php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78255 general protection when opcode is enabled
Submitted: 2019-07-05 16:09 UTC Modified: 2019-07-10 13:04 UTC
From: whissi at whissi dot de Assigned: cmb (profile)
Status: Duplicate Package: Reproducible crash
PHP Version: 7.3.7 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: whissi at whissi dot de
New email:
PHP Version: OS:

 

 [2019-07-05 16:09 UTC] whissi at whissi dot de
Description:
------------
I don't have a small reproducer to share yet (working on this), but at least I was able to catch a backtrace:

# gdb /usr/lib64/php7.3/bin/php-fpm
GNU gdb (Gentoo 8.3 vanilla) 8.3
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://bugs.gentoo.org/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/lib64/php7.3/bin/php-fpm...
Reading symbols from /usr/lib64/debug//usr/lib64/php7.3/bin/php-fpm.debug...
(gdb)
(gdb) set follow-fork-mode child
(gdb) r --nodaemonize --fpm-config /etc/php/fpm-php7.3/php-fpm.debug.conf
Starting program: /usr/lib64/php7.3/bin/php-fpm --nodaemonize --fpm-config /etc/php/fpm-php7.3/php-fpm.debug.conf
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[05-Jul-2019 17:51:27] NOTICE: fpm is running, pid 23812
[Attaching after Thread 0x7ffff480a980 (LWP 23812) fork to child process 23819]
[New inferior 2 (process 23819)]
[Detaching after fork from parent process 23812]
[Inferior 1 (process 23812) detached]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[05-Jul-2019 17:51:27] NOTICE: ready to handle connections

