php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74124 Seg fault when running code using the ps (postscript) extension
Submitted: 2017-02-18 19:53 UTC Modified: 2017-05-30 21:49 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:1 (50.0%)
From: ian at gumstix dot com Assigned:
Status: Open Package: Reproducible crash
PHP Version: 7.1.5 OS: Xubuntu 16.04.2
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: ian at gumstix dot com
New email:
PHP Version: OS:

 

 [2017-02-18 19:53 UTC] ian at gumstix dot com
Description:
------------
When running the unit test for my application, some code that uses the ps PECL extension crashes with a seg fault. gdb backtrace is below.

Test script:
---------------
The code that generates the error is proprietary, and I don't have a test script yet that will produce the error. I'll update the bug if I manage to get one.

Actual result:
--------------
(gdb) run vendor/bin/phpunit path/to/my/directory
Starting program: /usr/bin/php vendor/bin/phpunit path/to/my/directory
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
PHPUnit 4.8.35 by Sebastian Bergmann and contributors.

...
Program received signal SIGSEGV, Segmentation fault.
zend_mm_alloc_small (bin_num=<optimized out>, size=<optimized out>, heap=0x7ffff3800040)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_alloc.c:1261
1261	/build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_alloc.c: No such file or directory.
(gdb) backtrace
#0  zend_mm_alloc_small (bin_num=<optimized out>, size=<optimized out>, heap=0x7ffff3800040)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_alloc.c:1261
#1  zend_mm_alloc_heap (size=<optimized out>, heap=0x7ffff3800040)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_alloc.c:1332
#2  _emalloc (size=<optimized out>) at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_alloc.c:2417
#3  0x000055555579b89d in _safe_emalloc (nmemb=nmemb@entry=24, size=<optimized out>, offset=offset@entry=0)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_alloc.c:2472
#4  0x00005555557a4aec in zend_compile_params (ast=ast@entry=0x7fffdcfd2578, return_type_ast=return_type_ast@entry=0x0)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_compile.c:5118
#5  0x00005555557acaaf in zend_compile_func_decl (result=result@entry=0x0, ast=ast@entry=0x7fffdcfd36b8)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_compile.c:5619
#6  0x00005555557abc7a in zend_compile_stmt (ast=0x7fffdcfd36b8)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_compile.c:7838
#7  0x00005555557ac757 in zend_compile_stmt_list (ast=ast@entry=0x7fffdcfd1860)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_compile.c:5022
#8  0x00005555557abb46 in zend_compile_stmt (ast=ast@entry=0x7fffdcfd1860)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_compile.c:7782
#9  0x00005555557ab2a9 in zend_compile_class_decl (ast=ast@entry=0x7fffdcfd3700)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_compile.c:6029
#10 0x00005555557abc88 in zend_compile_stmt (ast=ast@entry=0x7fffdcfd3700)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_compile.c:7850
#11 0x00005555557ae3fa in zend_compile_top_stmt (ast=0x7fffdcfd3700)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_compile.c:7756
#12 0x00005555557ae43f in zend_compile_top_stmt (ast=0x7fffdcfd1018)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_compile.c:7751
#13 0x0000555555785ecd in zend_compile (type=type@entry=2) at Zend/zend_language_scanner.l:601
#14 0x0000555555787376 in compile_file (file_handle=0x7fffffff95a0, type=2) at Zend/zend_language_scanner.l:635
#15 0x00007fffea09a3d8 in ?? () from /usr/lib/php/20160303/phar.so
#16 0x00007ffff32d12ac in ?? () from /usr/lib/php/20160303/opcache.so
#17 0x00007ffff32d32a9 in persistent_compile_file () from /usr/lib/php/20160303/opcache.so
#18 0x000055555578756b in compile_filename (type=type@entry=2, filename=filename@entry=0x7ffff3814510)
    at Zend/zend_language_scanner.l:662
#19 0x00005555558259ea in zend_include_or_eval (inc_filename=0x7ffff3814510, type=2)
---Type <return> to continue, or q <return> to quit---
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_execute.c:2846
#20 0x000055555585fbcf in ZEND_INCLUDE_OR_EVAL_SPEC_CV_HANDLER ()
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_vm_execute.h:35461
#21 0x000055555580ac1b in execute_ex (ex=<optimized out>)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_vm_execute.h:429
#22 0x00005555557b1d4f in zend_call_function (fci=fci@entry=0x7fffffff98e0, fci_cache=<optimized out>, 
    fci_cache@entry=0x7fffffff98b0) at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_execute_API.c:828
