PHP :: Bug #73740 :: Segmentation fault it Zend/zend_language

Bug #73740

Segmentation fault it Zend/zend_language_scanner.c:1170

Submitted:

2016-12-14 17:25 UTC

Modified:

2020-09-20 04:22 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

tom60 at op dot pl

Assigned:

cmb (profile)

Status:

No Feedback

Package:

Reproducible crash

PHP Version:

7.0.14

OS:

Debian Jessie 64 bit

Private report:

CVE-ID:

None

View Developer Edit

[2016-12-14 17:25 UTC] tom60 at op dot pl

Description:
------------
I noticed a crash after upgrading from PHP 7.0.13 to 7.0.14. I've attached a backtrace from gdb.

Actual result:
--------------
#0  lex_scan (zendlval=zendlval@entry=0x7ffe6551de00) at Zend/zend_language_scanner.c:1170
#1  0x00007fee547044fb in zendlex (elem=elem@entry=0x7ffe6551deb0) at /src/php-7.0.14/Zend/zend_compile.c:1587
#2  0x00007fee546e8953 in zendparse () at /src/php-7.0.14/Zend/zend_language_parser.c:4225
#3  0x00007fee546ec20b in compile_file (file_handle=0x7ffe6551ed40, type=<optimized out>) at Zend/zend_language_scanner.l:591
#4  0x00007fee5457ee4f in phar_compile_file (file_handle=0x7ffe6551de00, type=-319) at /src/php-7.0.14/ext/phar/phar.c:3322
#5  0x00007fee4efcf547 in opcache_compile_file (file_handle=file_handle@entry=0x7ffe6551ed40, type=type@entry=2, op_array_p=op_array_p@entry=0x7ffe6551ec58, 
    key_length=<optimized out>, key=<optimized out>) at /src/php-7.0.14/ext/opcache/ZendAccelerator.c:1494
#6  0x00007fee4efd0e5d in persistent_compile_file (file_handle=0x7ffe6551ed40, type=2) at /src/php-7.0.14/ext/opcache/ZendAccelerator.c:1851
#7  0x00007fee546ec4b6 in compile_filename (type=2, filename=filename@entry=0x7fee4e8128a0) at Zend/zend_language_scanner.l:649
#8  0x00007fee547af6a7 in ZEND_INCLUDE_OR_EVAL_SPEC_CV_HANDLER () at /src/php-7.0.14/Zend/zend_vm_execute.h:29441
#9  0x00007fee5475f91b in execute_ex (ex=<optimized out>) at /src/php-7.0.14/Zend/zend_vm_execute.h:414
#10 0x00007fee547b3427 in zend_execute (op_array=0x7fee4e865000, op_array@entry=0x7fee3e39d3a0, return_value=return_value@entry=0x7fee4e812840)
    at /src/php-7.0.14/Zend/zend_vm_execute.h:458
#11 0x00007fee54722084 in zend_execute_scripts (type=type@entry=8, retval=0x7fee4e812840, retval@entry=0x0, file_count=file_count@entry=3)
    at /src/php-7.0.14/Zend/zend.c:1437
#12 0x00007fee546c53c0 in php_execute_script (primary_file=primary_file@entry=0x7ffe655212d0) at /src/php-7.0.14/main/main.c:2494
#13 0x00007fee547b4d2a in php_handler (r=<optimized out>) at /src/php-7.0.14/sapi/apache2handler/sapi_apache2.c:678
#14 0x000055b16f21a2f0 in ap_run_handler (r=r@entry=0x55b171852fc0) at config.c:170
#15 0x000055b16f21a839 in ap_invoke_handler (r=0x55b171852fc0) at config.c:434
#16 0x000055b16f23b502 in ap_process_async_request (r=0x55b171852fc0) at http_request.c:410
#17 0x000055b16f23b6a0 in ap_process_request (r=0x55b171852fc0) at http_request.c:445
#18 0x000055b16f2377f5 in ap_process_http_sync_connection (c=0x55b1717bfba0) at http_core.c:210
#19 ap_process_http_connection (c=0x55b1717bfba0) at http_core.c:251
#20 0x000055b16f223b20 in ap_run_process_connection (c=0x55b1717bfba0) at connection.c:42
#21 0x000055b16f29ada2 in child_main (child_num_arg=1699864064, child_bucket=1699878512) at prefork.c:723
#22 0x000055b16f29b020 in make_child (s=0x55b1714121b0, slot=0, bucket=0) at prefork.c:824
#23 0x000055b16f29be75 in perform_idle_server_maintenance (p=<optimized out>) at prefork.c:932
#24 prefork_run (_pconf=0x7ffe6551de00, plog=0x7ffe65521744, s=0x7ffe65521720) at prefork.c:1128
#25 0x000055b16f1fecce in ap_run_mpm (pconf=0x55b1713df138, plog=0x55b17141ab38, s=0x55b1714121b0) at mpm_common.c:94
#26 0x000055b16f1f7fd8 in main (argc=3, argv=0x7ffe655219f8) at main.c:783

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-12-14 17:38 UTC] nikic@php.net

This is odd, because there were no changed in this area between 7.0.13 and 7.0.14.

Under what circumstances does this occur? Only for a specific file? Only intermittently?

[2016-12-16 17:23 UTC] tom60 at op dot pl

Probably the crash was introduced in one of the earlier versions. I can confirm that it occured intermittently in 7.0.13, too. I'm not sure about earlier PHP versions, I would have to dig deeper into error logs. The crash occured on one of our production servers 15 times during the last 30 days. Are there any steps we can take to help you find the root cause of the problem?

[2016-12-16 18:26 UTC] nikic@php.net

It might be related to https://bugs.php.net/bug.php?id=52752.

[2020-09-01 13:03 UTC] cmb@php.net

-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb

[2020-09-01 13:03 UTC] cmb@php.net

Bug #52752 is fixed as of PHP 7.4.0.  Can you still reproduce the
intermittent segfaults with PHP 7.4?

[2020-09-20 04:22 UTC] php-bugs at lists dot php dot net

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Mar 31 12:01:28 2025 UTC