php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74124 Seg fault when running code using the ps (postscript) extension
Submitted: 2017-02-18 19:53 UTC Modified: 2021-11-28 04:22 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:1 (50.0%)
From: ian at gumstix dot com Assigned: cmb (profile)
Status: No Feedback Package: ps (PECL)
PHP Version: 7.1.5 OS: Xubuntu 16.04.2
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: ian at gumstix dot com
New email:
PHP Version: OS:

 

 [2017-02-18 19:53 UTC] ian at gumstix dot com
Description:
------------
When running the unit test for my application, some code that uses the ps PECL extension crashes with a seg fault. gdb backtrace is below.

Test script:
---------------
The code that generates the error is proprietary, and I don't have a test script yet that will produce the error. I'll update the bug if I manage to get one.

Actual result:
--------------
(gdb) run vendor/bin/phpunit path/to/my/directory
Starting program: /usr/bin/php vendor/bin/phpunit path/to/my/directory
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
PHPUnit 4.8.35 by Sebastian Bergmann and contributors.

...
Program received signal SIGSEGV, Segmentation fault.
zend_mm_alloc_small (bin_num=<optimized out>, size=<optimized out>, heap=0x7ffff3800040)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_alloc.c:1261
1261	/build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_alloc.c: No such file or directory.
(gdb) backtrace
#0  zend_mm_alloc_small (bin_num=<optimized out>, size=<optimized out>, heap=0x7ffff3800040)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_alloc.c:1261
#1  zend_mm_alloc_heap (size=<optimized out>, heap=0x7ffff3800040)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_alloc.c:1332
#2  _emalloc (size=<optimized out>) at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_alloc.c:2417
#3  0x000055555579b89d in _safe_emalloc (nmemb=nmemb@entry=24, size=<optimized out>, offset=offset@entry=0)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_alloc.c:2472
#4  0x00005555557a4aec in zend_compile_params (ast=ast@entry=0x7fffdcfd2578, return_type_ast=return_type_ast@entry=0x0)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_compile.c:5118
#5  0x00005555557acaaf in zend_compile_func_decl (result=result@entry=0x0, ast=ast@entry=0x7fffdcfd36b8)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_compile.c:5619
#6  0x00005555557abc7a in zend_compile_stmt (ast=0x7fffdcfd36b8)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_compile.c:7838
#7  0x00005555557ac757 in zend_compile_stmt_list (ast=ast@entry=0x7fffdcfd1860)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_compile.c:5022
#8  0x00005555557abb46 in zend_compile_stmt (ast=ast@entry=0x7fffdcfd1860)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_compile.c:7782
#9  0x00005555557ab2a9 in zend_compile_class_decl (ast=ast@entry=0x7fffdcfd3700)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_compile.c:6029
#10 0x00005555557abc88 in zend_compile_stmt (ast=ast@entry=0x7fffdcfd3700)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_compile.c:7850
#11 0x00005555557ae3fa in zend_compile_top_stmt (ast=0x7fffdcfd3700)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_compile.c:7756
#12 0x00005555557ae43f in zend_compile_top_stmt (ast=0x7fffdcfd1018)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_compile.c:7751
#13 0x0000555555785ecd in zend_compile (type=type@entry=2) at Zend/zend_language_scanner.l:601
#14 0x0000555555787376 in compile_file (file_handle=0x7fffffff95a0, type=2) at Zend/zend_language_scanner.l:635
#15 0x00007fffea09a3d8 in ?? () from /usr/lib/php/20160303/phar.so
#16 0x00007ffff32d12ac in ?? () from /usr/lib/php/20160303/opcache.so
#17 0x00007ffff32d32a9 in persistent_compile_file () from /usr/lib/php/20160303/opcache.so
#18 0x000055555578756b in compile_filename (type=type@entry=2, filename=filename@entry=0x7ffff3814510)
    at Zend/zend_language_scanner.l:662
#19 0x00005555558259ea in zend_include_or_eval (inc_filename=0x7ffff3814510, type=2)
---Type <return> to continue, or q <return> to quit---
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_execute.c:2846
#20 0x000055555585fbcf in ZEND_INCLUDE_OR_EVAL_SPEC_CV_HANDLER ()
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_vm_execute.h:35461
#21 0x000055555580ac1b in execute_ex (ex=<optimized out>)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_vm_execute.h:429
#22 0x00005555557b1d4f in zend_call_function (fci=fci@entry=0x7fffffff98e0, fci_cache=<optimized out>, 
    fci_cache@entry=0x7fffffff98b0) at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_execute_API.c:828