#23 0x00005555557dfaa9 in zend_call_method (object=0x7ffff38c7818, obj_ce=<optimized out>, fn_proxy=<optimized out>, 
    function_name=0x7ffff38d6f68 "composer\\autoload\\classloader::loadclass\001", function_name_len=<optimized out>, 
    retval_ptr=retval_ptr@entry=0x0, param_count=1, arg1=0x7ffff3814420, arg2=0x0)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_interfaces.c:101
#24 0x00005555556bdbae in zif_spl_autoload_call (execute_data=<optimized out>, return_value=<optimized out>)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/ext/spl/php_spl.c:420
#25 0x00005555557b1c4b in zend_call_function (fci=fci@entry=0x7fffffff9b80, fci_cache=<optimized out>, 
    fci_cache@entry=0x7fffffff9b50) at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_execute_API.c:842
#26 0x00005555557b22a1 in zend_lookup_class_ex (name=name@entry=0x7fffddb26950, key=0x7fffde9b18a8, 
    use_autoload=use_autoload@entry=1) at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_execute_API.c:1001
#27 0x00005555557b2c58 in zend_fetch_class_by_name (class_name=0x7fffddb26950, key=<optimized out>, fetch_type=0)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_execute_API.c:1436
#28 0x000055555580f779 in ZEND_FETCH_CLASS_SPEC_CONST_HANDLER ()
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_vm_execute.h:2096
#29 0x000055555580ac1b in execute_ex (ex=<optimized out>)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_vm_execute.h:429
#30 0x00005555557b1d4f in zend_call_function (fci=fci@entry=0x7fffffff9dd0, fci_cache=<optimized out>, 
    fci_cache@entry=0x7fffffff9da0) at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_execute_API.c:828
#31 0x00005555557dfaa9 in zend_call_method (object=0x7ffff38c7818, obj_ce=<optimized out>, fn_proxy=<optimized out>, 
    function_name=0x7ffff38d6f68 "composer\\autoload\\classloader::loadclass\001", function_name_len=<optimized out>, 
    retval_ptr=retval_ptr@entry=0x0, param_count=1, arg1=0x7ffff3814270, arg2=0x0)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_interfaces.c:101
#32 0x00005555556bdbae in zif_spl_autoload_call (execute_data=<optimized out>, return_value=<optimized out>)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/ext/spl/php_spl.c:420
#33 0x00005555557b1c4b in zend_call_function (fci=fci@entry=0x7fffffffa070, fci_cache=<optimized out>, 
    fci_cache@entry=0x7fffffffa040) at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_execute_API.c:842
---Type <return> to continue, or q <return> to quit---
#34 0x00005555557b22a1 in zend_lookup_class_ex (name=name@entry=0x7fffdcc74410, key=0x7fffdcd39870, 
    use_autoload=use_autoload@entry=1) at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_execute_API.c:1001
#35 0x00005555557b2c58 in zend_fetch_class_by_name (class_name=0x7fffdcc74410, key=<optimized out>, 
    fetch_type=fetch_type@entry=512) at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_execute_API.c:1436
#36 0x0000555555860cf7 in ZEND_NEW_SPEC_CONST_HANDLER ()
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_vm_execute.h:3199
#37 0x000055555580ac1b in execute_ex (ex=<optimized out>)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_vm_execute.h:429
#38 0x00005555557b1d4f in zend_call_function (fci=fci@entry=0x7fffffffa2f0, fci_cache=<optimized out>, 
    fci_cache@entry=0x7fffffffa2c0) at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_execute_API.c:828
#39 0x00005555556a8c64 in reflection_method_invoke (execute_data=<optimized out>, return_value=0x7ffff3813cb0, 
    variadic=<optimized out>) at /build/php7.1-jn_ZrU/php7.1-7.1.2/ext/reflection/php_reflection.c:3325
#40 0x00005555558635dc in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER ()
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_vm_execute.h:1097
#41 0x000055555580ac1b in execute_ex (ex=<optimized out>)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_vm_execute.h:429
#42 0x0000555555865a60 in zend_execute (op_array=0x7ffff3884000, op_array@entry=0x7fffde3dcc80, 
    return_value=return_value@entry=0x7ffff3813bf0) at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend_vm_execute.h:474
#43 0x00005555557c1723 in zend_execute_scripts (type=type@entry=8, retval=0x7ffff3813bf0, retval@entry=0x0, 
    file_count=file_count@entry=3) at /build/php7.1-jn_ZrU/php7.1-7.1.2/Zend/zend.c:1475
#44 0x000055555575e520 in php_execute_script (primary_file=0x7fffffffc960)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/main/main.c:2537
#45 0x0000555555867ce7 in do_cli (argc=3, argv=0x555555bdf440)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/sapi/cli/php_cli.c:993
#46 0x000055555563a92c in main (argc=3, argv=0x555555bdf440)
    at /build/php7.1-jn_ZrU/php7.1-7.1.2/sapi/cli/php_cli.c:1381

