php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77441 Crash in intl extension
Submitted: 2019-01-11 04:01 UTC Modified: 2019-02-05 17:29 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: php at nearlyfreespeech dot net Assigned:
Status: Open Package: intl (PECL)
PHP Version: 7.3.1 OS: FreeBSD 11
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
MUST BE VALID
Solve the problem:
18 + 48 = ?
Subscribe to this entry?

 
 [2019-01-11 04:01 UTC] php at nearlyfreespeech dot net
Description:
------------
The intl extension crashes with SIGSEGV.



Test script:
---------------
new IntlDateFormatter("en_US", IntlDateFormatter::SHORT, IntlDateFormatter::SHORT, null );

Expected result:
----------------
No output.

Actual result:
--------------
$ /usr/local/php/7.3/bin/php -r 'new IntlDateFormatter("en_US", IntlDateFormatter::SHORT, IntlDateFormatter::SHORT, null );'
Segmentation fault (core dumped)
$ gdb811 /usr/local/php/7.3/bin/php -c php.core
[...]
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x0000000808766d98 in vtable for __cxxabiv1::__si_class_type_info ()
   from /lib/libcxxrt.so.1
(gdb) where
#0  0x0000000808766d98 in vtable for __cxxabiv1::__si_class_type_info ()
   from /lib/libcxxrt.so.1
#1  0x0000000807d6bf86 in __dynamic_cast ()
   from /usr/local/lib/gcc8/libstdc++.so.6
#2  0x000000080713b037 in icu::Calendar::makeInstance(icu::Locale const&, UErrorCode&) () from /usr/local/lib/libicui18n.so.62
#3  0x000000080713af19 in icu::LocaleCacheKey<icu::SharedCalendar>::createObject(void const*, UErrorCode&) const () from /usr/local/lib/libicui18n.so.62
#4  0x000000080763d169 in icu::UnifiedCache::_get(icu::CacheKeyBase const&, icu::SharedObject const*&, void const*, UErrorCode&) const ()
   from /usr/local/lib/libicuuc.so.62
#5  0x000000080714599a in void icu::UnifiedCache::get<icu::SharedCalendar>(icu::CacheKey<icu::SharedCalendar> const&, void const*, icu::SharedCalendar const*&, UErrorCode&) const () from /usr/local/lib/libicui18n.so.62
#6  0x0000000807144fe8 in void icu::UnifiedCache::getByLocale<icu::SharedCalendar>(icu::Locale const&, icu::SharedCalendar const*&, UErrorCode&) ()
   from /usr/local/lib/libicui18n.so.62
#7  0x000000080713c057 in icu::Calendar::createInstance(icu::TimeZone*, icu::Locale const&, UErrorCode&) () from /usr/local/lib/libicui18n.so.62
#8  0x00000008070fdc81 in icu::SimpleDateFormat::construct(icu::DateFormat::EStyle, icu::DateFormat::EStyle, icu::Locale const&, UErrorCode&) ()
   from /usr/local/lib/libicui18n.so.62
#9  0x000000080710034c in icu::SimpleDateFormat::SimpleDateFormat(icu::DateFormat::EStyle, icu::DateFormat::EStyle, icu::Locale const&, UErrorCode&) ()
---Type <return> to continue, or q <return> to quit---
   from /usr/local/lib/libicui18n.so.62
#10 0x00000008070fc994 in icu::DateFormat::create(icu::DateFormat::EStyle, icu::DateFormat::EStyle, icu::Locale const&) () from /usr/local/lib/libicui18n.so.62
#11 0x000000080711d180 in udat_open () from /usr/local/lib/libicui18n.so.62
#12 0x0000000806db62d3 in datefmt_ctor(_zend_execute_data*, _zval_struct*, unsigned char) ()
    at /data/build/php-src/ext/intl/dateformat/dateformat_create.cpp:140
#13 0x0000000806db664f in zim_IntlDateFormatter___construct (
    execute_data=0x802e1c0a0, return_value=<optimized out>)
    at /data/build/php-src/ext/intl/dateformat/dateformat_create.cpp:217
#14 0x00000000006eb1c8 in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER ()
    at /data/build/php-src/Zend/zend_vm_execute.h:980
#15 execute_ex () at /data/build/php-src/Zend/zend_vm_execute.h:55437
#16 0x00000000006ebc97 in zend_execute (op_array=<optimized out>,
    return_value=0x7fffffffe010)
    at /data/build/php-src/Zend/zend_vm_execute.h:60833
#17 0x000000000065b8bf in zend_eval_stringl (
    str=str@entry=0x7fffffffec56 "new IntlDateFormatter(\"en_US\", IntlDateFormatter::SHORT, IntlDateFormatter::SHORT, null );", str_len=<optimized out>,
    retval_ptr=retval_ptr@entry=0x0,
    string_name=string_name@entry=0x8204fc "Command line code")
    at /data/build/php-src/Zend/zend_execute_API.c:1018
#18 0x000000000065b999 in zend_eval_stringl_ex ()
    at /data/build/php-src/Zend/zend_execute_API.c:1059
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb) frame 12
#12 0x0000000806db62d3 in datefmt_ctor(_zend_execute_data*, _zval_struct*, unsigned char) ()
    at /data/build/php-src/ext/intl/dateformat/dateformat_create.cpp:140
140		DATE_FORMAT_OBJECT(dfo) = udat_open((UDateFormatStyle)time_type,
(gdb) print time_type
$1 = 3
(gdb) print date_type
$2 = 3
(gdb) print locale_str
$3 = 0x802e5e4b8 "en_US"
(gdb) print svalue
$4 = (UChar *) 0x0
(gdb) print slength
$5 = 0
(gdb) print dfo
$6 = (IntlDateFormatter_object *) 0x802e79060
(gdb) print *dfo
$8 = {datef_data = {error = {code = U_ZERO_ERROR,
      free_custom_error_message = 0, custom_error_message = 0x0},
    udatf = 0x0}, date_type = 0, time_type = 0, calendar = -1,
  requested_locale = 0x0, zo = {gc = {refcount = 2, u = {type_info = 24}},
    handle = 1, ce = 0x80d5cc640,
    handlers = 0x806fe95c0 <IntlDateFormatter_handlers>, properties = 0x0,
    properties_table = {{value = {lval = 0, dval = 0, counted = 0x0,
          str = 0x0, arr = 0x0, obj = 0x0, res = 0x0, ref = 0x0, ast = 0x0,
          zv = 0x0, ptr = 0x0, ce = 0x0, func = 0x0, ww = {w1 = 0, w2 = 0}},
        u1 = {v = {type = 32 ' ', type_flags = 145 '\221', u = {
              call_info = 743, extra = 743}}, type_info = 48730400}, u2 = {
          next = 8, cache_slot = 8, opline_num = 8, lineno = 8, num_args = 8,
          fe_pos = 8, fe_iter_idx = 8, access_flags = 8, property_guard = 8,
          constant_flags = 8, extra = 8}}}}}


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-02-05 12:31 UTC] jani+php at ifi dot uio dot no
This bug applies to Debian and Ubuntu as well, and has a more prosaic description here, which indicates that this is a regression from 7.3.0:

https://bugs.launchpad.net/ubuntu/+source/php7.3/+bug/1813438
 [2019-02-05 17:29 UTC] php at nearlyfreespeech dot net
No, this is a runtime issue.  That is a build issue.  There is no relationship between the two.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Thu Sep 19 18:01:38 2019 UTC