php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74594 SEGFAULT on /usr/lib/apache2/modules/libphp7.so (sljit_generate_code)
Submitted: 2017-05-15 09:29 UTC Modified: 2017-05-28 04:22 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: antonio dot tauro at ophion dot ch Assigned:
Status: No Feedback Package: PCRE related
PHP Version: 7.1.4 OS: Debian GNU/Linux 8
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: antonio dot tauro at ophion dot ch
New email:
PHP Version: OS:

 

 [2017-05-15 09:29 UTC] antonio dot tauro at ophion dot ch
Description:
------------
We have a Wordpress (up-to-date) installation where segfault happen sometimes while using the Admin interface (Updating a Plugin, activating a Plugin etc.)

It isn't reproducible. But it happens quite often. A Segfault is thrown on the running apache process and our nginx reverse proxy gives back a HTTP 502.

I'm not sure if the bug should also be reported to the Wordpress team, but the gdb trace shows, that the SIGSEGV happens in 

#0  0x00007fdacc214fab in sljit_generate_code () from /usr/lib/apache2/modules/libphp7.so


OS (Docker Container):

root@68cf7ac54815:/var/www/html# cat /etc/issue                                                                                                                                                                                                                                           
Debian GNU/Linux 8 \n \l    

Docker Image: wordpress:php7.1


PHP Version:

root@68cf7ac54815:/var/www/html# php -v                                                                                                                                                                                                                                                   
PHP 7.1.4 (cli) (built: Apr 25 2017 03:23:01) ( NTS )                                                                                                                                                                                                                                     
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.1.0, Copyright (c) 1998-2017 Zend Technologies
    with Zend OPcache v7.1.4, Copyright (c) 1999-2017, by Zend Technologies

Apache Version:
root@68cf7ac54815:/var/www/html# apache2 -v                                                                                                                                                                                                                                               
Server version: Apache/2.4.10 (Debian)                                                                                                                                                                                                                                                    
Server built:   Feb 24 2017 18:40:28


===

FULL GDB TRACE 

===

root@68cf7ac54815:/var/www/html# gdb /usr/sbin/apache2 core
\GNU gdb (Debian 7.7.1+dfsg-5) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/sbin/apache2...(no debugging symbols found)...done.
[New LWP 941]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `apache2 -DFOREGROUND'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007fdacc214fab in sljit_generate_code () from /usr/lib/apache2/modules/libphp7.so
(gdb) bt
#0  0x00007fdacc214fab in sljit_generate_code () from /usr/lib/apache2/modules/libphp7.so
#1  0x00007fdacc239a0c in _pcre_jit_compile () from /usr/lib/apache2/modules/libphp7.so
#2  0x00007fdacc213b5d in php_pcre_study () from /usr/lib/apache2/modules/libphp7.so
#3  0x00007fdacc23be20 in pcre_get_compiled_regex_cache () from /usr/lib/apache2/modules/libphp7.so
#4  0x00007fdacc23d619 in php_do_pcre_match () from /usr/lib/apache2/modules/libphp7.so
#5  0x00007fdacc57bdc6 in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER () from /usr/lib/apache2/modules/libphp7.so
#6  0x00007fdacc56a8fb in execute_ex () from /usr/lib/apache2/modules/libphp7.so
#7  0x00007fdacc5c69f0 in zend_execute () from /usr/lib/apache2/modules/libphp7.so
#8  0x00007fdacc521353 in zend_execute_scripts () from /usr/lib/apache2/modules/libphp7.so
#9  0x00007fdacc4bd5f0 in php_execute_script () from /usr/lib/apache2/modules/libphp7.so
#10 0x00007fdacc5c890a in php_handler () from /usr/lib/apache2/modules/libphp7.so
#11 0x00007fdad0c51690 in ap_run_handler ()
#12 0x00007fdad0c51bd9 in ap_invoke_handler ()
#13 0x00007fdad0c67ab2 in ap_process_async_request ()
#14 0x00007fdad0c67c50 in ap_process_request ()
#15 0x00007fdad0c64552 in ?? ()
#16 0x00007fdad0c5af40 in ap_run_process_connection ()
#17 0x00007fdacd0647ba in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#18 0x00007fdacd064a01 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#19 0x00007fdacd064a72 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#20 0x00007fdacd06573c in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#21 0x00007fdad0c357ee in ap_run_mpm ()
#22 0x00007fdad0c2e5f3 in main ()


Expected result:
----------------
Process shouldn't end with a Segmentation Fault. Request should be treated without problems.

