php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74325 Segmation fault in zend_mm_alloc_small
Submitted: 2017-03-28 08:56 UTC Modified: 2017-04-09 04:22 UTC
From: jan dot blasko at mall dot cz Assigned:
Status: No Feedback Package: JSON related
PHP Version: 7.1.3 OS: CentOS 7
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2017-03-28 08:56 UTC] jan dot blasko at mall dot cz
Description:
------------
Segfault found in PHP 7.1.3 (4bfadd0012b966eced448497272150ffeede13136a961aacb9e71553b8e929e)

Expected result:
----------------
No crash.

Actual result:
--------------
#0  zend_mm_alloc_small (size=<optimized out>, bin_num=6, heap=0x7f1e88a00040)
    at /var/chef/cache/php-7.1.3/Zend/zend_alloc.c:1261
#1  _emalloc_56 () at /var/chef/cache/php-7.1.3/Zend/zend_alloc.c:2336
#2  0x00007f1e8f8901e0 in _array_init (arg=0x7ffcade10190, size=0)
    at /var/chef/cache/php-7.1.3/Zend/zend_API.c:1060
#3  0x00007f1e8f69444e in php_json_yyparse (parser=parser@entry=0x7ffcade11640)
    at /var/chef/cache/php-7.1.3/ext/json/json_parser.tab.c:1585
#4  0x00007f1e8f6913bb in php_json_decode_ex (return_value=return_value@entry=0x7f1e88a12270,
    str=<optimized out>, str_len=<optimized out>, options=<optimized out>, depth=<optimized out>)
    at /var/chef/cache/php-7.1.3/ext/json/json.c:209
#5  0x00007f1e8f69148f in zif_json_decode (execute_data=<optimized out>, return_value=0x7f1e88a12270)
    at /var/chef/cache/php-7.1.3/ext/json/json.c:290
#6  0x00007f1e8f92328d in ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_USED_HANDLER ()
    at /var/chef/cache/php-7.1.3/Zend/zend_vm_execute.h:876
#7  0x00007f1e8f8d304b in execute_ex (ex=<optimized out>)
    at /var/chef/cache/php-7.1.3/Zend/zend_vm_execute.h:429
#8  0x00007f1e8f87ef71 in zend_call_function (fci=fci@entry=0x7ffcade11920,
    fci_cache=fci_cache@entry=0x7ffcade118f0) at /var/chef/cache/php-7.1.3/Zend/zend_execute_API.c:846
#9  0x00007f1e8f8aad40 in zend_call_method (object=object@entry=0x7f1e719b22d8, obj_ce=0x7f1e88b7a080,
    fn_proxy=<optimized out>, function_name=function_name@entry=0x7f1e8fd099d7 "next",
    function_name_len=function_name_len@entry=4, retval_ptr=retval_ptr@entry=0x0,
    param_count=param_count@entry=0, arg1=arg1@entry=0x0, arg2=arg2@entry=0x0)
    at /var/chef/cache/php-7.1.3/Zend/zend_interfaces.c:99
#10 0x00007f1e8f8ab25a in zend_user_it_move_forward (_iter=0x7f1e719b22a0)
    at /var/chef/cache/php-7.1.3/Zend/zend_interfaces.c:228
#11 0x00007f1e8f8e8c66 in ZEND_FE_FETCH_R_SPEC_VAR_HANDLER ()
    at /var/chef/cache/php-7.1.3/Zend/zend_vm_execute.h:16816
#12 0x00007f1e8f8d304b in execute_ex (ex=<optimized out>)
    at /var/chef/cache/php-7.1.3/Zend/zend_vm_execute.h:429
#13 0x00007f1e8f87ef71 in zend_call_function (fci=fci@entry=0x7ffcade11bb0,
    fci_cache=fci_cache@entry=0x7ffcade11b80) at /var/chef/cache/php-7.1.3/Zend/zend_execute_API.c:846
#14 0x00007f1e8f7abb5d in zif_call_user_func_array (execute_data=0x7f1e88a11260, return_value=0x7f1e88a11230)
    at /var/chef/cache/php-7.1.3/ext/standard/basic_functions.c:4853
#15 0x00007f1e8f92328d in ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_USED_HANDLER ()
    at /var/chef/cache/php-7.1.3/Zend/zend_vm_execute.h:876
#16 0x00007f1e8f8d304b in execute_ex (ex=<optimized out>)
    at /var/chef/cache/php-7.1.3/Zend/zend_vm_execute.h:429
#17 0x00007f1e8f925ed4 in zend_execute (op_array=0x7f1e88a63000, op_array@entry=0x7f1e7480eaf8,
    return_value=return_value@entry=0x7f1e88a11110) at /var/chef/cache/php-7.1.3/Zend/zend_vm_execute.h:474
#18 0x00007f1e8f88e324 in zend_execute_scripts (type=type@entry=8, retval=0x7f1e88a11110, retval@entry=0x0,
    file_count=file_count@entry=3) at /var/chef/cache/php-7.1.3/Zend/zend.c:1476
#19 0x00007f1e8f82f200 in php_execute_script (primary_file=primary_file@entry=0x7ffcade13fa0)
    at /var/chef/cache/php-7.1.3/main/main.c:2537
#20 0x00007f1e8f927f52 in php_handler (r=<optimized out>)
    at /var/chef/cache/php-7.1.3/sapi/apache2handler/sapi_apache2.c:757
#21 0x00007f1e94f94280 in ap_run_handler ()
#22 0x00007f1e94f947c9 in ap_invoke_handler ()
#23 0x00007f1e94fa8bba in ap_process_async_request ()
#24 0x00007f1e94fa8e94 in ap_process_request ()
#25 0x00007f1e94fa57e2 in ap_process_http_connection ()
#26 0x00007f1e94f9d880 in ap_run_process_connection ()
#27 0x00007f1e903d180f in child_main () from /usr/lib64/httpd/modules/mod_mpm_prefork.so
#28 0x00007f1e903d1a55 in make_child () from /usr/lib64/httpd/modules/mod_mpm_prefork.so
#29 0x00007f1e903d1ab6 in startup_children () from /usr/lib64/httpd/modules/mod_mpm_prefork.so
#30 0x00007f1e903d27c0 in prefork_run () from /usr/lib64/httpd/modules/mod_mpm_prefork.so
#31 0x00007f1e94f7a5ae in ap_run_mpm ()
#32 0x00007f1e94f73b46 in main ()

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-03-28 08:57 UTC] bwoebi@php.net
-Status: Open +Status: Feedback
 [2017-03-28 08:57 UTC] bwoebi@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.


 [2017-04-09 04:22 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sun May 26 12:01:26 2019 UTC