|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73740 Segmentation fault it Zend/zend_language_scanner.c:1170
Submitted: 2016-12-14 17:25 UTC Modified: 2020-09-20 04:22 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: tom60 at op dot pl Assigned: cmb (profile)
Status: No Feedback Package: Reproducible crash
PHP Version: 7.0.14 OS: Debian Jessie 64 bit
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2016-12-14 17:25 UTC] tom60 at op dot pl
I noticed a crash after upgrading from PHP 7.0.13 to 7.0.14. I've attached a backtrace from gdb.

Actual result:
#0  lex_scan (zendlval=zendlval@entry=0x7ffe6551de00) at Zend/zend_language_scanner.c:1170
#1  0x00007fee547044fb in zendlex (elem=elem@entry=0x7ffe6551deb0) at /src/php-7.0.14/Zend/zend_compile.c:1587
#2  0x00007fee546e8953 in zendparse () at /src/php-7.0.14/Zend/zend_language_parser.c:4225
#3  0x00007fee546ec20b in compile_file (file_handle=0x7ffe6551ed40, type=<optimized out>) at Zend/zend_language_scanner.l:591
#4  0x00007fee5457ee4f in phar_compile_file (file_handle=0x7ffe6551de00, type=-319) at /src/php-7.0.14/ext/phar/phar.c:3322
#5  0x00007fee4efcf547 in opcache_compile_file (file_handle=file_handle@entry=0x7ffe6551ed40, type=type@entry=2, op_array_p=op_array_p@entry=0x7ffe6551ec58, 
    key_length=<optimized out>, key=<optimized out>) at /src/php-7.0.14/ext/opcache/ZendAccelerator.c:1494
#6  0x00007fee4efd0e5d in persistent_compile_file (file_handle=0x7ffe6551ed40, type=2) at /src/php-7.0.14/ext/opcache/ZendAccelerator.c:1851
#7  0x00007fee546ec4b6 in compile_filename (type=2, filename=filename@entry=0x7fee4e8128a0) at Zend/zend_language_scanner.l:649
#8  0x00007fee547af6a7 in ZEND_INCLUDE_OR_EVAL_SPEC_CV_HANDLER () at /src/php-7.0.14/Zend/zend_vm_execute.h:29441
#9  0x00007fee5475f91b in execute_ex (ex=<optimized out>) at /src/php-7.0.14/Zend/zend_vm_execute.h:414
#10 0x00007fee547b3427 in zend_execute (op_array=0x7fee4e865000, op_array@entry=0x7fee3e39d3a0, return_value=return_value@entry=0x7fee4e812840)
    at /src/php-7.0.14/Zend/zend_vm_execute.h:458
#11 0x00007fee54722084 in zend_execute_scripts (type=type@entry=8, retval=0x7fee4e812840, retval@entry=0x0, file_count=file_count@entry=3)
    at /src/php-7.0.14/Zend/zend.c:1437
#12 0x00007fee546c53c0 in php_execute_script (primary_file=primary_file@entry=0x7ffe655212d0) at /src/php-7.0.14/main/main.c:2494
#13 0x00007fee547b4d2a in php_handler (r=<optimized out>) at /src/php-7.0.14/sapi/apache2handler/sapi_apache2.c:678
#14 0x000055b16f21a2f0 in ap_run_handler (r=r@entry=0x55b171852fc0) at config.c:170
#15 0x000055b16f21a839 in ap_invoke_handler (r=0x55b171852fc0) at config.c:434
#16 0x000055b16f23b502 in ap_process_async_request (r=0x55b171852fc0) at http_request.c:410
#17 0x000055b16f23b6a0 in ap_process_request (r=0x55b171852fc0) at http_request.c:445
#18 0x000055b16f2377f5 in ap_process_http_sync_connection (c=0x55b1717bfba0) at http_core.c:210
#19 ap_process_http_connection (c=0x55b1717bfba0) at http_core.c:251
#20 0x000055b16f223b20 in ap_run_process_connection (c=0x55b1717bfba0) at connection.c:42
#21 0x000055b16f29ada2 in child_main (child_num_arg=1699864064, child_bucket=1699878512) at prefork.c:723
#22 0x000055b16f29b020 in make_child (s=0x55b1714121b0, slot=0, bucket=0) at prefork.c:824
#23 0x000055b16f29be75 in perform_idle_server_maintenance (p=<optimized out>) at prefork.c:932
#24 prefork_run (_pconf=0x7ffe6551de00, plog=0x7ffe65521744, s=0x7ffe65521720) at prefork.c:1128
#25 0x000055b16f1fecce in ap_run_mpm (pconf=0x55b1713df138, plog=0x55b17141ab38, s=0x55b1714121b0) at mpm_common.c:94
#26 0x000055b16f1f7fd8 in main (argc=3, argv=0x7ffe655219f8) at main.c:783


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2016-12-14 17:38 UTC]
This is odd, because there were no changed in this area between 7.0.13 and 7.0.14.

Under what circumstances does this occur? Only for a specific file? Only intermittently?
 [2016-12-16 17:23 UTC] tom60 at op dot pl
Probably the crash was introduced in one of the earlier versions. I can confirm that it occured intermittently in 7.0.13, too. I'm not sure about earlier PHP versions, I would have to dig deeper into error logs. The crash occured on one of our production servers 15 times during the last 30 days. Are there any steps we can take to help you find the root cause of the problem?
 [2016-12-16 18:26 UTC]
It might be related to
 [2020-09-01 13:03 UTC]
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2020-09-01 13:03 UTC]
Bug #52752 is fixed as of PHP 7.4.0.  Can you still reproduce the
intermittent segfaults with PHP 7.4?
 [2020-09-20 04:22 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Mon Dec 11 17:01:30 2023 UTC