php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77441 Crash in intl extension
Submitted: 2019-01-11 04:01 UTC Modified: 2021-01-24 04:22 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: php at nearlyfreespeech dot net Assigned: cmb (profile)
Status: No Feedback Package: intl (PECL)
PHP Version: 7.3.1 OS: FreeBSD 11
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: php at nearlyfreespeech dot net
New email:
PHP Version: OS:

 

 [2019-01-11 04:01 UTC] php at nearlyfreespeech dot net
Description:
------------
The intl extension crashes with SIGSEGV.



Test script:
---------------
new IntlDateFormatter("en_US", IntlDateFormatter::SHORT, IntlDateFormatter::SHORT, null );

Expected result:
----------------
No output.

Actual result:
--------------
$ /usr/local/php/7.3/bin/php -r 'new IntlDateFormatter("en_US", IntlDateFormatter::SHORT, IntlDateFormatter::SHORT, null );'
Segmentation fault (core dumped)
$ gdb811 /usr/local/php/7.3/bin/php -c php.core
[...]
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x0000000808766d98 in vtable for __cxxabiv1::__si_class_type_info ()
   from /lib/libcxxrt.so.1
(gdb) where
#0  0x0000000808766d98 in vtable for __cxxabiv1::__si_class_type_info ()
   from /lib/libcxxrt.so.1
#1  0x0000000807d6bf86 in __dynamic_cast ()
   from /usr/local/lib/gcc8/libstdc++.so.6
#2  0x000000080713b037 in icu::Calendar::makeInstance(icu::Locale const&, UErrorCode&) () from /usr/local/lib/libicui18n.so.62
#3  0x000000080713af19 in icu::LocaleCacheKey<icu::SharedCalendar>::createObject(void const*, UErrorCode&) const () from /usr/local/lib/libicui18n.so.62
#4  0x000000080763d169 in icu::UnifiedCache::_get(icu::CacheKeyBase const&, icu::SharedObject const*&, void const*, UErrorCode&) const ()
   from /usr/local/lib/libicuuc.so.62
#5  0x000000080714599a in void icu::UnifiedCache::get<icu::SharedCalendar>(icu::CacheKey<icu::SharedCalendar> const&, void const*, icu::SharedCalendar const*&, UErrorCode&) const () from /usr/local/lib/libicui18n.so.62
#6  0x0000000807144fe8 in void icu::UnifiedCache::getByLocale<icu::SharedCalendar>(icu::Locale const&, icu::SharedCalendar const*&, UErrorCode&) ()
   from /usr/local/lib/libicui18n.so.62
#7  0x000000080713c057 in icu::Calendar::createInstance(icu::TimeZone*, icu::Locale const&, UErrorCode&) () from /usr/local/lib/libicui18n.so.62
#8  0x00000008070fdc81 in icu::SimpleDateFormat::construct(icu::DateFormat::EStyle, icu::DateFormat::EStyle, icu::Locale const&, UErrorCode&) ()
   from /usr/local/lib/libicui18n.so.62
#9  0x000000080710034c in icu::SimpleDateFormat::SimpleDateFormat(icu::DateFormat::EStyle, icu::DateFormat::EStyle, icu::Locale const&, UErrorCode&) ()
---Type <return> to continue, or q <return> to quit---
   from /usr/local/lib/libicui18n.so.62
#10 0x00000008070fc994 in icu::DateFormat::create(icu::DateFormat::EStyle, icu::DateFormat::EStyle, icu::Locale const&) () from /usr/local/lib/libicui18n.so.62
#11 0x000000080711d180 in udat_open () from /usr/local/lib/libicui18n.so.62
#12 0x0000000806db62d3 in datefmt_ctor(_zend_execute_data*, _zval_struct*, unsigned char) ()
    at /data/build/php-src/ext/intl/dateformat/dateformat_create.cpp:140
#13 0x0000000806db664f in zim_IntlDateFormatter___construct (
