php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77590 SIGSEGV in zend_hash_str_find_bucket
Submitted: 2019-02-08 20:51 UTC Modified: -
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: gravydish at gmail dot com Assigned:
Status: Open Package: Built-in web server
PHP Version: 7.2.15 OS: Fedora 29
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2019-02-08 20:51 UTC] gravydish at gmail dot com
Description:
------------
This is on PHP 7.2.14, I will retest with 7.2.15 when it is available for Fedora. However, according to the release notes, I do not see this particular issue addressed in 7.2.15.

I get a SIGSEGV and this backtrace for rendering a particular page in my software. I have not been able to narrow it down to a specific line of PHP code yet, but reviewing the PHP source code referenced from the backtrace, it seems to be originating outside of PHP interpretation.

Following the backtrace, I see that the `zend_hash_str_find_bucket` function is inlined, so it must be one of the lines of the inlined function which is failing some assumption, but I'm currently unable to provide a more-specific backtrace.

What can I do to provide better direction for this bug?

Cheers,
Jared

Actual result:
--------------
#0  0x0000555555820153 in zend_hash_str_find_bucket (h=9223372037048248209, len=3, str=0x5555558c29aa "UTC", 
    ht=0x7ffff6e04738) at /usr/src/debug/php-7.2.14-1.fc29.x86_64/Zend/zend_hash.c:1971
#1  zend_hash_str_find (ht=0x7ffff6e04738, str=0x5555558c29aa "UTC", len=3)
    at /usr/src/debug/php-7.2.14-1.fc29.x86_64/Zend/zend_hash.c:1971
#2  0x0000555555668220 in zend_hash_str_find_ptr (len=<optimized out>, str=0x5555558c29aa "UTC", ht=<optimized out>)
    at /usr/src/debug/php-7.2.14-1.fc29.x86_64/Zend/zend_hash.h:753
#3  php_date_parse_tzfile (formal_tzname=0x5555558c29aa "UTC", tzdb=0x555555bb2fd0)
    at /usr/src/debug/php-7.2.14-1.fc29.x86_64/ext/date/php_date.c:949
#4  0x000055555566a0ce in get_timezone_info () at /usr/src/debug/php-7.2.14-1.fc29.x86_64/ext/date/php_date.c:1028
#5  0x000055555566b4b8 in php_format_date (format=format@entry=0x55555592010c "r", format_len=format_len@entry=1, 
    ts=1549653057, localtime=localtime@entry=1) at /usr/src/debug/php-7.2.14-1.fc29.x86_64/ext/date/php_date.c:1283
#6  0x00005555558b87c0 in append_essential_headers (buffer=buffer@entry=0x7fffffffc1b0, client=client@entry=0x555555b10360, 
    persistent=persistent@entry=1) at /usr/src/debug/php-7.2.14-1.fc29.x86_64/sapi/cli/php_cli_server.c:359
#7  0x00005555558bb824 in php_cli_server_begin_send_static (client=0x555555b10360, server=0x555555a2edc0 <server>)
    at /usr/src/debug/php-7.2.14-1.fc29.x86_64/sapi/cli/php_cli_server.c:2043
#8  php_cli_server_dispatch (client=0x555555b10360, server=0x555555a2edc0 <server>)
    at /usr/src/debug/php-7.2.14-1.fc29.x86_64/sapi/cli/php_cli_server.c:2184
#9  php_cli_server_recv_event_read_request (server=0x555555a2edc0 <server>, client=0x555555b10360)
    at /usr/src/debug/php-7.2.14-1.fc29.x86_64/sapi/cli/php_cli_server.c:2379
#10 0x00005555558bbdf4 in php_cli_server_do_event_for_each_fd_callback (_params=_params@entry=0x7fffffffc300, fd=fd@entry=5, 
    event=event@entry=1) at /usr/src/debug/php-7.2.14-1.fc29.x86_64/sapi/cli/php_cli_server.c:2462
#11 0x00005555558bca1b in php_cli_server_poller_iter_on_active (poller=0x555555a2edc8 <server+8>, 
    callback=0x5555558bbda0 <php_cli_server_do_event_for_each_fd_callback>, opaque=0x7fffffffc300)
    at /usr/src/debug/php-7.2.14-1.fc29.x86_64/sapi/cli/php_cli_server.c:846
#12 php_cli_server_do_event_for_each_fd (whandler=0x5555558b9d90 <php_cli_server_send_event>, 
    rhandler=0x5555558bb520 <php_cli_server_recv_event_read_request>, server=0x555555a2edc0 <server>)
    at /usr/src/debug/php-7.2.14-1.fc29.x86_64/sapi/cli/php_cli_server.c:2480
#13 php_cli_server_do_event_loop (server=0x555555a2edc0 <server>)
    at /usr/src/debug/php-7.2.14-1.fc29.x86_64/sapi/cli/php_cli_server.c:2490
#14 do_cli_server (argc=<optimized out>, argv=<optimized out>)
    at /usr/src/debug/php-7.2.14-1.fc29.x86_64/sapi/cli/php_cli_server.c:2612
#15 0x0000555555661b18 in main (argc=3, argv=0x555555a4ae50)
    at /usr/src/debug/php-7.2.14-1.fc29.x86_64/sapi/cli/php_cli.c:1406

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-02-11 17:17 UTC] gravydish at gmail dot com
I wanted to add that I am able to observe the same SIGSEGV on the same request on the version of PHP that ships with MacOS, 7.1.23.
 [2019-02-20 20:00 UTC] kontakt at beberlei dot de
The problem is that static requests don't initialize the DATEG(tzcache) global variable, which leads to the DATEG(tzcahce) probably pointing to invalid memory when its used in php_format_date -> get_timezone_info() instead of NULL, and it never gets correctly initialized.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat Feb 23 00:01:25 2019 UTC