php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #81167 Segfault when loading a large file
Submitted: 2021-06-18 09:18 UTC Modified: 2021-06-21 09:40 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: kochnorman at rocketmail dot com Assigned: cmb (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 7.3.19-1~deb10u1 OS: Debian 10
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2021-06-18 09:18 UTC] kochnorman at rocketmail dot com 
Description:
------------
Sorry first, I use PHP 7.3.19-1~deb10u1, but I could not choose this version.

I encountered problems with a very larges script I have. The minimal (not-)working example I could create can be created and tested with 

perl -e 'sub rstr { my $len = shift; return join("", map { (a..z,A..Z,0..9)[rand 67] } 0..$len) }; print "<?php\n"; my $subname = "a"; foreach (1 .. 1000) { print qq#function test_$subname () { return "#.rstr(100).qq#"; }\n#; $subname++; }' > test.php; php -l test.php

The file compiles, but then crashes with 

[1]    32247 segmentation fault  php -l test.php

I believe a 1000-line-file should not cause this error.

Trying to reduce the length of the file, I even get another message:

perl -e 'sub rstr { my $len = shift; return join("", map { (a..z,A..Z,0..9)[rand 67] } 0..$len) }; print "<?php\n"; my $subname = "a"; foreach (1 .. 1000) { print qq#function test_$subname () { return "#.rstr(100).qq#"; }\n#; $subname++; }' > test.php; php -l test.php

No syntax errors detected in test.php
zend_mm_heap corrupted

I have no idea why this happens.

I can work around this problem by splitting a large file into several smaller ones and then including the smaller files.

Test script:
---------------
Segfault:
perl -e 'sub rstr { my $len = shift; return join("", map { (a..z,A..Z,0..9)[rand 67] } 0..$len) }; print "<?php\n"; my $subname = "a"; foreach (1 .. 1000) { print qq#function test_$subname () { return "#.rstr(100).qq#"; }\n#; $subname++; }' > test.php; php -l test.php


zend_mm_heap corrupted:
perl -e 'sub rstr { my $len = shift; return join("", map { (a..z,A..Z,0..9)[rand 67] } 0..$len) }; print "<?php\n"; my $subname = "a"; foreach (1 .. 1000) { print qq#function test_$subname () { return "#.rstr(100).qq#"; }\n#; $subname++; }' > test.php; php -l test.php

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-06-18 09:25 UTC] nikic@php.net
-Status: Open +Status: Feedback -Package: Compile Failure +Package: Scripting Engine problem
 [2021-06-18 09:25 UTC] nikic@php.net 
I can't reproduce this on any supported PHP version. I also tried this with more functions (50000 instead of 1000) with same result.
 [2021-06-18 09:31 UTC] krakjoe@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

I also cannot reproduce.

A copy of the trace is necessary most likely, and also a list of extensions.
 [2021-06-18 09:53 UTC] kochnorman at rocketmail dot com
-Status: Feedback +Status: Open -PHP Version: 7.3Git-2021-06-18 (Git) +PHP Version: 7.3.19-1~deb10u1
 [2021-06-18 09:53 UTC] kochnorman at rocketmail dot com 
I've created a core dump which is available under https://optimalbliss.de/core-php.329.zip . Sorry for not upload them here, but I found no way of doing that.

My php -m gives me:

[PHP Modules]
calendar
Core
ctype
date
dom
exif
fileinfo
filter
ftp
gd
gettext
hash
http
iconv
imagick
json
libxml
memprof
mysqli
mysqlnd
openssl
pcntl
pcre
PDO
pdo_mysql
Phar
posix
propro
raphf
readline
Reflection
session
shmop
SimpleXML
sockets
sodium
SPL
standard
sysvmsg
sysvsem
sysvshm
tokenizer
wddx
xdebug
xml
xmlreader
xmlwriter
xsl
Zend OPcache
zip
zlib

[Zend Modules]
Xdebug
Zend OPcache

I hope this helps researching this bug.
 [2021-06-18 12:34 UTC] cmb@php.net 
PHP-7.3 is no longer actively supported[1].  Can you please try
with latest PHP 7.4 or 8.0?

[1] <https://www.php.net/supported-versions.php>
 [2021-06-18 12:39 UTC] nikic@php.net 
> I've created a core dump which is available under https://optimalbliss.de/core-php.329.zip . Sorry for not upload them here, but I found no way of doing that.

Would it be possible for you to extract the backtrace from the core dump? Something like "gdb path/to/php path/to/core" and then "bt" should do it. Analyzing a core dump requires the original binary to be available, so it's hard to do this on a different machine.

It may be worth trying whether it works without xdebug. That's the only extension that looks problematic.
 [2021-06-18 12:58 UTC] kochnorman at rocketmail dot co 
I cannot easily update, though I will try and will post when I'm done.

I've disabled xdebug and it doesn't appear in the list anymore. But the segfault still persists. The bt is:


Core was generated by `php -l test.php'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x0000556d88639bb7 in destroy_op_array ()
(gdb) bt
#0  0x0000556d88639bb7 in destroy_op_array ()
#1  0x0000556d8865410d in zend_hash_destroy ()
#2  0x0000556d8864498d in ?? ()
#3  0x0000556d885e52aa in php_module_shutdown ()
#4  0x0000556d884aab77 in ?? ()
#5  0x00007fdad0e7809b in __libc_start_main (main=0x556d884aa6d0, argc=3, argv=0x7fff647f6918, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff647f6908)
    at ../csu/libc-start.c:308
#6  0x0000556d884aac7a in _start ()
 [2021-06-18 13:07 UTC] kochnorman at rocketmail dot com 
I've updated to 7.4.20 and now the segfault is gone and the script works.
 [2021-06-21 09:40 UTC] cmb@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 [2021-06-21 09:40 UTC] cmb@php.net 
> I've updated to 7.4.20 and now the segfault is gone and the
> script works.

Great!  I think we can close this ticket.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Wed Apr 24 20:01:32 2024 UTC