Actual result:
--------------
Segmentation Fault is thrown. Upstream doesn't give back a response. Reverse Proxy request results with a 502.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-05-15 14:31 UTC] emir@php.net
-PHP Version: 7.1.5 +PHP Version: 7.1.4
 [2017-05-15 19:03 UTC] ab@php.net
-Status: Open +Status: Feedback
 [2017-05-15 19:03 UTC] ab@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.

Probably as a workaround you could set pcre.jit=0.

Thanks.
 [2017-05-28 04:22 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 [2020-10-12 13:41 UTC] maroszek at gmx dot net
I can reproduce this issue on a Raspberry Pi 3 (ARM). It works flawlessly on any Intel/AMD CPU i had floating around.

Build PHP 7.4.11 using ./configure --disable-all

------------------- Backtrace -----------------
Program received signal SIGSEGV, Segmentation fault.
sljit_generate_code (compiler=0x76cf0930, compiler@entry=0x49ba80) at /home/pi/php-7.4.11/ext/pcre/pcre2lib/sljit/sljitNativeARM_32.c:799
799                             if (*buf_ptr & (1 << 23))
(gdb) bt
#0  sljit_generate_code (compiler=0x76cf0930, compiler@entry=0x49ba80) at /home/pi/php-7.4.11/ext/pcre/pcre2lib/sljit/sljitNativeARM_32.c:799
#1  0x000abdfc in jit_compile (code=code@entry=0x49bc78, mode=mode@entry=1) at /home/pi/php-7.4.11/ext/pcre/pcre2lib/pcre2_jit_compile.c:13677
#2  0x000acda8 in php_pcre2_jit_compile (code=code@entry=0x49bc78, options=options@entry=1) at /home/pi/php-7.4.11/ext/pcre/pcre2lib/pcre2_jit_compile.c:13831
#3  0x000ccb2c in pcre_get_compiled_regex_cache_ex (regex=0x76a9a380, locale_aware=locale_aware@entry=1) at /home/pi/php-7.4.11/ext/pcre/php_pcre.c:800
#4  0x000ce7fc in pcre_get_compiled_regex_cache (regex=<optimized out>) at /home/pi/php-7.4.11/ext/pcre/php_pcre.c:888
#5  php_do_pcre_match (execute_data=0x76a130a0, return_value=0x7effbc40, global=1) at /home/pi/php-7.4.11/ext/pcre/php_pcre.c:1134
#6  0x00236a98 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER (execute_data=0x76a13010) at /home/pi/php-7.4.11/Zend/zend_vm_execute.h:1269
#7  0x002350bc in execute_ex (ex=<optimized out>) at /home/pi/php-7.4.11/Zend/zend_vm_execute.h:53581
#8  0x00282c2c in zend_execute (op_array=0x76a7e000, return_value=<optimized out>) at /home/pi/php-7.4.11/Zend/zend_vm_execute.h:57883
#9  0x001f8ec0 in zend_execute_scripts (type=type@entry=8, retval=0x3, file_count=3) at /home/pi/php-7.4.11/Zend/zend.c:1677
#10 0x00198910 in php_execute_script (primary_file=0x7effe178, primary_file@entry=0x7effe170) at /home/pi/php-7.4.11/main/main.c:2621
#11 0x002848e8 in do_cli (argc=2130698740, argv=0x49bc48) at /home/pi/php-7.4.11/sapi/cli/php_cli.c:964
#12 0x0003dca0 in main (argc=0, argv=0x2) at /home/pi/php-7.4.11/sapi/cli/php_cli.c:1359


------------------- Script used -----------------
<?php

$data = '
<!doctype html public "-//w3c//dtd html 3.2//en">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="refresh" content="60">
<meta http-equiv="expires" content="2000/01/01">
<meta http-equiv="cache-control" content="must-revalidate">
<meta name="generator" content="Wetterstation Bedien- und Auswertesoftware - V2.99.8">
<meta name="author" content="© 1999-2019  Werner Krenn">
<meta name="date" content="12.10.2020">
<META NAME="Keywords" CONTENT="Wetter, Auswertung Wetterstation, Wind, Regen, Temperatur, Feuchte, Luftdruck">

