php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74907 coredump happend when use lua closure in php-fpm
Submitted: 2017-07-12 02:06 UTC Modified: 2017-07-12 03:44 UTC
From: weida at didichuxing dot com Assigned: laruence (profile)
Status: Closed Package: lua (PECL)
PHP Version: 7.0.21 OS: GNU/Linux 2.6.32-431.el6.x86_64
Private report: No CVE-ID: None
 [2017-07-12 02:06 UTC] weida at didichuxing dot com
Description:
------------
Code in index.php is here:

$lua = new Lua("/home/xiaoju/lua/hello.lua");
$lua_closure = $lua->eval(<<<LUA
       return (function (from)
          print(from);
       end);
LUA
);

This bug only happens in php-fpm!
When we use php script like "php -f index.php", it's worked.

coredump like this:

gdb sbin/php-fpm core.886
Program terminated with signal 11, Segmentation fault.
#0  0x00007fc18780481a in lua_rawgeti (L=0x2da7108, idx=-1001000, n=0) at lapi.c:662
662       setobj2s(L, L->top, luaH_getint(hvalue(t), n));
(gdb) bt
#0  0x00007fc18780481a in lua_rawgeti (L=0x2da7108, idx=-1001000, n=0) at lapi.c:662
#1  0x00007fc18781edc2 in luaL_unref (L=0x2da7108, t=-1001000, ref=3) at lauxlib.c:619
#2  0x00007fc18780272e in zim_lua_closure___destruct (execute_data=0x7fc18ec173c0, return_value=0x7fff3d7b7850)
    at /home/xiaoju/php/extensions/lua-2.0.3/lua_closure.c:80
#3  0x00000000007eb208 in zend_call_function (fci=0x7fff3d7b77b0, fci_cache=0x7fff3d7b7800) at /home/xiaoju/php-7.0.6/Zend/zend_execute_API.c:885
#4  0x0000000000816a77 in zend_call_method (object=0x7fff3d7b78c0, obj_ce=<value optimized out>, fn_proxy=<value optimized out>, 
    function_name=0xd92de1 "__destruct", function_name_len=<value optimized out>, retval_ptr=0x0, param_count=0, arg1=0x0, arg2=0x0)
    at /home/xiaoju/php-7.0.6/Zend/zend_interfaces.c:104
#5  0x000000000082ee80 in zend_objects_destroy_object (object=<value optimized out>) at /home/xiaoju/php-7.0.6/Zend/zend_objects.c:148
#6  0x00000000008334c1 in zend_objects_store_call_destructors (objects=0x114a630) at /home/xiaoju/php-7.0.6/Zend/zend_objects_API.c:54
#7  0x00000000007ecaa3 in shutdown_destructors () at /home/xiaoju/php-7.0.6/Zend/zend_execute_API.c:242
#8  0x00000000007f8304 in zend_call_destructors () at /home/xiaoju/php-7.0.6/Zend/zend.c:952
#9  0x000000000079b555 in php_request_shutdown (dummy=<value optimized out>) at /home/xiaoju/php-7.0.6/main/main.c:1780
#10 0x000000000089875b in main (argc=<value optimized out>, argv=<value optimized out>) at /home/xiaoju/php-7.0.6/sapi/fpm/fpm/fpm_main.c:1996
(gdb) quit

Test script:
---------------
Code in index.php is here:

$lua = new Lua("/home/xiaoju/lua/hello.lua");
$lua_closure = $lua->eval(<<<LUA
       return (function (from)
          print(from);
       end);
LUA
);


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-07-12 02:44 UTC] laruence@php.net
what does hello.lua look like?
 [2017-07-12 02:49 UTC] weida at didichuxing dot com
[xiaoju@kvm09230 lua]$ cat hello.lua 

g_name = "From Lua";

function test()
   callphp("hello", 2)
   return (function()   end);
end


By the way, lua version is 5.3.4
 [2017-07-12 02:54 UTC] laruence@php.net
this bug may be already fixed in repo: https://github.com/laruence/php-lua

please try to test it
 [2017-07-12 03:38 UTC] weida at didichuxing dot com
It's worked.
Thanks.
 [2017-07-12 03:44 UTC] laruence@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: laruence
 [2017-07-12 03:44 UTC] laruence@php.net
okey, I made a new release: https://pecl.php.net/package/lua 2.0.4
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sat Jul 04 16:01:27 2020 UTC