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-02-18 22:22 UTC] ian at gumstix dot com
-Summary: Seg fault when running code using the ps (postscript) extension +Summary: ian@gumstix.com
 [2017-02-18 22:22 UTC] ian at gumstix dot com
I've created a test script that reproduces the bug. It is here:

https://github.com/ianfp/php-ps-segfault
 [2017-02-18 22:23 UTC] ian at gumstix dot com
-Summary: ian@gumstix.com +Summary: Seg fault when running code using the ps (postscript) extension
 [2017-02-18 22:23 UTC] ian at gumstix dot com
Revert accidental change to the bug summary.
 [2017-03-02 18:45 UTC] ian at gumstix dot com
-Package: Reproducible crash +Package: ps
 [2017-03-02 18:45 UTC] ian at gumstix dot com
Changed package to "ps" because I just encountered this bug in production code (as opposed to while running PHPUnit tests) that uses the ps extension.
 [2017-03-21 15:54 UTC] ian at gumstix dot com
-PHP Version: 7.1.2 +PHP Version: 7.1.3
 [2017-03-21 15:54 UTC] ian at gumstix dot com
Still occurs in PHP 7.1.3.
 [2017-04-04 08:43 UTC] bugsphpnet888 at allanid dot com
I experience the same problem. Having the same PHP version (7.1.3) but on a Debian 8.7. It gives strange artifacts my remaining PHP code. It somehow manages to cause the PHP script to be run multiple times - so if I run a script that adds a database record the record might be added 3 times!

I need to use the ps_hyphenate() function to hyphenate text. Using this extension is the only method I have found to do it, so I really need this bug fixed.
 [2017-05-30 21:49 UTC] ian at gumstix dot com
-Package: ps +Package: Reproducible crash -PHP Version: 7.1.3 +PHP Version: 7.1.5
 [2017-05-30 21:49 UTC] ian at gumstix dot com
I'm changing the package from "ps" to "Reproducible crash" based on the comment thread in bug 74676, which suggests that this is not actually a bug in the Postscript extension.
 [2017-06-01 22:07 UTC] ian at gumstix dot com
Commenting out the call to ps_delete() seems to solve the problem.

https://github.com/ianfp/php-ps-segfault/blob/master/src/PostscriptDocument.php#L63
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Tue Jun 25 10:01:26 2019 UTC