PHP :: Bug #78471 :: libssh2_sftp_shutdown segfaults (called via ssh2

Bug #78471

libssh2_sftp_shutdown segfaults (called via ssh2_disconnection())

Submitted:

2019-08-28 13:55 UTC

Modified:

2021-02-09 13:18 UTC

Votes:	7
Avg. Score:	4.0 ± 0.9
Reproduced:	7 of 7 (100.0%)
Same Version:	1 (14.3%)
Same OS:	1 (14.3%)

From:

mls at pronego dot com

Assigned:

cmb (profile)

Status:

Duplicate

Package:

ssh2 (PECL)

PHP Version:

7.2.21

OS:

linuxkit docker image

Private report:

CVE-ID:

None

View Developer Edit

[2019-08-28 13:55 UTC] mls at pronego dot com

Description:
------------
Called ssh2_disconnect() on existing connection after successful file upload.
During execution of the destructors -> segfault
(I'm sorry for not having the debug symbols installed in the docker container)

Test script:
---------------
n/a

Expected result:
----------------
close the connection WITHOUT segfault

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x00007f86ae1f1a9f in libssh2_sftp_shutdown () from /usr/lib/x86_64-linux-gnu/libssh2.so.1
(gdb) bt
#0  0x00007f86ae1f1a9f in libssh2_sftp_shutdown () from /usr/lib/x86_64-linux-gnu/libssh2.so.1
#1  0x00007f86acd69803 in php_ssh2_sftp_dtor (rsrc=<optimized out>) at /tmp/pear/temp/ssh2/ssh2_sftp.c:41
#2  0x000055c87f50604e in ?? ()
#3  0x000055c87f506089 in ?? ()
#4  0x000055c87f503597 in zend_hash_reverse_apply ()
#5  0x000055c87f4e0323 in ?? ()
#6  0x000055c87f4f108b in zend_deactivate ()
#7  0x000055c87f48d63f in php_request_shutdown ()
#8  0x000055c87f5952aa in ?? ()
#9  0x000055c87f15004c in ?? ()
#10 0x00007f86b039209b in __libc_start_main (main=0x55c87f14fbc0, argc=3, argv=0x7fff8ea7a9e8, init=<optimized out>,
    fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff8ea7a9d8) at ../csu/libc-start.c:308
#11 0x000055c87f15014a in _start ()

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2019-08-29 06:22 UTC] mls at pronego dot com

Segfault happens during execution on CLI

[2019-09-05 23:32 UTC] lunar dot rift at gmail dot com

When I call ssh2_disconnect(), I am getting the following error:

Assertion failed: (session), function _libssh2_channel_free, file channel.c, line 2484.
Abort trap: 6

----------

PHP 7.2.23 and ssh2 v1.1.2 installed via Mac Ports on macOS 10.14.6.

[2020-05-25 23:10 UTC] info at dotsamazing dot com

This bug is present in PHP 7.4.3 CLI under Ubuntu 20.04 too, as reported in #79631.

You may try using ssh2_disconnect on the _SFTP handle_ before using ssh2_disconnect using the SSH2 connection handle to avoid the segfault. 

Though it's not a supported way of disconnecting but we've found this to be the only way to avoid segfaults repeatedly on our server.

[2021-02-09 13:18 UTC] cmb@php.net

-Status: Open +Status: Duplicate -Assigned To: +Assigned To: cmb

[2021-02-09 13:18 UTC] cmb@php.net

Closing as duplicate of bug #79631, since that report already has
a detailed analysis.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Apr 06 11:01:32 2025 UTC