php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75357 segfault loading WordPress wp-admin
Submitted: 2017-10-10 23:56 UTC Modified: 2017-10-14 15:23 UTC
From: justin at serverpilot dot io Assigned:
Status: Closed Package: opcache
PHP Version: 7.2.0RC3 OS: Ubuntu 16.04 x64
Private report: No CVE-ID: None
 [2017-10-10 23:56 UTC] justin at serverpilot dot io
Description:
------------
Loading the WordPress admin interface ("/wp-admin") results in a segfault.

This crash started with RC3 (RC2 worked fine). The problem is still happening with RC4.

Disabling the opcache fixes the problem.

No non-core extensions are loaded.

Only tested with FPM.

I can provide access to a test server, if desired.

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x000055ff60010cf0 in ZEND_SUB_LONG_SPEC_TMPVARCV_TMPVARCV_HANDLER () at /opt/sp/packages/php7.2/build/build/php-7.2.0RC4/Zend/zend_vm_execute.h:54366
54366   /opt/sp/packages/php7.2/build/build/php-7.2.0RC4/Zend/zend_vm_execute.h: No such file or directory.
(gdb) bt
#0  0x000055ff60010cf0 in ZEND_SUB_LONG_SPEC_TMPVARCV_TMPVARCV_HANDLER () at /opt/sp/packages/php7.2/build/build/php-7.2.0RC4/Zend/zend_vm_execute.h:54366
#1  execute_ex (ex=0x50) at /opt/sp/packages/php7.2/build/build/php-7.2.0RC4/Zend/zend_vm_execute.h:63628
#2  0x000055ff6001681e in zend_execute (op_array=0x7fa054473000, op_array@entry=0x7fa0428a1278, return_value=0x0, return_value@entry=0x7fa05441ceb0)
    at /opt/sp/packages/php7.2/build/build/php-7.2.0RC4/Zend/zend_vm_execute.h:63763
#3  0x000055ff5ff65533 in zend_execute_scripts (type=type@entry=8, retval=0x7fa05441ceb0, retval@entry=0x0, file_count=file_count@entry=3)
    at /opt/sp/packages/php7.2/build/build/php-7.2.0RC4/Zend/zend.c:1496
#4  0x000055ff5ff00cb0 in php_execute_script (primary_file=0x7fff91746a50) at /opt/sp/packages/php7.2/build/build/php-7.2.0RC4/main/main.c:2590
#5  0x000055ff5fbbca19 in main (argc=<optimized out>, argv=<optimized out>) at /opt/sp/packages/php7.2/build/build/php-7.2.0RC4/sapi/fpm/fpm/fpm_main.c:1966

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-10-12 08:34 UTC] laruence@php.net
which version of wordpress are you using?
 [2017-10-12 16:08 UTC] justin at serverpilot dot io
I've only tested with the latest WordPress version (4.8.2).

It may be only /wp-admin/index.php that triggers the problem. If clicking around in wp-admin's navigation to other pages besides /wp-admin/index.php and /wp-admin/index.php has not been requested since FPM was restarted, the other wp-admin pages don't crash.

Trying to narrow down the code where the crash is happening, here is the chain of function calls that, if any of them are not performed, the crash doesn’t happen.

In wp-admin/index.php crashes at:
<?php wp_dashboard(); ?>

Which is in wp-admin/includes/dashboard.php and crashes at:
<?php do_meta_boxes( $screen->id, 'side', '' ); ?>

Which is in wp-admin/includes/template.php and crashes at:
call_user_func($box['callback'], $object, $box);

This is the var_dump() output of $box['callback'] when it crashes:

string(24) "wp_dashboard_quick_press"

That function is in wp-admin/includes/dashboard.php and crashes at:
wp_dashboard_recent_drafts();

Which is in wp-admin/includes/dashboard.php and crashes at:
$drafts = get_posts( $query_args );

Which is in wp-includes/post.php and crashes at:
return $get_posts->query($r);

Which is in wp-includes/class-wp-query.php and crashes at:
return $this->get_posts();

I’m not sure where in WP_Query::get_posts() it’s crashing. Unfortunately I don’t have time to dig into it right now.

I hope that helps.
 [2017-10-13 15:49 UTC] justin at serverpilot dot io
Here's the rest of following the code until where it crashes.

In wp-includes/class-wp-query.php crashes at
$q['orderby'] = addslashes_gpc( $q['orderby'] );

Which is in wp-includes/formatting.php and crashes when calling:
return wp_slash($gpc);

Which is in the same file (wp-includes/formatting.php) and crashes at:
$value = addslashes( $value );

The var_dump of $value at that time is:

string(8) "modified"

The entire wp_slash() function is:

function wp_slash( $value ) {
	if ( is_array( $value ) ) {
		foreach ( $value as $k => $v ) {
			if ( is_array( $v ) ) {
				$value[$k] = wp_slash( $v );
			} else {
				$value[$k] = addslashes( $v );
			}
		}
	} else {
		$value = addslashes( $value );
	}
	return $value;
}
 [2017-10-14 00:46 UTC] laruence@php.net
please give an access to your box, you could send me via mail.  thanks
 [2017-10-14 15:13 UTC] laruence@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=abbdbc21b0f285f86ccd3ba01074fd5e9de2a26f
Log: Fixed bug #75357 (segfault loading WordPress wp-admin)
 [2017-10-14 15:13 UTC] laruence@php.net
-Status: Open +Status: Closed
 [2017-10-14 15:23 UTC] justin at serverpilot dot io
I've emailed access info for a test box to you. Thanks!
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC