php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75239 segfault when calling datefmt_create in FreeBSD 11.1
Submitted: 2017-09-21 06:45 UTC Modified: 2021-08-13 13:35 UTC
From: me at nanaya dot pro Assigned: cmb (profile)
Status: Closed Package: intl (PECL)
PHP Version: 7.1.9 OS: FreeBSD 11.1-RELEASE (amd64)
Private report: No CVE-ID: None
 [2017-09-21 06:45 UTC] me at nanaya dot pro
Description:
------------
Compiled with:

./configure --prefix=/opt/php71 --disable-all --enable-intl=/usr/local && make && make install

And then segfaults when running provided code.

Doesn't happen in FreeBSD 11.0 (or in 11.1 using binary compiled by 11.0).
Doesn't happen when using ports/pkg.
Happens when using pkgsrc.

Test script:
---------------
<?php
datefmt_create('en',1,1);

Actual result:
--------------
#0  instanceof_function (instance_ce=0x3, ce=0x803033000) at zend_operators.c:2206
2206                    instance_ce = instance_ce->parent;
Current language:  auto; currently minimal
(gdb) bt
#0  instanceof_function (instance_ce=0x3, ce=0x803033000) at zend_operators.c:2206
#1  0x00000000004c34f7 in timezone_process_timezone_argument (zv_timezone=0x7fffffffc950, outside_error=<value optimized out>, func=<value optimized out>) at /root/builds/php-7.1.9/ext/intl/timezone/timezone_class.cpp:146
#2  0x00000000004bae47 in datefmt_ctor (execute_data=<value optimized out>, return_value=0x7fffffffcc18, is_constructor=<value optimized out>) at /root/builds/php-7.1.9/ext/intl/dateformat/dateformat_create.cpp:121
#3  0x00000000004babf9 in zif_datefmt_create (execute_data=<value optimized out>, return_value=0x7fffffffcc18) at /root/builds/php-7.1.9/ext/intl/dateformat/dateformat_create.cpp:199
#4  0x000000000064c1e6 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER (execute_data=0x803214030) at zend_vm_execute.h:628
#5  0x00000000006155b8 in execute_ex (ex=0x803214030) at zend_vm_execute.h:432
#6  0x000000000061586c in zend_execute (op_array=0x803279000, return_value=<value optimized out>) at zend_vm_execute.h:474
#7  0x00000000005d2c83 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at zend.c:1480
#8  0x000000000057291e in php_execute_script (primary_file=0x7fffffffe800) at main.c:2552
#9  0x000000000067854c in do_cli (argc=<value optimized out>, argv=<value optimized out>) at php_cli.c:993
#10 0x0000000000677780 in main (argc=2, argv=0x7fffffffea70) at php_cli.c:1381


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-11-30 11:48 UTC] me at nanaya dot pro
Still segfaulting with 7.2.0.

