php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75375 SIGSEGV in zend_hash_str_find()
Submitted: 2017-10-13 20:11 UTC Modified: 2017-11-05 04:22 UTC
Votes:6
Avg. Score:4.7 ± 0.5
Reproduced:6 of 6 (100.0%)
Same Version:2 (33.3%)
Same OS:0 (0.0%)
From: stefan dot beyer at xornet dot de Assigned:
Status: No Feedback Package: Reproducible crash
PHP Version: 7.1.10 OS: Ubuntu 16.04
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2017-10-13 20:11 UTC] stefan dot beyer at xornet dot de
Description:
------------
PHP crashes when running REDOX CMS in built-in server.

Exact PHP Version:

PHP 7.1.10-1+ubuntu16.04.1+deb.sury.org+1 (cli)
Zend Engine v3.1.0
    with Zend OPcache v7.1.10-1+ubuntu16.04.1+deb.sury.org+1


With disabled Zend MM (export USE_ZEND_ALLOC=0) the problem does not occur.

Could not locate the code that causes the crash.
I was running REDOX 5.4.0 Content Management System (https://github.com/redox-os/redox) 



Actual result:
--------------
PHP crashes with Segmentation fault.

Program received signal SIGSEGV, Segmentation fault.
0x00005555557d661b in zend_hash_str_find ()
(gdb) bt
#0  0x00005555557d661b in zend_hash_str_find ()
#1  0x000055555563fc8b in ?? ()
#2  0x0000555555641f16 in get_timezone_info ()
#3  0x0000555555643fad in php_format_date ()
#4  0x000055555586ccbb in ?? ()
#5  0x000055555586fc55 in ?? ()
#6  0x0000555555870359 in ?? ()
#7  0x0000555555871119 in do_cli_server ()
#8  0x000055555563af93 in main ()


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-10-13 20:28 UTC] stefan dot beyer at xornet dot de
Typo: I meant "REDAXO CMS"
 [2017-10-15 02:37 UTC] laruence@php.net
-Status: Open +Status: Feedback
 [2017-10-15 02:37 UTC] laruence@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.


 [2017-11-05 04:22 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 [2018-01-26 16:37 UTC] php dot net at alexanderschnitzler dot de
I ecnountered the same bug with the CMS TYPO3 when clearing the cache.

Exact PHP Version:

PHP 7.1.12 (cli) (built: Dec  2 2017 12:15:25) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.1.0, Copyright (c) 1998-2017 Zend Technologies
    with Xdebug v2.5.5, Copyright (c) 2002-2017, by Derick Rethans

Backtrace:
----------

(lldb) bt
* thread #1, stop reason = signal SIGSTOP
  * frame #0: 0x000000010cb21dd2 php71`zend_hash_str_find + 412
    frame #1: 0x000000010c7755ac php71`php_date_parse_tzfile + 94
    frame #2: 0x000000010c775647 php71`get_timezone_info + 62
    frame #3: 0x000000010c7756e2 php71`php_format_date + 44
    frame #4: 0x000000010cba99bf php71`append_essential_headers + 342
    frame #5: 0x000000010cbaa4a2 php71`php_cli_server_recv_event_read_request + 892
    frame #6: 0x000000010cbab0b9 php71`php_cli_server_do_event_for_each_fd_callback + 722
    frame #7: 0x000000010cba9064 php71`do_cli_server + 2396
    frame #8: 0x000000010cba4128 php71`main + 1162

I try to find the exact place and create a script to reproduce the issue but so far I couldn't locate it.
 [2018-01-26 16:57 UTC] php dot net at alexanderschnitzler dot de
I tried to locate the spot where it crashes and after I could reliably trigger a request that causes the segmentation fault, I tried to debug with xdebug to the exact spot. However that wasn't possible as the segmentation fault occurred even after php destructed all objects. I realized that only because I had a breakpoint in a destructor and after leaving the method, the process crashed. It's quite sad but I can't contribute any more to this bug report.
 [2018-07-14 23:39 UTC] loic at dachary dot org
The bug report at https://github.com/nextcloud/server/issues/10241 contains detailed instructions to reproduce this bug in a controlled environment (a docker container).
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sun Nov 28 02:03:13 2021 UTC