php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78471 libssh2_sftp_shutdown segfaults (called via ssh2_disconnection())
Submitted: 2019-08-28 13:55 UTC Modified: 2021-02-09 13:18 UTC
Votes:7
Avg. Score:4.0 ± 0.9
Reproduced:7 of 7 (100.0%)
Same Version:1 (14.3%)
Same OS:1 (14.3%)
From: mls at pronego dot com Assigned: cmb (profile)
Status: Duplicate Package: ssh2 (PECL)
PHP Version: 7.2.21 OS: linuxkit docker image
Private report: No CVE-ID: None
 [2019-08-28 13:55 UTC] mls at pronego dot com
Description:
------------
Called ssh2_disconnect() on existing connection after successful file upload.
During execution of the destructors -> segfault
(I'm sorry for not having the debug symbols installed in the docker container)

Test script:
---------------
n/a

Expected result:
----------------
close the connection WITHOUT segfault

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x00007f86ae1f1a9f in libssh2_sftp_shutdown () from /usr/lib/x86_64-linux-gnu/libssh2.so.1
(gdb) bt
#0  0x00007f86ae1f1a9f in libssh2_sftp_shutdown () from /usr/lib/x86_64-linux-gnu/libssh2.so.1
#1  0x00007f86acd69803 in php_ssh2_sftp_dtor (rsrc=<optimized out>) at /tmp/pear/temp/ssh2/ssh2_sftp.c:41
#2  0x000055c87f50604e in ?? ()
#3  0x000055c87f506089 in ?? ()
#4  0x000055c87f503597 in zend_hash_reverse_apply ()
#5  0x000055c87f4e0323 in ?? ()
#6  0x000055c87f4f108b in zend_deactivate ()
#7  0x000055c87f48d63f in php_request_shutdown ()
#8  0x000055c87f5952aa in ?? ()
#9  0x000055c87f15004c in ?? ()
#10 0x00007f86b039209b in __libc_start_main (main=0x55c87f14fbc0, argc=3, argv=0x7fff8ea7a9e8, init=<optimized out>,
    fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff8ea7a9d8) at ../csu/libc-start.c:308
#11 0x000055c87f15014a in _start ()

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-08-29 06:22 UTC] mls at pronego dot com
Segfault happens during execution on CLI
 [2019-09-05 23:32 UTC] lunar dot rift at gmail dot com
When I call ssh2_disconnect(), I am getting the following error:

Assertion failed: (session), function _libssh2_channel_free, file channel.c, line 2484.
Abort trap: 6

----------

PHP 7.2.23 and ssh2 v1.1.2 installed via Mac Ports on macOS 10.14.6.
 [2020-05-25 23:10 UTC] info at dotsamazing dot com
This bug is present in PHP 7.4.3 CLI under Ubuntu 20.04 too, as reported in #79631.

You may try using ssh2_disconnect on the _SFTP handle_ before using ssh2_disconnect using the SSH2 connection handle to avoid the segfault. 

Though it's not a supported way of disconnecting but we've found this to be the only way to avoid segfaults repeatedly on our server.
 [2021-02-09 13:18 UTC] cmb@php.net
-Status: Open +Status: Duplicate -Assigned To: +Assigned To: cmb
 [2021-02-09 13:18 UTC] cmb@php.net
Closing as duplicate of bug #79631, since that report already has
a detailed analysis.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 17:01:32 2024 UTC