#23 0x00005555557dfaa9 in zend_call_method (object=0x7ffff38c7818, obj_ce=<optimized out>, fn_proxy=<optimized out>, 
    function_name=0x7ffff38d6f68 "composer\\autoload\\classloader::loadclass\001", function_name_len=<optimized out>, 
    retval_ptr=retval_ptr@entry=0x0, param_count=1, arg1=0x7ffff3814420, arg2=0x0)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_interfaces.c:101
#24 0x00005555556bdbae in zif_spl_autoload_call (execute_data=<optimized out>, return_value=<optimized out>)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/ext/spl/php_spl.c:420
#25 0x00005555557b1c4b in zend_call_function (fci=fci@entry=0x7fffffff9b80, fci_cache=<optimized out>, 
    fci_cache@entry=0x7fffffff9b50) at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_execute_API.c:842
#26 0x00005555557b22a1 in zend_lookup_class_ex (name=name@entry=0x7fffddb26950, key=0x7fffde9b18a8, 
    use_autoload=use_autoload@entry=1) at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_execute_API.c:1001
#27 0x00005555557b2c58 in zend_fetch_class_by_name (class_name=0x7fffddb26950, key=<optimized out>, fetch_type=0)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_execute_API.c:1436
#28 0x000055555580f779 in ZEND_FETCH_CLASS_SPEC_CONST_HANDLER ()
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_vm_execute.h:2096
#29 0x000055555580ac1b in execute_ex (ex=<optimized out>)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_vm_execute.h:429
#30 0x00005555557b1d4f in zend_call_function (fci=fci@entry=0x7fffffff9dd0, fci_cache=<optimized out>, 
    fci_cache@entry=0x7fffffff9da0) at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_execute_API.c:828
#31 0x00005555557dfaa9 in zend_call_method (object=0x7ffff38c7818, obj_ce=<optimized out>, fn_proxy=<optimized out>, 
    function_name=0x7ffff38d6f68 "composer\\autoload\\classloader::loadclass\001", function_name_len=<optimized out>, 
    retval_ptr=retval_ptr@entry=0x0, param_count=1, arg1=0x7ffff3814270, arg2=0x0)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_interfaces.c:101
#32 0x00005555556bdbae in zif_spl_autoload_call (execute_data=<optimized out>, return_value=<optimized out>)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/ext/spl/php_spl.c:420
#33 0x00005555557b1c4b in zend_call_function (fci=fci@entry=0x7fffffffa070, fci_cache=<optimized out>, 
    fci_cache@entry=0x7fffffffa040) at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_execute_API.c:842
---Type <return> to continue, or q <return> to quit---
#34 0x00005555557b22a1 in zend_lookup_class_ex (name=name@entry=0x7fffdcc74410, key=0x7fffdcd39870, 
    use_autoload=use_autoload@entry=1) at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_execute_API.c:1001
#35 0x00005555557b2c58 in zend_fetch_class_by_name (class_name=0x7fffdcc74410, key=<optimized out>, 
    fetch_type=fetch_type@entry=512) at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_execute_API.c:1436
#36 0x0000555555860cf7 in ZEND_NEW_SPEC_CONST_HANDLER ()
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_vm_execute.h:3199
#37 0x000055555580ac1b in execute_ex (ex=<optimized out>)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_vm_execute.h:429
#38 0x00005555557b1d4f in zend_call_function (fci=fci@entry=0x7fffffffa2f0, fci_cache=<optimized out>, 
    fci_cache@entry=0x7fffffffa2c0) at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_execute_API.c:828
#39 0x00005555556a8c64 in reflection_method_invoke (execute_data=<optimized out>, return_value=0x7ffff3813cb0, 
    variadic=<optimized out>) at /build/php7.1-jn_ZrU/php7.1-7.1.2/ext/reflection/php_reflection.c:3325
#40 0x00005555558635dc in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER ()
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_vm_execute.h:1097
#41 0x000055555580ac1b in execute_ex (ex=<optimized out>)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_vm_execute.h:429
#42 0x0000555555865a60 in zend_execute (op_array=0x7ffff3884000, op_array@entry=0x7fffde3dcc80, 
    return_value=return_value@entry=0x7ffff3813bf0) at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_vm_execute.h:474
#43 0x00005555557c1723 in zend_execute_scripts (type=type@entry=8, retval=0x7ffff3813bf0, retval@entry=0x0, 
    file_count=file_count@entry=3) at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend.c:1475
#44 0x000055555575e520 in php_execute_script (primary_file=0x7fffffffc960)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/main/main.c:2537
#45 0x0000555555867ce7 in do_cli (argc=3, argv=0x555555bdf440)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/sapi/cli/php_cli.c:993
#46 0x000055555563a92c in main (argc=3, argv=0x555555bdf440)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/sapi/cli/php_cli.c:1381

