PHP :: Bug #74071 :: Segfault in php_stream_context_set

Bug #74071

Segfault in php_stream_context_set_option

Submitted:

2017-02-10 08:21 UTC

Modified:

2017-02-15 16:54 UTC

Votes:	1
Avg. Score:	3.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

kelunik@php.net

Assigned:

Status:

Verified

Package:

Sockets related

PHP Version:

Next Minor Version

OS:

Linux

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	kelunik@php.net
New email:
PHP Version:		OS:

New/Additional Comment:

[2017-02-10 08:21 UTC] kelunik@php.net

Description:
------------
PHP segfaults when requesting HTTPS sites using https://github.com/amphp/artax @ ^2. I haven't been able yet to write a condensed test script.

Works fine with PHP 7.1.2RC1, but not with the current master.

Test script:
---------------
require __DIR__ . "/vendor/autoload.php";

Amp\run(function () {
    yield (new Amp\Artax\Client)->request("https://php.net/");
});'

Expected result:
----------------
No segfault.

Actual result:
--------------
php: /home/kelunik/.php-build/release/Zend/zend_hash.c:550: _zend_hash_add_or_update_i: Assertion `((ht)->gc.refcount == 1) || ((ht)->u.flags & (1<<6))' failed.

Program received signal SIGABRT, Aborted.
0x00007ffff49c2428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
54	../sysdeps/unix/sysv/linux/raise.c: Datei oder Verzeichnis nicht gefunden.
(gdb) bt
#0  0x00007ffff49c2428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1  0x00007ffff49c402a in __GI_abort () at abort.c:89
#2  0x00007ffff49babd7 in __assert_fail_base (fmt=<optimized out>, assertion=assertion@entry=0x12586b8 "((ht)->gc.refcount == 1) || ((ht)->u.flags & (1<<6))", 
    file=file@entry=0x1258640 "/home/kelunik/.php-build/release/Zend/zend_hash.c", line=line@entry=550, function=function@entry=0x12589e0 <__PRETTY_FUNCTION__.8867> "_zend_hash_add_or_update_i") at assert.c:92
#3  0x00007ffff49bac82 in __GI___assert_fail (assertion=0x12586b8 "((ht)->gc.refcount == 1) || ((ht)->u.flags & (1<<6))", file=0x1258640 "/home/kelunik/.php-build/release/Zend/zend_hash.c", line=550, 
    function=0x12589e0 <__PRETTY_FUNCTION__.8867> "_zend_hash_add_or_update_i") at assert.c:101
#4  0x000000000098a756 in _zend_hash_add_or_update_i (ht=0x7fffedf9c900, key=0x7fffedf0cf40, pData=0x7fffffffa040, flag=1, __zend_filename=0x123cb88 "/home/kelunik/.php-build/release/main/streams/streams.c", 
    __zend_lineno=2237) at /home/kelunik/.php-build/release/Zend/zend_hash.c:550
#5  0x000000000098acb1 in _zend_hash_str_update (ht=0x7fffedf9c900, str=0x7fffedece318 "ssl", len=3, pData=0x7fffffffa040, __zend_filename=0x123cb88 "/home/kelunik/.php-build/release/main/streams/streams.c", 
    __zend_lineno=2237) at /home/kelunik/.php-build/release/Zend/zend_hash.c:653
#6  0x0000000000908a70 in php_stream_context_set_option (context=0x7fffedfc9540, wrappername=0x7fffedece318 "ssl", optionname=0x7fffede9cba8 "peer_name", optionvalue=0x7fffed60c0a0)
    at /home/kelunik/.php-build/release/main/streams/streams.c:2237
#7  0x000000000084686f in parse_context_options (context=0x7fffedfc9540, options=0x7fffede169c0) at /home/kelunik/.php-build/release/ext/standard/streamsfuncs.c:896
#8  0x00000000008471f2 in zif_stream_context_set_option (execute_data=0x7fffede16960, return_value=0x7fffffffa1e0) at /home/kelunik/.php-build/release/ext/standard/streamsfuncs.c:1007
#9  0x00000000009d7f45 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER () at /home/kelunik/.php-build/release/Zend/zend_vm_execute.h:620
#10 0x00000000009d7925 in execute_ex (ex=0x7fffede13030) at /home/kelunik/.php-build/release/Zend/zend_vm_execute.h:429
#11 0x00000000009d7a06 in zend_execute (op_array=0x7fffede7a300, return_value=0x0) at /home/kelunik/.php-build/release/Zend/zend_vm_execute.h:474
#12 0x0000000000977583 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/kelunik/.php-build/release/Zend/zend.c:1543
#13 0x00000000008e7ed2 in php_execute_script (primary_file=0x7fffffffc8a0) at /home/kelunik/.php-build/release/main/main.c:2552
#14 0x0000000000a5c1db in do_cli (argc=3, argv=0x157db50) at /home/kelunik/.php-build/release/sapi/cli/php_cli.c:997
#15 0x0000000000a5d25b in main (argc=3, argv=0x157db50) at /home/kelunik/.php-build/release/sapi/cli/php_cli.c:1390

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2017-02-12 02:31 UTC] laruence@php.net

I can not reproduce this.

[2017-02-15 16:54 UTC] bwoebi@php.net

-Status: Open +Status: Verified

[2017-02-15 16:54 UTC] bwoebi@php.net

I could reproduce it too.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2019 The PHP Group All rights reserved.	Last updated: Thu Sep 19 23:01:27 2019 UTC