php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79950 Segmentation fault (with the event extension)
Submitted: 2020-08-10 07:34 UTC Modified: 2020-09-07 09:43 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: valera dot ymnik at gmail dot com Assigned:
Status: Closed Package: event (PECL)
PHP Version: 7.4.9 OS: Debian 9 (stretch)
Private report: No CVE-ID: None
 [2020-08-10 07:34 UTC] valera dot ymnik at gmail dot com
Description:
------------
After upgrading from 7.4.8 to 7.4.9, a segfault occurs in this example.

I was only able to reproduce the problem using an event extension (https://pecl.php.net/package/event).

I'm not sure if this is not the event extension issue, but minor updates usually didn't break extensions. In addition, there is a dependence on a static properties of the class, which is loaded into set_exception_handler

Test script:
---------------
file segafult.php:
<?php
set_exception_handler(static function ($e) {
	include 'Test.php';
	throw $e;
});

$base = new EventBase();
$e = new Event($base, -1, Event::TIMEOUT, static function () {
	throw new \Exception;
});
$e->addTimer(0);
$base->loop();

file Test.php:
<?php
class Test
{
//	public $foo = 'foo';
	private function set()
	{
//		var_dump(self::$foo); // any use of a static property
		self::$foo = 'bar';
	}
}


Expected result:
----------------
PHP Fatal error:  Uncaught Exception

Actual result:
--------------
Segmentation fault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-08-10 07:35 UTC] sjon@php.net
-Package: Reproducible crash +Package: event
 [2020-08-10 07:49 UTC] valera dot ymnik at gmail dot com
dbg backtrace: Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x000055bf9d77eeb0 in _build_trace_args (str=0x7ffeeeb70370, arg=0x7f42d865cdc8) at ./Zend/zend_exceptions.c:552
552	./Zend/zend_exceptions.c: No such file or directory.
(gdb) bt
#0  0x000055bf9d77eeb0 in _build_trace_args (str=0x7ffeeeb70370, arg=0x7f42d865cdc8) at ./Zend/zend_exceptions.c:552
#1  _build_trace_string (num=<optimized out>, ht=<optimized out>, str=0x7ffeeeb70370) at ./Zend/zend_exceptions.c:608
#2  zim_exception_getTraceAsString (execute_data=<optimized out>, return_value=<optimized out>) at ./Zend/zend_exceptions.c:648
#3  0x000055bf9d751729 in zend_call_function (fci=fci@entry=0x7ffeeeb70550, fci_cache=0x7ffeeeb70420, fci_cache@entry=0x0)
    at ./Zend/zend_execute_API.c:826
#4  0x000055bf9d78082f in zim_exception___toString (execute_data=0x7f42d8613020, return_value=0x7ffeeeb707f0) at ./Zend/zend_exceptions.c:703
#5  0x000055bf9d751729 in zend_call_function (fci=fci@entry=0x7ffeeeb706e0, fci_cache=fci_cache@entry=0x7ffeeeb706c0)
    at ./Zend/zend_execute_API.c:826
#6  0x000055bf9d77d326 in zend_call_method (object=object@entry=0x7ffeeeb707d0, obj_ce=obj_ce@entry=0x55bf9dc3acf0, fn_proxy=<optimized out>, 
    function_name=function_name@entry=0x55bf9d84a900 "__tostring", function_name_len=function_name_len@entry=10, 
    retval_ptr=retval_ptr@entry=0x7ffeeeb707f0, param_count=0, arg1=0x0, arg2=0x0) at ./Zend/zend_interfaces.c:103
#7  0x000055bf9d5a98d8 in zend_exception_error (ex=0x7f42d867b281, severity=severity@entry=1) at ./Zend/zend_exceptions.c:1007
#8  0x000055bf9d5a9d57 in zend_throw_exception_internal (exception=exception@entry=0x0) at ./Zend/zend_exceptions.c:166
#9  0x000055bf9d751aba in zend_call_function (fci=fci@entry=0x7ffeeeb70960, fci_cache=<optimized out>, fci_cache@entry=0x0)
    at ./Zend/zend_execute_API.c:876
#10 0x000055bf9d751c65 in _call_user_function_ex (object=object@entry=0x0, function_name=function_name@entry=0x7ffeeeb709b0, 
    retval_ptr=retval_ptr@entry=0x7ffeeeb709c0, param_count=param_count@entry=1, params=params@entry=0x7ffeeeb709d0, 
    no_separation=no_separation@entry=1) at ./Zend/zend_execute_API.c:645
#11 0x000055bf9d5a8b0b in zend_user_exception_handler () at ./Zend/zend.c:1640
#12 0x000055bf9d7608df in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3)
    at ./Zend/zend.c:1676
#13 0x000055bf9d6fd250 in php_execute_script (primary_file=0x7ffeeeb72f40) at ./main/main.c:2621
#14 0x000055bf9d7f0824 in do_cli (argc=2, argv=0x55bf9db70990) at ./sapi/cli/php_cli.c:964
#15 0x000055bf9d5b96c3 in main (argc=2, argv=0x55bf9db70990) at ./sapi/cli/php_cli.c:1359
 [2020-09-07 09:43 UTC] valera dot ymnik at gmail dot com
-Status: Open +Status: Closed
 [2020-09-07 09:43 UTC] valera dot ymnik at gmail dot com
The problem is fixed in version 2.5.7 (https://bitbucket.org/osmanov/pecl-event/issues/61/segmentation-fault-on-php-749)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 07:01:29 2024 UTC