Thread 2.1 "php-fpm" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff480a980 (LWP 23819)]
zend_mm_alloc_small (bin_num=6, size=56, heap=0x7ffff4600040) at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/Zend/zend_alloc.c:1289
1289    /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/Zend/zend_alloc.c: No such file or directory.
(gdb) bt
#0  zend_mm_alloc_small (bin_num=6, size=56, heap=0x7ffff4600040) at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/Zend/zend_alloc.c:1289
#1  _emalloc_56 () at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/Zend/zend_alloc.c:2423
#2  0x0000555555a01dc9 in _zend_new_array_0 () at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/Zend/zend_hash.c:217
#3  0x000055555592d361 in zif_explode (execute_data=0x7ffff46228c0, return_value=0x7ffff46228a0)
    at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/ext/standard/string.c:1173
#4  0x0000555555a7912f in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER () at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/Zend/zend_vm_execute.h:690
#5  execute_ex (ex=0x7ffff4600040) at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/Zend/zend_vm_execute.h:55465
#6  0x00005555559e8bc1 in zend_call_function (fci=fci@entry=0x7fffffffac70, fci_cache=0x7fffb37d2a68, fci_cache@entry=0x7fffffffac50)
    at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/Zend/zend_execute_API.c:756
#7  0x000055555571ae95 in preg_do_repl_func (mark=<optimized out>, count=<optimized out>, subpat_names=0x0, offsets=0x55555662f390,
    subject=0x7fff927cf418 "[apress_testimonial by=\"Max Mustermann\" designation=\"t5 Content\" testimonialbordercolor=\"#eaeaea\" testimonialauthorcolor=\"#333333\"]Digitaler Content benötigt authentische Menschen, die diesen verfas"..., fcc=0x7fffffffac50, fci=0x7fffffffac70)
    at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/ext/pcre/php_pcre.c:1500
#8  php_pcre_replace_func_impl (pce=0x555556631ed0, subject_str=0x7fff927cf400,
    subject=0x7fff927cf418 "[apress_testimonial by=\"Max Mustermann\" designation=\"t5 Content\" testimonialbordercolor=\"#eaeaea\" testimonialauthorcolor=\"#333333\"]Digitaler Content benötigt authentische Menschen, die diesen verfas"..., subject_len=1592, fci=0x7fffffffac70, fcc=0x7fffffffac50,
    limit=18446744073709551614, replace_count=0x7fffffffabb8) at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/ext/pcre/php_pcre.c:1891
#9  0x000055555571c20c in php_pcre_replace_func (replace_count=0x7fffffffabb8, limit=18446744073709551615, fcc=0x7fffffffac50, fci=0x7fffffffac70,
    subject_str=0x7fff927cf400, regex=<optimized out>) at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/ext/pcre/php_pcre.c:2018
#10 php_replace_in_subject_func (fci=fci@entry=0x7fffffffac70, fcc=fcc@entry=0x7fffffffac50, subject=subject@entry=0x7ffff4621d60,
    limit=limit@entry=18446744073709551615, replace_count=0x7fffffffabb8, regex=<optimized out>, regex=<optimized out>)
    at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/ext/pcre/php_pcre.c:2145
#11 0x000055555571c487 in preg_replace_func_impl (regex=regex@entry=0x7ffff4621d40, fci=fci@entry=0x7fffffffac70, fcc=fcc@entry=0x7fffffffac50,
    subject=subject@entry=0x7ffff4621d60, limit_val=-1, return_value=<optimized out>, return_value=<optimized out>)
    at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/ext/pcre/php_pcre.c:2195
#12 0x000055555571c91e in zif_preg_replace_callback (execute_data=0x7ffff4621cf0, return_value=0x7ffff4621cc0)
    at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/ext/pcre/php_pcre.c:2358
#13 0x0000555555a7912f in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER () at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/Zend/zend_vm_execute.h:690
#14 execute_ex (ex=0x7ffff4600040) at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/Zend/zend_vm_execute.h:55465
#15 0x00005555559e8bc1 in zend_call_function (fci=fci@entry=0x7fffffffb0e0, fci_cache=0x7fffb3d80b90, fci_cache@entry=0x7fffffffb0c0)
    at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/Zend/zend_execute_API.c:756
#16 0x000055555571ae95 in preg_do_repl_func (mark=<optimized out>, count=<optimized out>, subpat_names=0x0, offsets=0x55555662ec50,
    subject=0x7fff92306018 "[vc_column width=\"1/3\" offset=\"vc_hidden-sm vc_hidden-xs\"][apress_testimonial by=\"Max Mustermann\" designation=\"t5 Content\" testimonialbordercolor=\"#eaeaea\" testimonialauthorcolor=\"#333333\"]Digitaler "..., fcc=0x7fffffffb0c0, fci=0x7fffffffb0e0)
    at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/ext/pcre/php_pcre.c:1500
#17 php_pcre_replace_func_impl (pce=0x555556631c40, subject_str=0x7fff92306000,
    subject=0x7fff92306018 "[vc_column width=\"1/3\" offset=\"vc_hidden-sm vc_hidden-xs\"][apress_testimonial by=\"Max Mustermann\" designation=\"t5 Content\" testimonialbordercolor=\"#eaeaea\" testimonialauthorcolor=\"#333333\"]Digitaler "..., subject_len=5021, fci=0x7fffffffb0e0, fcc=0x7fffffffb0c0,
--Type <RET> for more, q to quit, c to continue without paging--c
    limit=18446744073709551615, replace_count=0x7fffffffb028) at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/ext/pcre/php_pcre.c:1891
#18 0x000055555571c20c in php_pcre_replace_func (replace_count=0x7fffffffb028, limit=18446744073709551615, fcc=0x7fffffffb0c0, fci=0x7fffffffb0e0, subject_str=0x7fff92306000, regex=<optimized out>) at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/ext/pcre/php_pcre.c:2018