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-02-18 22:22 UTC] ian at gumstix dot com
-Summary: Seg fault when running code using the ps (postscript) extension +Summary: ian@gumstix.com
 [2017-02-18 22:22 UTC] ian at gumstix dot com
I've created a test script that reproduces the bug. It is here:

https://github.com/ianfp/php-ps-segfault
 [2017-02-18 22:23 UTC] ian at gumstix dot com
-Summary: ian@gumstix.com +Summary: Seg fault when running code using the ps (postscript) extension
 [2017-02-18 22:23 UTC] ian at gumstix dot com
Revert accidental change to the bug summary.
 [2017-03-02 18:45 UTC] ian at gumstix dot com
-Package: Reproducible crash +Package: ps
 [2017-03-02 18:45 UTC] ian at gumstix dot com
Changed package to "ps" because I just encountered this bug in production code (as opposed to while running PHPUnit tests) that uses the ps extension.
 [2017-03-21 15:54 UTC] ian at gumstix dot com
-PHP Version: 7.1.2 +PHP Version: 7.1.3
 [2017-03-21 15:54 UTC] ian at gumstix dot com
Still occurs in PHP 7.1.3.
 [2017-04-04 08:43 UTC] bugsphpnet888 at allanid dot com
I experience the same problem. Having the same PHP version (7.1.3) but on a Debian 8.7. It gives strange artifacts my remaining PHP code. It somehow manages to cause the PHP script to be run multiple times - so if I run a script that adds a database record the record might be added 3 times!

I need to use the ps_hyphenate() function to hyphenate text. Using this extension is the only method I have found to do it, so I really need this bug fixed.
 [2017-05-30 21:49 UTC] ian at gumstix dot com
-Package: ps +Package: Reproducible crash -PHP Version: 7.1.3 +PHP Version: 7.1.5
 [2017-05-30 21:49 UTC] ian at gumstix dot com
I'm changing the package from "ps" to "Reproducible crash" based on the comment thread in bug 74676, which suggests that this is not actually a bug in the Postscript extension.
 [2017-06-01 22:07 UTC] ian at gumstix dot com
Commenting out the call to ps_delete() seems to solve the problem.

https://github.com/ianfp/php-ps-segfault/blob/master/src/PostscriptDocument.php#L63
 [2021-01-27 16:05 UTC] cmb@php.net
-Package: Reproducible crash +Package: ps
 [2021-11-19 13:39 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2021-11-19 13:39 UTC] cmb@php.net
There have been fixes to support PHP 7, or is this still an issue
for you with latest ps (1.4.4)?
 [2021-11-28 04:22 UTC] pecl-dev at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Thu Dec 09 11:03:34 2021 UTC