php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74353 Segfault when killing within bash script trap code
Submitted: 2017-03-31 22:08 UTC Modified: -
From: tagliapietra dot alessandro at gmail dot com Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 7.1.4RC1 OS: Ubuntu 16.10
Private report: No CVE-ID:
 [2017-03-31 22:08 UTC] tagliapietra dot alessandro at gmail dot com
Description:
------------
We had this bug while running php within a shell script that runs the php script in loop and on a signal, sends the signal to the php process, waits for its exit and exits.
Php script itself uses the 7.1 feature of async signal handling to gracefully shutdown.

The bug only happens within the bash script, running the php script within a shell and sending the signal doesn't seems to have any issue. I've reproduced it on multiple systems (OSX and multiple linux versions).

The bash+php script is at https://gist.github.com/alex88/f2c337ea57693c2e97bff2ecc64dc8b2 if you run it and after the php script prints "Start" you ctrl-c you can see the segfault.

Expected result:
----------------
I expect the script to exit without segfault

Actual result:
--------------
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `php script.php'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x0000000000000001 in ?? ()
(gdb) bt
#0  0x0000000000000001 in ?? ()
#1  0x00005572902da267 in zend_signal_handler (signo=2, siginfo=0x7ffc82136770, context=0x7ffc82136640) at /tmp/php-src-php-7.1.4RC1/Zend/zend_signal.c:221
#2  0x00005572902d9d98 in zend_signal_handler_defer (signo=2, siginfo=0x7ffc82136770, context=0x7ffc82136640) at /tmp/php-src-php-7.1.4RC1/Zend/zend_signal.c:106
#3  <signal handler called>
#4  0x00007fbcb8ddc700 in __nanosleep_nocancel () at ../sysdeps/unix/syscall-template.S:84
#5  0x00007fbcb8ddc66a in __sleep (seconds=0) at ../sysdeps/posix/sleep.c:55
#6  0x0000557290161e71 in zif_sleep (execute_data=0x7fbcb6014090, return_value=0x7ffc82136c60) at /tmp/php-src-php-7.1.4RC1/ext/standard/basic_functions.c:4492
#7  0x0000557290301d9c in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER () at /tmp/php-src-php-7.1.4RC1/Zend/zend_vm_execute.h:628
#8  0x0000557290301679 in execute_ex (ex=0x7fbcb6014030) at /tmp/php-src-php-7.1.4RC1/Zend/zend_vm_execute.h:429
#9  0x000055729030178a in zend_execute (op_array=0x7fbcb6080000, return_value=0x0) at /tmp/php-src-php-7.1.4RC1/Zend/zend_vm_execute.h:474
#10 0x000055729029e7e1 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /tmp/php-src-php-7.1.4RC1/Zend/zend.c:1476
#11 0x0000557290204297 in php_execute_script (primary_file=0x7ffc82139320) at /tmp/php-src-php-7.1.4RC1/main/main.c:2537
#12 0x0000557290388413 in do_cli (argc=2, argv=0x557291556a70) at /tmp/php-src-php-7.1.4RC1/sapi/cli/php_cli.c:993
#13 0x00005572903895e6 in main (argc=2, argv=0x557291556a70) at /tmp/php-src-php-7.1.4RC1/sapi/cli/php_cli.c:1381

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-03-31 22:18 UTC] tagliapietra dot alessandro at gmail dot com
Tested with php 7.0 and `kill -TERM` in the bash script, it doesn't segfault and works correctly.
 [2017-04-07 08:15 UTC] laruence@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=7a796d18eefcc62a83199adb9db92913172f81b6
Log: Fixed bug #74353 (Segfault when killing within bash script trap code)
 [2017-04-07 08:16 UTC] laruence@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Thu May 25 16:01:43 2017 UTC