<title>Wetterdaten -  Montag, 12.10.2020 - Bremen-Findorff &nbsp; &nbsp; 13 m über NN</title>

<style type="text/css">
<!--
TD {FONT-FAMILY: Arial; color: Silver; font-size: 9pt; text-align: right; }
TH {FONT-FAMILY: Arial; color: Silver; font-size: 9pt; text-align: center; background-color: #000000;}
-->
</style>
</head>

<body bgcolor="#000000">
<table border="0">
<tr><td style="text-align: left; FONT-FAMILY: Arial; color: Silver; font-size: 12pt;">
<strong>Wetterdaten:  aktuell  Montag, 12.10.2020 14:37</strong>
</td></tr>
</table>
<table border="1" cellspacing="0" cellpadding="4">
<tr>
<th><nobr>Datum</nobr></th>
<th>Zeit</th>
<th><nobr>Temperatur</nobr></th>
<th><nobr>Feuchte</nobr></th>
<th><nobr>Luftdruck</nobr></th>
<th><nobr>Regen</nobr></th>
<th>Wind</th>
<th><nobr>Richtung</nobr></th>
<th><nobr>Richtung</nobr></th>
<th><nobr>Sonnenschein</nobr></th>
<th>ET</th>
<th>UV</th>
<th><nobr>Solar</nobr></th>
<th><nobr>Taupunkt</nobr></th>
<th><nobr>Windböen</nobr></th>
</tr>
<tr>
<td><nobr>12.10.2020</nobr></td>
<td><nobr>14:37</nobr></td>
<td><nobr>11,8 °C</nobr></td>
<td>89 %</td>
<td><nobr>1016,9 hPa</nobr></td>
<td><nobr>0,0 mm</nobr></td>
<td><nobr>5,6 km/h (1 Bft)</nobr></td>
<td>S-SW</td>
<td><nobr>211 °</nobr></td>
<td><nobr>1 min</nobr></td>
<td><nobr>0,000 mm</nobr></td>
<td><nobr>1,2 UV-I</nobr></td>
<td><nobr>401 W/m²</nobr></td>
<td><nobr>10,0 °C</nobr></td>
<td><nobr>9,7 km/h (2 Bft)</nobr></td>
</tr>
<tr>
<td><nobr>12.10.2020</nobr></td>
<td><nobr>14:36</nobr></td>
<td><nobr>11,8 °C</nobr></td>
<td>90 %</td>
<td><nobr>1016,9 hPa</nobr></td>
<td><nobr>0,0 mm</nobr></td>
<td><nobr>5,4 km/h (1 Bft)</nobr></td>
<td>S-SW</td>
<td><nobr>194 °</nobr></td>
<td><nobr>1 min</nobr></td>
<td><nobr>0,000 mm</nobr></td>
<td><nobr>1,2 UV-I</nobr></td>
<td><nobr>401 W/m²</nobr></td>
<td><nobr>10,2 °C</nobr></td>
<td><nobr>8,0 km/h (2 Bft)</nobr></td>
</tr>
<tr>
<td><nobr>12.10.2020</nobr></td>
<td><nobr>14:35</nobr></td>
<td><nobr>11,7 °C</nobr></td>
<td>90 %</td>
<td><nobr>1016,9 hPa</nobr></td>
<td><nobr>0,0 mm</nobr></td>
<td><nobr>5,4 km/h (1 Bft)</nobr></td>
<td>S-SW</td>
<td><nobr>202 °</nobr></td>
<td><nobr>1 min</nobr></td>
<td><nobr>0,000 mm</nobr></td>
<td><nobr>1,2 UV-I</nobr></td>
<td><nobr>404 W/m²</nobr></td>
<td><nobr>10,1 °C</nobr></td>
<td><nobr>8,0 km/h (2 Bft)</nobr></td>
</tr>
<tr>
<td><nobr>12.10.2020</nobr></td>
<td><nobr>14:34</nobr></td>
<td><nobr>11,7 °C</nobr></td>
<td>90 %</td>
<td><nobr>1017,0 hPa</nobr></td>
<td><nobr>0,0 mm</nobr></td>
<td><nobr>5,7 km/h (1 Bft)</nobr></td>
<td>S-SW</td>
<td><nobr>200 °</nobr></td>
<td><nobr>1 min</nobr></td>
<td><nobr>0,000 mm</nobr></td>
<td><nobr>1,2 UV-I</nobr></td>
<td><nobr>406 W/m²</nobr></td>
<td><nobr>10,1 °C</nobr></td>
<td><nobr>8,0 km/h (2 Bft)</nobr></td>
</tr>
<tr>
<td><nobr>12.10.2020</nobr></td>
<td><nobr>14:33</nobr></td>
<td><nobr>11,7 °C</nobr></td>
<td>90 %</td>
<td><nobr>1017,0 hPa</nobr></td>
<td><nobr>0,0 mm</nobr></td>
<td><nobr>5,7 km/h (1 Bft)</nobr></td>
<td>S-SW</td>
<td><nobr>193 °</nobr></td>
<td><nobr>0 min</nobr></td>
<td><nobr>0,000 mm</nobr></td>
<td><nobr>1,0 UV-I</nobr></td>
<td><nobr>197 W/m²</nobr></td>
<td><nobr>10,1 °C</nobr></td>
<td><nobr>9,7 km/h (2 Bft)</nobr></td>
</tr>
<tr>
<td><nobr>12.10.2020</nobr></td>
