php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75395 Core dump in in timelib_get_time_zone_info
Submitted: 2017-10-17 06:59 UTC Modified: 2017-11-05 04:23 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: phil at jankaritech dot com Assigned:
Status: No Feedback Package: Reproducible crash
PHP Version: 7.1.10 OS: Ubuntu 16.04
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: phil at jankaritech dot com
New email:
PHP Version: OS:

 

 [2017-10-17 06:59 UTC] phil at jankaritech dot com
Description:
------------
PHP 7.1.10
Using PHP dev server
Reproduced on both Ubuntu 16.04 LTS and Ubuntu 17.10-BETA
Backtrace:
Core was generated by `php -S localhost:8080'.
Program terminated with signal SIGSEGV, Segmentation fault.

warning: Unexpected size of section `.reg-xstate/19170' in core file.
#0  0x000055dd66964ca0 in ?? ()
(gdb) bt
#0  0x000055dd66964ca0 in ?? ()
#1  0x000055dd66966984 in timelib_get_time_zone_info ()
#2  0x000055dd6696884c in timelib_unixtime2local ()
#3  0x000055dd66944fc6 in php_format_date ()
#4  0x000055dd66b6dcbb in ?? ()
#5  0x000055dd66b70c55 in ?? ()
#6  0x000055dd66b7158e in ?? ()
#7  0x000055dd66b72119 in do_cli_server ()
#8  0x000055dd6693bf93 in main ()

So far I have narrowed it down in ownCloud10 to:
- skeleton directory of default files for a new user has >45 files
- create a new user
- login as that user
The PHP server is copying these files into the user's new folder, and thumbnails get generated and AJAX calls to display the thumbnails... Sorry - it needs cutting down into a more simplified actual code example!

PHP core dumps with the above backtrace.

Use <=45 files and it works fine.

I cannot reproduce it with PHP 7.0.22 (I can switch back and forth and the segfault comes and goes)


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-10-17 09:30 UTC] derick@php.net
-Status: Open +Status: Feedback
 [2017-10-17 09:30 UTC] derick@php.net
This backtrace isn't particularly useful, as it does not have any symbols.

Right now, I am also not convinced this is a bug *in* PHP. Ubuntu patches PHP's date/time support and that sometimes has bugs too. A backtrace with debugging symbols is needed for this, but I can't find a package for Ubuntu 16.04 that does this. Curiously, 16.04 also doesn't have a php7.1 package, so I am not sure where you got that from.
 [2017-10-17 10:38 UTC] phil at jankaritech dot com
On Ubuntu 16.04 I get alternate PHP versions using:
sudo add-apt-repository ppa:ondrej/php

But the problem happens also in Ubuntu 17.10, which comes with PHP 7.1 by default. This is where I first noticed the problem.

The mention of Ubuntu 16.04 was just to demonstrate that I was able to use "the same" PHP on a different version of Ubuntu and reproduce the problem.

So I will reproduce again on Ubuntu 17.10 and see if the backtrace has more information.
 [2017-10-17 11:25 UTC] phil at jankaritech dot com
The backtrace on Ubuntu 17.10 is just the same as I posted.

If you can point to any of the following I am happy to do more:
1) a package that will give symbols for gdb to report
2) where I find the Ubuntu patching of PHP stuff, to look at the diffs
3) if I should report this somewhere to Ubuntu?
4) whatever else...
 [2017-10-17 11:55 UTC] derick@php.net
1. There should be a php-7.1-dbgsym package, at least in Ondrej's PPA
2. I had a look around, but can't find a link. You can do "apt source php7.1" though, and have a look at debian/patches/0013-Add-support-for-use-of-the-system-timezone-database.patch - the name might be slightly off, as this is with the Debian package I have locally
3. Maybe at https://deb.sury.org/#bug-reporting
 [2017-11-05 04:23 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 [2019-03-27 13:38 UTC] reiter dot christoph at gmail dot com
I just got a similar crash with Debian (PHP 7.3.3-1 (cli) (built: Mar  7 2019 19:43:34) ( NTS ))

#0  __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:120
#1  0x00005555557d7c8e in _estrdup (s=0x8000ea006368 <error: Cannot access memory at address 0x8000ea006368>) at ./Zend/zend_alloc.c:2591
#2  0x000055555568da05 in timelib_get_time_zone_info (ts=1553693364, tz=0x7ffff5003140) at ./ext/date/lib/parse_tz.c:1247
#3  0x0000555555662918 in date_format (format=format@entry=0x5555558eb49c "r", format_len=format_len@entry=1, t=t@entry=0x7ffff5001000, localtime=localtime@entry=1)
    at ./ext/date/php_date.c:1162
#4  0x000055555566a55d in php_format_date (format=format@entry=0x5555558eb49c "r", format_len=format_len@entry=1, ts=1553693364, localtime=localtime@entry=1)
    at ./ext/date/php_date.c:1327
#5  0x00005555558889b0 in append_essential_headers (buffer=buffer@entry=0x7fffffffc990, client=client@entry=0x555555d0fd10, persistent=persistent@entry=1)
    at ./sapi/cli/php_cli_server.c:357
#6  0x000055555588b973 in php_cli_server_begin_send_static (client=0x555555d0fd10, server=0x5555559f7000 <server>) at ./sapi/cli/php_cli_server.c:2041
#7  php_cli_server_dispatch (client=0x555555d0fd10, server=0x5555559f7000 <server>) at ./sapi/cli/php_cli_server.c:2184
#8  php_cli_server_recv_event_read_request (server=0x5555559f7000 <server>, client=0x555555d0fd10) at ./sapi/cli/php_cli_server.c:2379
#9  0x000055555588bf70 in php_cli_server_do_event_for_each_fd_callback (_params=_params@entry=0x7fffffffcae0, fd=fd@entry=6, event=event@entry=1)
    at ./sapi/cli/php_cli_server.c:2462
#10 0x000055555588cc7b in php_cli_server_poller_iter_on_active (poller=0x5555559f7008 <server+8>, callback=0x55555588bf20 <php_cli_server_do_event_for_each_fd_callback>, 
    opaque=0x7fffffffcae0) at ./sapi/cli/php_cli_server.c:844
#11 php_cli_server_do_event_for_each_fd (whandler=0x555555889f80 <php_cli_server_send_event>, rhandler=0x55555588b680 <php_cli_server_recv_event_read_request>, 
    server=0x5555559f7000 <server>) at ./sapi/cli/php_cli_server.c:2480
#12 php_cli_server_do_event_loop (server=0x5555559f7000 <server>) at ./sapi/cli/php_cli_server.c:2490
#13 do_cli_server (argc=<optimized out>, argv=<optimized out>) at ./sapi/cli/php_cli_server.c:2612
#14 0x00005555556617c3 in main (argc=3, argv=0x555555a123f0) at ./sapi/cli/php_cli.c:1392
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Wed Dec 08 06:03:33 2021 UTC