$ ~/apps/php72-test/bin/php --version
PHP 7.2.0 (cli) (built: Nov 30 2017 20:43:47) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2017 Zend Technologies
$ cat hh.php
<?php datefmt_create('en',1,1);
$ ~/apps/php72-test/bin/php hh.php
Segmentation fault (core dumped)
$ gdb ~/apps/php72-test/bin/php php.core
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...
Core was generated by `/home/edho/apps/php72-test/bin/php hh.php'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libcrypt.so.5...done.
Loaded symbols for /lib/libcrypt.so.5
Reading symbols from /usr/lib/libc++.so.1...done.
Loaded symbols for /usr/lib/libc++.so.1
Reading symbols from /lib/libcxxrt.so.1...done.
Loaded symbols for /lib/libcxxrt.so.1
Reading symbols from /usr/lib/librt.so.1...done.
Loaded symbols for /usr/lib/librt.so.1
Reading symbols from /lib/libm.so.5...done.
Loaded symbols for /lib/libm.so.5
Reading symbols from /usr/local/lib/libicui18n.so.60...done.
Loaded symbols for /usr/local/lib/libicui18n.so.60
Reading symbols from /usr/local/lib/libicuuc.so.60...done.
Loaded symbols for /usr/local/lib/libicuuc.so.60
Reading symbols from /usr/local/lib/libicudata.so.60...
warning: Lowest section in /usr/local/lib/libicudata.so.60 is .hash at 0000000000000120
done.
Loaded symbols for /usr/local/lib/libicudata.so.60
Reading symbols from /usr/local/lib/libicuio.so.60...done.
Loaded symbols for /usr/local/lib/libicuio.so.60
Reading symbols from /lib/libgcc_s.so.1...done.
Loaded symbols for /lib/libgcc_s.so.1
Reading symbols from /lib/libc.so.7...done.
Loaded symbols for /lib/libc.so.7
Reading symbols from /lib/libthr.so.3...done.
Loaded symbols for /lib/libthr.so.3
Reading symbols from /libexec/ld-elf.so.1...done.
Loaded symbols for /libexec/ld-elf.so.1
#0  instanceof_function (instance_ce=0x3, ce=0x803325200) at zend_operators.c:2216
2216                    instance_ce = instance_ce->parent;
(gdb) bt
#0  instanceof_function (instance_ce=0x3, ce=0x803325200) at zend_operators.c:2216
#1  0x00000000004e35b7 in timezone_process_timezone_argument (zv_timezone=0x7fffffffc820, outside_error=<value optimized out>, func=<value optimized out>) at /home/edho/builds/php-7.2.0/ext/intl/timezone/timezone_class.cpp:146
#2  0x00000000004dade7 in datefmt_ctor (execute_data=<value optimized out>, return_value=0x7fffffffcae0, is_constructor=<value optimized out>) at /home/edho/builds/php-7.2.0/ext/intl/dateformat/dateformat_create.cpp:121
#3  0x00000000004dab99 in zif_datefmt_create (execute_data=<value optimized out>, return_value=0x7fffffffcae0) at /home/edho/builds/php-7.2.0/ext/intl/dateformat/dateformat_create.cpp:199
#4  0x000000000069dd24 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER (execute_data=0x80341c030) at zend_vm_execute.h:573
#5  0x0000000000642818 in execute_ex (ex=0x80341c030) at zend_vm_execute.h:59726
#6  0x00000000006429a2 in zend_execute (op_array=0x8034792a0, return_value=<value optimized out>) at zend_vm_execute.h:63763
#7  0x00000000005ff6e3 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at zend.c:1496
#8  0x000000000059d8f7 in php_execute_script (primary_file=0x7fffffffe6c0) at main.c:2592
#9  0x00000000006ce5ec in do_cli (argc=<value optimized out>, argv=<value optimized out>) at php_cli.c:1011
#10 0x00000000006cd814 in main (argc=2, argv=0x7fffffffe940) at php_cli.c:1404
Current language:  auto; currently minimal
(gdb)
 [2018-01-12 16:45 UTC] igor-php at grinchenko dot org
it seems like freebsd 11.1 stock llvm40 compiler is the issue.

gcc6 from ports has the same issue but the coredump is different.

llvm38 and llvm50 from ports produce php binaries that do not segfault:

# cat hh.php 
<?php datefmt_create('en',1,1);
# for a in /usr/local/php-7.2.1-gcc/bin/php /usr/local/php-7.2.1-clang38/bin/php /usr/local/php-7.2.1-clang50/bin/php /usr/local/php-7.2.1-clang40/bin/php; do echo ${a}; ${a} hh.php ; done

/usr/local/php-7.2.1-gcc/bin/php
Segmentation fault (core dumped)
/usr/local/php-7.2.1-clang38/bin/php
/usr/local/php-7.2.1-clang50/bin/php
/usr/local/php-7.2.1-clang40/bin/php
Segmentation fault (core dumped)
 [2018-01-12 16:53 UTC] me at nanaya dot pro
Interesting. Need to check how ports compile it though because I don't remember it using an external compiler.
 [2021-08-13 13:18 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2021-08-13 13:18 UTC] cmb@php.net
Is this still an issue with any of the actively supported PHP
versions[1]?  If so, it still looks like a compiler issue, doesn't
it?

[1] <https://www.php.net/supported-versions.php>
 [2021-08-13 13:31 UTC] me at nanaya dot pro
-Status: Feedback +Status: Closed
 [2021-08-13 13:31 UTC] me at nanaya dot pro
I haven't seen the error recently so I think it's okay to close this.
 [2021-08-13 13:35 UTC] cmb@php.net
Thanks for the swift reply!
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sun Sep 19 17:03:36 2021 UTC