ext/date/php_date.c:1134
        string = {c = 0x0, len = 0, a = 0}
        i = 0
        length = 0
        buffer = "7\004\067X\000\000\000\000\220\245\206\001\000\000\000\000\020\177\203\001\000\000\000\000\067\004\067X\000\000\000\000`\360.\001\000\000\000\000\214\231I\363\377\177\000\000\341}\203\001\000\000\000\000\240\224\265\035\000\000\000\000\000\002\205\001\000\000\000\000\220\245\206\001\000\000\000\000\067\004\067X\000\000\000\000\240\224\265\035\000\000\000\000\067"
        offset = <optimized out>
        isoweek = 1480000567
        isoyear = 498439328
        rfc_colon = 0
        weekYearSet = 0
#4  0x000000000044dc0a in php_format_date (format=0x7fffe3ffa898 "Y-m-d", format_len=5, ts=1480000567, localtime=localtime@entry=1) at /opt/arc/build/php-5.6.28/ext/date/php_date.c:1263
        t = 0x1db594a0
        tzi = <optimized out>
        string = <optimized out>
#5  0x000000000044e4e8 in php_date (return_value_ptr=<optimized out>, this_ptr=<optimized out>, return_value_used=<optimized out>, localtime=1, return_value=0x2db57290, ht=1) at /opt/arc/build/php-5.6.28/ext/date/php_date.c:1239
        format = 0x7fffe3ffa898 "Y-m-d"
        format_len = 5
        ts = 1480000567
        string = <optimized out>
#6  zif_date (ht=1, return_value=0x2db57290, return_value_ptr=<optimized out>, this_ptr=<optimized out>, return_value_used=<optimized out>) at /opt/arc/build/php-5.6.28/ext/date/php_date.c:1370
No locals.
#7  0x0000000000a1878f in zend_do_fcall_common_helper_SPEC (execute_data=<optimized out>) at /opt/arc/build/php-5.6.28/Zend/zend_vm_execute.h:558
        ret = 0x2daf5988
        opline = <optimized out>
        should_change_scope = 0 '\000'
        fbc = 0x133a9b0
        num_args = 1
#8  0x00000000009a1330 in execute_ex (execute_data=0x2daf59a8) at /opt/arc/build/php-5.6.28/Zend/zend_vm_execute.h:363
        ret = <optimized out>
        original_in_execution = 1 '\001'
#9  0x00007fffe82bfade in nr_php_execute_enabled () at /home/hudson/slave-workspace/workspace/php-release-agent/label/centos5-64-nrcamp/agent/php_execute.c:1167

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-08-23 16:04 UTC] kalle@php.net
-Package: Unknown/Other Function +Package: Date/time related
 [2021-03-04 13:53 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2021-03-04 13:53 UTC] cmb@php.net 
Do you still experience these segfaults with any of the actively
supported PHP versions[1]?

[1] <https://www.php.net/supported-versions.php
 [2021-03-14 04:22 UTC] php-bugs at lists dot php dot net 
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 22:01:28 2024 UTC