|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74071 Segfault in php_stream_context_set_option
Submitted: 2017-02-10 08:21 UTC Modified: 2021-07-23 10:17 UTC
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: Assigned: nikic (profile)
Status: Closed Package: Sockets related
PHP Version: Next Minor Version OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
New email:
PHP Version: OS:


 [2017-02-10 08:21 UTC]
PHP segfaults when requesting HTTPS sites using @ ^2. I haven't been able yet to write a condensed test script.

Works fine with PHP 7.1.2RC1, but not with the current master.

Test script:
require __DIR__ . "/vendor/autoload.php";

Amp\run(function () {
    yield (new Amp\Artax\Client)->request("");

Expected result:
No segfault.

Actual result:
php: /home/kelunik/.php-build/release/Zend/zend_hash.c:550: _zend_hash_add_or_update_i: Assertion `((ht)->gc.refcount == 1) || ((ht)->u.flags & (1<<6))' failed.

Program received signal SIGABRT, Aborted.
0x00007ffff49c2428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
54	../sysdeps/unix/sysv/linux/raise.c: Datei oder Verzeichnis nicht gefunden.
(gdb) bt
#0  0x00007ffff49c2428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1  0x00007ffff49c402a in __GI_abort () at abort.c:89
#2  0x00007ffff49babd7 in __assert_fail_base (fmt=<optimized out>, assertion=assertion@entry=0x12586b8 "((ht)->gc.refcount == 1) || ((ht)->u.flags & (1<<6))", 
    file=file@entry=0x1258640 "/home/kelunik/.php-build/release/Zend/zend_hash.c", line=line@entry=550, function=function@entry=0x12589e0 <__PRETTY_FUNCTION__.8867> "_zend_hash_add_or_update_i") at assert.c:92
#3  0x00007ffff49bac82 in __GI___assert_fail (assertion=0x12586b8 "((ht)->gc.refcount == 1) || ((ht)->u.flags & (1<<6))", file=0x1258640 "/home/kelunik/.php-build/release/Zend/zend_hash.c", line=550, 
    function=0x12589e0 <__PRETTY_FUNCTION__.8867> "_zend_hash_add_or_update_i") at assert.c:101
#4  0x000000000098a756 in _zend_hash_add_or_update_i (ht=0x7fffedf9c900, key=0x7fffedf0cf40, pData=0x7fffffffa040, flag=1, __zend_filename=0x123cb88 "/home/kelunik/.php-build/release/main/streams/streams.c", 
    __zend_lineno=2237) at /home/kelunik/.php-build/release/Zend/zend_hash.c:550
#5  0x000000000098acb1 in _zend_hash_str_update (ht=0x7fffedf9c900, str=0x7fffedece318 "ssl", len=3, pData=0x7fffffffa040, __zend_filename=0x123cb88 "/home/kelunik/.php-build/release/main/streams/streams.c", 
    __zend_lineno=2237) at /home/kelunik/.php-build/release/Zend/zend_hash.c:653
#6  0x0000000000908a70 in php_stream_context_set_option (context=0x7fffedfc9540, wrappername=0x7fffedece318 "ssl", optionname=0x7fffede9cba8 "peer_name", optionvalue=0x7fffed60c0a0)
    at /home/kelunik/.php-build/release/main/streams/streams.c:2237
#7  0x000000000084686f in parse_context_options (context=0x7fffedfc9540, options=0x7fffede169c0) at /home/kelunik/.php-build/release/ext/standard/streamsfuncs.c:896
#8  0x00000000008471f2 in zif_stream_context_set_option (execute_data=0x7fffede16960, return_value=0x7fffffffa1e0) at /home/kelunik/.php-build/release/ext/standard/streamsfuncs.c:1007
#9  0x00000000009d7f45 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER () at /home/kelunik/.php-build/release/Zend/zend_vm_execute.h:620
#10 0x00000000009d7925 in execute_ex (ex=0x7fffede13030) at /home/kelunik/.php-build/release/Zend/zend_vm_execute.h:429
#11 0x00000000009d7a06 in zend_execute (op_array=0x7fffede7a300, return_value=0x0) at /home/kelunik/.php-build/release/Zend/zend_vm_execute.h:474
#12 0x0000000000977583 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/kelunik/.php-build/release/Zend/zend.c:1543
#13 0x00000000008e7ed2 in php_execute_script (primary_file=0x7fffffffc8a0) at /home/kelunik/.php-build/release/main/main.c:2552
#14 0x0000000000a5c1db in do_cli (argc=3, argv=0x157db50) at /home/kelunik/.php-build/release/sapi/cli/php_cli.c:997
#15 0x0000000000a5d25b in main (argc=3, argv=0x157db50) at /home/kelunik/.php-build/release/sapi/cli/php_cli.c:1390


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2017-02-12 02:31 UTC]
I can not reproduce this.
 [2017-02-15 16:54 UTC]
-Status: Open +Status: Verified
 [2017-02-15 16:54 UTC]
I could reproduce it too.
 [2021-07-23 10:17 UTC]
-Status: Verified +Status: Closed -Assigned To: +Assigned To: nikic
 [2021-07-23 10:17 UTC]
I tried this after adjusting the code to be compatible with current artax:

require __DIR__ . "/vendor/autoload.php";

Amp\Loop::run(function () {
    yield (new Amp\Artax\DefaultClient)->request("");

Works fine. Also tried v2, which also didn't assert. I assume this got fixed in the meantime.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Jul 25 08:01:30 2024 UTC