php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74137 phpdbg test segfault
Submitted: 2017-02-20 19:56 UTC Modified: 2017-02-24 08:24 UTC
Votes:3
Avg. Score:4.7 ± 0.5
Reproduced:3 of 3 (100.0%)
Same Version:3 (100.0%)
Same OS:3 (100.0%)
From: julien at lepiller dot eu Assigned:
Status: Open Package: phpdbg
PHP Version: 7.1.2 OS: GNU/Linux
Private report: No CVE-ID: None
 [2017-02-20 19:56 UTC] julien at lepiller dot eu
Description:
------------
the sapi/phpdbg/tests/include_once.phpt and sapi/phpdbg/tests/phpdbg_get_executable_stream_wrapper.phpt fail with a segfault after printing the expected output.

It seems that this bug is triggered by the modification time of the included *.inc files since the tests pass successfully when I touch them. Setting modification time to 0 with low-level tools (guile's `(utime "test.php" 0 0)`) of any included or required file recreates the crash. Setting it on the php file does not reproduce the crash.

Sufficient command-line to reproduce the crash is `phpdbg -d "zend_extension=/tmp/guix-build-php-7.1.2.drv-0/php-7.1.2/modules/opcache.so" -f "test.php"`, where test.php includes or requires a file whose modification time is 0. Note that phpdbg points to an executable built by the guix package manager, and has nothing to do with my current distribution. I could reproduce the crash on GuixSD and Fedora 24.

Actual result:
--------------
#0  zend_hash_destroy (ht=0xfe6538 <phpdbg_globals+1400>) at /tmp/guix-build-php-7.1.2.drv-0/php-7.1.2/Zend/zend_hash.c:1249
#1  0x0000000000776921 in zm_shutdown_phpdbg (type=<optimized out>, module_number=<optimized out>) at /tmp/guix-build-php-7.1.2.drv-0/php-7.1.2/sapi/phpdbg/phpdbg.c:234
#2  0x00000000006d9333 in module_destructor (module=module@entry=0x10a44a0) at /tmp/guix-build-php-7.1.2.drv-0/php-7.1.2/Zend/zend_API.c:2499
#3  0x00000000006d23cc in module_destructor_zval (zv=<optimized out>) at /tmp/guix-build-php-7.1.2.drv-0/php-7.1.2/Zend/zend.c:632
#4  0x00000000006e4229 in _zend_hash_del_el_ex (prev=<optimized out>, p=<optimized out>, idx=<optimized out>, ht=<optimized out>) at /tmp/guix-build-php-7.1.2.drv-0/php-7.1.2/Zend/zend_hash.c:998
#5  _zend_hash_del_el (p=0x1073880, idx=47, ht=0xfe30a0 <module_registry>) at /tmp/guix-build-php-7.1.2.drv-0/php-7.1.2/Zend/zend_hash.c:1021
#6  zend_hash_graceful_reverse_destroy (ht=ht@entry=0xfe30a0 <module_registry>) at /tmp/guix-build-php-7.1.2.drv-0/php-7.1.2/Zend/zend_hash.c:1477
#7  0x00000000006d781c in zend_destroy_modules () at /tmp/guix-build-php-7.1.2.drv-0/php-7.1.2/Zend/zend_API.c:1978
#8  0x00000000006d2eb5 in zend_shutdown () at /tmp/guix-build-php-7.1.2.drv-0/php-7.1.2/Zend/zend.c:871
#9  0x0000000000673acb in php_module_shutdown () at /tmp/guix-build-php-7.1.2.drv-0/php-7.1.2/main/main.c:2405
#10 0x0000000000444846 in main (argc=69, argv=0x7fffffffd3d8) at /tmp/guix-build-php-7.1.2.drv-0/php-7.1.2/sapi/phpdbg/phpdbg.c:2156

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-02-24 08:24 UTC] julien at lepiller dot eu
I've also reproduced the crash with archlinux's phpdbg by running the following command: `phpdbg -d "zend_extension=/usr/lib/php/modules/opcache.so" -f test.php` and an included file with modification time of 0. So it affects at least two distributions.
 [2023-04-12 06:03 UTC] travelblogtrends at gmail dot com
Fashion Beauty Guides are sharing latest news about fashion, shopping, clothing, lifestyle, beauty etc. More info to visit:(https://fashionbeautyguides.com)github.com
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 30 14:01:28 2024 UTC