    execute_data=0x802e1c0a0, return_value=<optimized out>)
    at /data/build/php-src/ext/intl/dateformat/dateformat_create.cpp:217
#14 0x00000000006eb1c8 in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER ()
    at /data/build/php-src/Zend/zend_vm_execute.h:980
#15 execute_ex () at /data/build/php-src/Zend/zend_vm_execute.h:55437
#16 0x00000000006ebc97 in zend_execute (op_array=<optimized out>,
    return_value=0x7fffffffe010)
    at /data/build/php-src/Zend/zend_vm_execute.h:60833
#17 0x000000000065b8bf in zend_eval_stringl (
    str=str@entry=0x7fffffffec56 "new IntlDateFormatter(\"en_US\", IntlDateFormatter::SHORT, IntlDateFormatter::SHORT, null );", str_len=<optimized out>,
    retval_ptr=retval_ptr@entry=0x0,
    string_name=string_name@entry=0x8204fc "Command line code")
    at /data/build/php-src/Zend/zend_execute_API.c:1018
#18 0x000000000065b999 in zend_eval_stringl_ex ()
    at /data/build/php-src/Zend/zend_execute_API.c:1059
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb) frame 12
#12 0x0000000806db62d3 in datefmt_ctor(_zend_execute_data*, _zval_struct*, unsigned char) ()
    at /data/build/php-src/ext/intl/dateformat/dateformat_create.cpp:140
140		DATE_FORMAT_OBJECT(dfo) = udat_open((UDateFormatStyle)time_type,
(gdb) print time_type
$1 = 3
(gdb) print date_type
$2 = 3
(gdb) print locale_str
$3 = 0x802e5e4b8 "en_US"
(gdb) print svalue
$4 = (UChar *) 0x0
(gdb) print slength
$5 = 0
(gdb) print dfo
$6 = (IntlDateFormatter_object *) 0x802e79060
(gdb) print *dfo
$8 = {datef_data = {error = {code = U_ZERO_ERROR,
      free_custom_error_message = 0, custom_error_message = 0x0},
    udatf = 0x0}, date_type = 0, time_type = 0, calendar = -1,
  requested_locale = 0x0, zo = {gc = {refcount = 2, u = {type_info = 24}},
    handle = 1, ce = 0x80d5cc640,
    handlers = 0x806fe95c0 <IntlDateFormatter_handlers>, properties = 0x0,
    properties_table = {{value = {lval = 0, dval = 0, counted = 0x0,
          str = 0x0, arr = 0x0, obj = 0x0, res = 0x0, ref = 0x0, ast = 0x0,
          zv = 0x0, ptr = 0x0, ce = 0x0, func = 0x0, ww = {w1 = 0, w2 = 0}},
        u1 = {v = {type = 32 ' ', type_flags = 145 '\221', u = {
              call_info = 743, extra = 743}}, type_info = 48730400}, u2 = {
          next = 8, cache_slot = 8, opline_num = 8, lineno = 8, num_args = 8,
          fe_pos = 8, fe_iter_idx = 8, access_flags = 8, property_guard = 8,
          constant_flags = 8, extra = 8}}}}}


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-02-05 12:31 UTC] jani+php at ifi dot uio dot no
This bug applies to Debian and Ubuntu as well, and has a more prosaic description here, which indicates that this is a regression from 7.3.0:

https://bugs.launchpad.net/ubuntu/+source/php7.3/+bug/1813438
 [2019-02-05 17:29 UTC] php at nearlyfreespeech dot net
No, this is a runtime issue.  That is a build issue.  There is no relationship between the two.
 [2021-01-13 15:28 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2021-01-13 15:28 UTC] cmb@php.net
I cannot reproduce this.  Do you still get that segfault with any
of the actively supported PHP versions[1]?  If so, please indicate
the ICU and the gcc version.
 [2021-01-24 04:22 UTC] pecl-dev at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Tue Mar 09 08:01:24 2021 UTC