<td><nobr>14:32</nobr></td>
<td><nobr>11,8 °C</nobr></td>
<td>90 %</td>
<td><nobr>1017,0 hPa</nobr></td>
<td><nobr>0,0 mm</nobr></td>
<td><nobr>4,8 km/h (1 Bft)</nobr></td>
<td>S-SW</td>
<td><nobr>193 °</nobr></td>
<td><nobr>0 min</nobr></td>
<td><nobr>0,000 mm</nobr></td>
<td><nobr>1,0 UV-I</nobr></td>
<td><nobr>185 W/m²</nobr></td>
<td><nobr>10,2 °C</nobr></td>
<td><nobr>8,0 km/h (2 Bft)</nobr></td>
</tr>
<tr>
<th>_</th>
<th><nobr>Min-Zeit</nobr></th>
<th><nobr>05:57</nobr></th>
<th><nobr>15:27</nobr></th>
<th><nobr>15:00</nobr></th>
<th>-</th>
<th><nobr>05:22</nobr></th>
<th>-</th>
<th>-</th>
<th>-</th>
<th>-</th>
<th>-</th>
<th>-</th>
<th><nobr>05:57</nobr></th>
<th><nobr>05:22</nobr></th>
</tr>
<tr>
<th><nobr>Minimum</nobr></th>
<th>_</th>
<th colspan=1 style="background-color: #ffffff;">6,7 °C</th>
<th colspan=1 style="background-color: #ffffff;">75 %</th>
<th colspan=1 style="background-color: #ffffff;">1015,1 hPa</th>
<th colspan=1 style="background-color: #ffffff;">-</th>
<th colspan=1 style="background-color: #ffffff;">0,0 km/h (0 Bft)</th>
<th colspan=1 style="background-color: #ffffff;">-</th>
<th colspan=1 style="background-color: #ffffff;">-</th>
<th colspan=1 style="background-color: #ffffff;">-</th>
<th colspan=1 style="background-color: #ffffff;">-</th>
<th colspan=1 style="background-color: #ffffff;">-</th>
<th colspan=1 style="background-color: #ffffff;">-</th>
<th colspan=1 style="background-color: #ffffff;">5,8 °C</th>
<th colspan=1 style="background-color: #ffffff;">0,0 km/h (0 Bft)</th>
</tr>
<tr>
<th>_</th>
<th><nobr>Max-Zeit</nobr></th>
<th><nobr>15:42</nobr></th>
<th><nobr>07:44</nobr></th>
<th><nobr>09:20</nobr></th>
<th><nobr>21:05</nobr></th>
<th><nobr>17:52</nobr></th>
<th>-</th>
<th>-</th>
<th><nobr>15:06</nobr></th>
<th><nobr>15:59</nobr></th>
<th><nobr>14:23</nobr></th>
<th><nobr>11:25</nobr></th>
<th><nobr>14:30</nobr></th>
<th><nobr>16:24</nobr></th>
</tr>
<tr>
<th><nobr>Maximum</nobr></th>
<th>_</th>
<th colspan=1 style="background-color: #ffffff;">12,2 °C</th>
<th colspan=1 style="background-color: #ffffff;">95 %</th>
<th colspan=1 style="background-color: #ffffff;">1018,0 hPa</th>
<th colspan=1 style="background-color: #ffffff;">0,2 mm</th>
<th style="background-color: #ffffff;"><nobr>15,1 km/h</nobr><br>S-SW (3 Bft)</th>
<th colspan=1 style="background-color: #ffffff;">-</th>
<th colspan=1 style="background-color: #ffffff;">-</th>
<th colspan=1 style="background-color: #ffffff;">1 min</th>
<th colspan=1 style="background-color: #ffffff;">0,102 mm</th>
<th colspan=1 style="background-color: #ffffff;">1,3 UV-I</th>
<th colspan=1 style="background-color: #ffffff;">548 W/m²</th>
<th colspan=1 style="background-color: #ffffff;">10,4 °C</th>
<th style="background-color: #ffffff;"><nobr>25,7 km/h</nobr><br>W-SW (4 Bft)</th>
</tr>
<tr>
<th><nobr>Durchschnitt</nobr></th>
<th>_</th>
<th><nobr>9,4 °C</nobr></th>
<th>90 %</th>
<th><nobr>1016,9 hPa</nobr></th>
<th><nobr>#1,2 mm</nobr></th>
<th><nobr>4,5 km/h (1 Bft)</nobr></th>
<th>S-SW</th>
<th>-</th>
<th><nobr>#1:01 h</nobr></th>
<th><nobr>#0,381 mm</nobr></th>
<th><nobr>0,7 UV-I</nobr></th>
<th><nobr>144 W/m²</nobr></th>
<th><nobr>7,7 °C</nobr></th>
<th><nobr>7,7 km/h (2 Bft)</nobr></th>
</tr>
</table>
</body>
</html>
';

