php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77099 PHP crashes with segfault
Submitted: 2018-11-03 14:58 UTC Modified: 2019-08-13 09:57 UTC
Votes:2
Avg. Score:4.5 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:0 (0.0%)
From: info at phpgangsta dot de Assigned:
Status: Verified Package: Pspell related
PHP Version: 7.2.11 OS: Ubuntu 18.04
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: info at phpgangsta dot de
New email:
PHP Version: OS:

 

 [2018-11-03 14:58 UTC] info at phpgangsta dot de
Description:
------------
If I use pspell for spellchecking, it sometimes crashes with a segfault. Every 3-5 times I call the script via Apache, Apache crashes:

[Sat Nov 03 15:36:12.592943 2018] [core:notice] [pid 5264] AH00051: child pid 29189 exit signal Segmentation fault (11), possible coredump in /etc/apache2
[Sat Nov 03 15:37:33.689349 2018] [core:notice] [pid 5264] AH00051: child pid 29965 exit signal Segmentation fault (11), possible coredump in /etc/apache2
[Sat Nov 03 15:40:12.879852 2018] [core:notice] [pid 5264] AH00051: child pid 30367 exit signal Segmentation fault (11), possible coredump in /etc/apache2

The small script below can reproduce the problem: If you call it from outside via HTTP, it crashes every 3-5 requests:

curl https://url.de/spellchecker.php

See segmentation faults above.

$ php -v
PHP 7.2.11-3+ubuntu18.04.1+deb.sury.org+1 (cli) (built: Oct 25 2018 06:44:08) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.2.11-3+ubuntu18.04.1+deb.sury.org+1, Copyright (c) 1999-2018, by Zend Technologies


It seems to just happen with de_DE. If I change it to en_US, it does not crash. Maybe it has to do with Umlauts oder similar?
Interestingly I'm not able to reproduce it on the command line...

Segmentation fault also happens on Ubuntu 16.04 with PHP 7.1:

$ php -v
PHP 7.1.23-3+ubuntu16.04.1+deb.sury.org+1 (cli) (built: Oct 25 2018 06:43:19) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.1.0, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.1.23-3+ubuntu16.04.1+deb.sury.org+1, Copyright (c) 1999-2018, by Zend Technologies

Test script:
---------------
<?php
$plink = pspell_new('de_DE', "", "", "utf-8", PSPELL_FAST);
pspell_suggest($plink, '___');

Expected result:
----------------
no crash

Actual result:
--------------
crash with segmentation fault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-08-13 09:33 UTC] ih at vollzeitjobs dot de
I'm experiencing the same, the small testscript crashes every 3-5 times I call it.

Debian 9.9 
ii  php7.3                         7.3.8-1+0~20190807.43+debian9~1.gbp7731bf
ii  php7.3-pspell                  7.3.8-1+0~20190807.43+debian9~1.gbp7731bf 


PHP 7.3.8-1+0~20190807.43+debian9~1.gbp7731bf (cli) (built: Aug  7 2019 19:46:25) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.3.8, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.3.8-1+0~20190807.43+debian9~1.gbp7731bf, Copyright (c) 1999-2018, by Zend Technologies

---

Aug 13 11:30:55 jobs-herford kernel: [353562.678985] traps: php-fpm7.3[8795] general protection ip:7f1fc1622828 sp:7fffa675bfe0 error:0
Aug 13 11:30:57 jobs-herford kernel: [353563.968722] traps: php-fpm7.3[8845] general protection ip:7f1fc16227ec sp:7fffa675bfe0 error:0
Aug 13 11:30:58 jobs-herford kernel: [353565.366368] traps: php-fpm7.3[8801] general protection ip:7f1fc16227ec sp:7fffa675bfe0 error:0
Aug 13 11:31:03 jobs-herford kernel: [353570.736281] traps: php-fpm7.3[8857] general protection ip:7f1fc16227ec sp:7fffa675bfe0 error:0
Aug 13 11:31:05 jobs-herford kernel: [353572.048257] php-fpm7.3[8851]: segfault at 8 ip 00007f1fc1622828 sp 00007fffa675bfe0 error 4 in libaspell.so.15.2.0[7f1fc15a8000+a3000]
Aug 13 11:31:06 jobs-herford kernel: [353573.510952] traps: php-fpm7.3[8842] general protection ip:7f1fc1622828 sp:7fffa675bfe0 error:0
 [2019-08-13 09:57 UTC] nikic@php.net
-Status: Open +Status: Verified
 [2019-08-13 09:57 UTC] nikic@php.net
Confirming the crash after a couple reloads. Valgrind also produces the following error on a simple run:

==18344== Conditional jump or move depends on uninitialised value(s)
==18344==    at 0x57D5F28: aspeller::AffixMgr::suffix_check(aspeller::LookupInfo const&, acommon::ParmString, acommon::CheckInfo&, aspeller::GuessInfo*, int, aspeller::AffEntry*) const (in /usr/lib/x86_64-linux-gnu/libaspell.so.15.2.0)
==18344==    by 0x57D676A: aspeller::AffixMgr::affix_check(aspeller::LookupInfo const&, acommon::ParmString, acommon::CheckInfo&, aspeller::GuessInfo*) const (in /usr/lib/x86_64-linux-gnu/libaspell.so.15.2.0)
==18344==    by 0x57AF79F: ??? (in /usr/lib/x86_64-linux-gnu/libaspell.so.15.2.0)
==18344==    by 0x57B3965: ??? (in /usr/lib/x86_64-linux-gnu/libaspell.so.15.2.0)
==18344==    by 0x57C2103: aspeller::SpellerImpl::suggest(acommon::MutableString) (in /usr/lib/x86_64-linux-gnu/libaspell.so.15.2.0)
==18344==    by 0x57EA6CB: aspell_speller_suggest (in /usr/lib/x86_64-linux-gnu/libaspell.so.15.2.0)
==18344==    by 0x713C26: zif_pspell_suggest (pspell.c:536)
==18344==    by 0xA7C44B: ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:573)
==18344==    by 0xB0311D: execute_ex (zend_vm_execute.h:59747)
==18344==    by 0xB08529: zend_execute (zend_vm_execute.h:63776)
==18344==    by 0xA179D5: zend_execute_scripts (zend.c:1498)
==18344==    by 0x97B072: php_execute_script (main.c:2599)

This looks like a bug in libaspell to me.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Mon Nov 18 17:01:31 2019 UTC