#19 php_replace_in_subject_func (fci=fci@entry=0x7fffffffb0e0, fcc=fcc@entry=0x7fffffffb0c0, subject=subject@entry=0x7ffff46212c0, limit=limit@entry=18446744073709551615, replace_count=0x7fffffffb028, regex=<optimized out>, regex=<optimized out>) at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/ext/pcre/php_pcre.c:2145
#20 0x000055555571c487 in preg_replace_func_impl (regex=regex@entry=0x7ffff46212a0, fci=fci@entry=0x7fffffffb0e0, fcc=fcc@entry=0x7fffffffb0c0, subject=subject@entry=0x7ffff46212c0, limit_val=-1, return_value=<optimized out>, return_value=<optimized out>) at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/ext/pcre/php_pcre.c:2195
#21 0x000055555571c91e in zif_preg_replace_callback (execute_data=0x7ffff4621250, return_value=0x7ffff4621220) at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/ext/pcre/php_pcre.c:2358
#22 0x0000555555a7912f in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER () at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/Zend/zend_vm_execute.h:690
#23 execute_ex (ex=0x7ffff4600040) at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/Zend/zend_vm_execute.h:55465
#24 0x00005555559e8bc1 in zend_call_function (fci=fci@entry=0x7fffffffb550, fci_cache=0x7fffb3d80b90, fci_cache@entry=0x7fffffffb530) at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/Zend/zend_execute_API.c:756
#25 0x000055555571ae95 in preg_do_repl_func (mark=<optimized out>, count=<optimized out>, subpat_names=0x0, offsets=0x55555642b5a0, subject=0x7fff922f4018 "[vc_row full_width=\"stretch_row\" full_height=\"yes\" content_placement=\"middle\" apress_enable_separator=\"yes\" apress_separator_height=\"300\" apress_enable_row_overlay=\"\" css=\".vc_custom_1542919100842{mar"..., fcc=0x7fffffffb530, fci=0x7fffffffb550) at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/ext/pcre/php_pcre.c:1500
#26 php_pcre_replace_func_impl (pce=0x55555662da90, subject_str=0x7fff922f4000, subject=0x7fff922f4018 "[vc_row full_width=\"stretch_row\" full_height=\"yes\" content_placement=\"middle\" apress_enable_separator=\"yes\" apress_separator_height=\"300\" apress_enable_row_overlay=\"\" css=\".vc_custom_1542919100842{mar"..., subject_len=28732, fci=0x7fffffffb550, fcc=0x7fffffffb530, limit=18446744073709551604, replace_count=0x7fffffffb498) at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/ext/pcre/php_pcre.c:1891
#27 0x000055555571c20c in php_pcre_replace_func (replace_count=0x7fffffffb498, limit=18446744073709551615, fcc=0x7fffffffb530, fci=0x7fffffffb550, subject_str=0x7fff922f4000, regex=<optimized out>) at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/ext/pcre/php_pcre.c:2018
#28 php_replace_in_subject_func (fci=fci@entry=0x7fffffffb550, fcc=fcc@entry=0x7fffffffb530, subject=subject@entry=0x7ffff4620630, limit=limit@entry=18446744073709551615, replace_count=0x7fffffffb498, regex=<optimized out>, regex=<optimized out>) at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/ext/pcre/php_pcre.c:2145
#29 0x000055555571c487 in preg_replace_func_impl (regex=regex@entry=0x7ffff4620610, fci=fci@entry=0x7fffffffb550, fcc=fcc@entry=0x7fffffffb530, subject=subject@entry=0x7ffff4620630, limit_val=-1, return_value=<optimized out>, return_value=<optimized out>) at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/ext/pcre/php_pcre.c:2195
#30 0x000055555571c91e in zif_preg_replace_callback (execute_data=0x7ffff46205c0, return_value=0x7ffff4620580) at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/ext/pcre/php_pcre.c:2358
#31 0x0000555555a7912f in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER () at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/Zend/zend_vm_execute.h:690
#32 execute_ex (ex=0x7ffff4600040) at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/Zend/zend_vm_execute.h:55465
#33 0x0000555555a7d062 in zend_execute (op_array=op_array@entry=0x7ffff46750e0, return_value=0x0, return_value@entry=0x7fffb3d80b90) at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/Zend/zend_vm_execute.h:60881
#34 0x00005555559f6944 in zend_execute_scripts (type=type@entry=8, retval=0x7fffb3d80b90, retval@entry=0x0, file_count=-194902832, file_count@entry=3) at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/Zend/zend.c:1568
#35 0x000055555599b298 in php_execute_script (primary_file=0x7fffffffdc40) at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/main/main.c:2630
#36 0x00005555556d8bd9 in main (argc=<optimized out>, argv=<optimized out>) at /var/tmp/portage/dev-lang/php-7.3.7/work/sapis-build/fpm/sapi/fpm/fpm/fpm_main.c:1950
(gdb)


It's happening on a WordPress site using "WPBakery Page Builder" plugin. It crashes when a theme calls "vc_map()" function. It doesn't crash when opcode is disabled (opcache.enable=0).

PHP-7.3.6 works, PHP-7.3.7 shows this error.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-07-09 12:42 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2019-07-09 12:42 UTC] cmb@php.net
Please check whether the build contains commit 21465ec[1].

[1] <https://github.com/php/php-src/commit/21465ec0e1c1401751b35a21f45f1d57255d5be9>
 [2019-07-10 12:52 UTC] whissi at whissi dot de
-Status: Feedback +Status: Assigned
 [2019-07-10 12:52 UTC] whissi at whissi dot de
No, I was using plain PHP 7.3.7 release without that patch.

With that patch applied, PHP 7.3.7 is no longer crashing. I guess you can close this bug as duplication of bug 78230.
 [2019-07-10 13:04 UTC] cmb@php.net
-Status: Assigned +Status: Duplicate
 [2019-07-10 13:04 UTC] cmb@php.net
The thing is that we have re-tagged php-7.3.7 on Wednesday (with
this commit included), and you likely got the former tag (from
Tuesday).

And yes, in this case it is a duplicate of bug 78230.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Mon Jan 20 06:01:23 2020 UTC