$data=preg_replace("#[\r\n]#", '', $data);

preg_match_all('#'.
        '<td>(?:<nobr>)?(?<Datum>[\d]{2}+[\.]+[\d]{2}+[\.]+[\d]{4})(?:</nobr>)?</td>'.
        '<td>(?:<nobr>)?(?<Zeit>[\d]{2}+[\:]+[\d]{2})(?:</nobr>)?</td>'.
        '<td>(?:<nobr>)?(?<Temperatur>.+?)(?:</nobr>)?</td>'.
        '<td>(?:<nobr>)?(?<Feuchte>.+?)(?:</nobr>)?</td>'.
        '<td>(?:<nobr>)?(?<Luftdruck>.+?)(?:</nobr>)?</td>'.
        '<td>(?:<nobr>)?(?<Regen>.+?)(?:</nobr>)?</td>'.
        '<td>(?:<nobr>)?(?<Wind>.+?)(?:</nobr>)?</td>'.
        '<td>(?:<nobr>)?(?<Richtung>.+?)(?:</nobr>)?</td>'.
        '<td>(?:<nobr>)?(?<Richtung1>.+?)(?:</nobr>)?</td>'.
        '<td>(?:<nobr>)?(?<Sonnenschein>.+?)(?:</nobr>)?</td>'.
        '<td>(?:<nobr>)?(?<Evapotranspiration>.+?)(?:</nobr>)?</td>'.
        '<td>(?:<nobr>)?(?<uv>.+?)(?:</nobr>)?</td>'.
        '<td>(?:<nobr>)?(?<Solar>.+?)(?:</nobr>)?</td>'.
        '<td>(?:<nobr>)?(?<Taupunkt>.+?)(?:</nobr>)?</td>'.
        '<td>(?:<nobr>)?(?<Windboeen>.+?)(?:</nobr>)?</td>'.
        '#', $data, $matches);
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu May 30 17:01:32 2024 UTC