Bug #65647 [Fbk->Opn]: @list call behaves incorrectly and may cause Segmentation fault (11)

piotr dot m at shwrm dot com Tue, 10 Sep 2013 05:45:29 -0700

Edit report at https://bugs.php.net/bug.php?id=65647&edit=1


 ID:                 65647
 User updated by:    piotr dot m at shwrm dot com
 Reported by:        piotr dot m at shwrm dot com
 Summary:            @list call behaves incorrectly and may cause
                     Segmentation fault (11)
-Status:             Feedback
+Status:             Open
 Type:               Bug
 Package:            *General Issues
 Operating System:   Linux / Ubuntu 13.04
 PHP Version:        5.5.3
 Block user comment: N
 Private report:     N

 New Comment:

As requested i disabled XDebug and Zend Optimizer. All of a sudden the code 
acts properly and as expected. I managed to narrow the problem down to Zend 
Optimizer. If it's activated the problem occurs, once disabled everything goes 
back to normal. Here's a gdb backtrace with Zend Optimizer on:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff41313b7 in ?? () from /usr/lib/apache2/modules/libphp5.so
(gdb) bt
#0  0x00007ffff41313b7 in ?? () from /usr/lib/apache2/modules/libphp5.so
#1  0x00007ffff41154f8 in execute_ex () from /usr/lib/apache2/modules/libphp5.so
#2  0x00007ffff40a8059 in zend_execute_scripts () from 
/usr/lib/apache2/modules/libphp5.so
#3  0x00007ffff404651c in php_execute_script () from 
/usr/lib/apache2/modules/libphp5.so
#4  0x00007ffff4158a4a in ?? () from /usr/lib/apache2/modules/libphp5.so
#5  0x00005555555964b0 in ap_run_handler (r=0x7ffff52b16c8) at config.c:159
#6  0x00005555555968fb in ap_invoke_handler (r=r@entry=0x7ffff52b16c8) at 
config.c:377
#7  0x00005555555a609c in ap_internal_redirect (new_uri=<optimized out>, 
r=<optimized out>) at http_request.c:554
#8  0x00007fffefb50908 in ?? () from /usr/lib/apache2/modules/mod_rewrite.so
#9  0x00005555555964b0 in ap_run_handler (r=0x7ffff52bc0a0) at config.c:159
#10 0x00005555555968fb in ap_invoke_handler (r=r@entry=0x7ffff52bc0a0) at 
config.c:377
#11 0x00005555555a6a28 in ap_process_request (r=r@entry=0x7ffff52bc0a0) at 
http_request.c:282
#12 0x00005555555a38d8 in ap_process_http_connection (c=0x7ffff7dff290) at 
http_core.c:190
#13 0x000055555559ce80 in ap_run_process_connection (c=0x7ffff7dff290) at 
connection.c:43
#14 0x000055555559d268 in ap_process_connection (c=c@entry=0x7ffff7dff290, 
csd=<optimized out>) at connection.c:190
#15 0x00005555555ab646 in child_main (child_num_arg=child_num_arg@entry=0) at 
prefork.c:667
#16 0x00005555555abd5e in make_child (s=0x7ffff7fea818, slot=0) at prefork.c:712
#17 0x00005555555ac4e2 in ap_mpm_run (_pconf=_pconf@entry=0x7ffff7ff0028, 
plog=<optimized out>, s=s@entry=0x7ffff7fea818) at prefork.c:988
#18 0x000055555558124e in main (argc=2, argv=0x7fffffffe5c8) at main.c:755

I hope this helps.


Previous Comments:
------------------------------------------------------------------------
[2013-09-10 11:11:07] johan...@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

The above has guidance on creating a backtrace, but please disable Zend 
Optimizer and XDebug first.

------------------------------------------------------------------------
[2013-09-10 10:43:53] piotr dot m at shwrm dot com

No, the problem does not seem to persit when run in CLI mode. The code behaves 
exactly as it should.

Here's a var_dump(get_loaded_extensions()): 
  0 => string 'Core' (length=4)
  1 => string 'date' (length=4)
  2 => string 'ereg' (length=4)
  3 => string 'libxml' (length=6)
  4 => string 'openssl' (length=7)
  5 => string 'pcre' (length=4)
  6 => string 'zlib' (length=4)
  7 => string 'bcmath' (length=6)
  8 => string 'bz2' (length=3)
  9 => string 'calendar' (length=8)
  10 => string 'ctype' (length=5)
  11 => string 'dba' (length=3)
  12 => string 'dom' (length=3)
  13 => string 'hash' (length=4)
  14 => string 'fileinfo' (length=8)
  15 => string 'filter' (length=6)
  16 => string 'ftp' (length=3)
  17 => string 'gettext' (length=7)
  18 => string 'SPL' (length=3)
  19 => string 'iconv' (length=5)
  20 => string 'json' (length=4)
  21 => string 'mbstring' (length=8)
  22 => string 'session' (length=7)
  23 => string 'standard' (length=8)
  24 => string 'posix' (length=5)
  25 => string 'Reflection' (length=10)
  26 => string 'Phar' (length=4)
  27 => string 'shmop' (length=5)
  28 => string 'SimpleXML' (length=9)
  29 => string 'soap' (length=4)
  30 => string 'sockets' (length=7)
  31 => string 'exif' (length=4)
  32 => string 'sysvmsg' (length=7)
  33 => string 'sysvsem' (length=7)
  34 => string 'sysvshm' (length=7)
  35 => string 'tokenizer' (length=9)
  36 => string 'wddx' (length=4)
  37 => string 'xml' (length=3)
  38 => string 'xmlreader' (length=9)
  39 => string 'xmlwriter' (length=9)
  40 => string 'zip' (length=3)
  41 => string 'apache2handler' (length=14)
  42 => string 'PDO' (length=3)
  43 => string 'curl' (length=4)
  44 => string 'imap' (length=4)
  45 => string 'memcached' (length=9)
  46 => string 'pdo_pgsql' (length=9)
  47 => string 'pgsql' (length=5)
  48 => string 'readline' (length=8)
  49 => string 'redis' (length=5)
  50 => string 'mhash' (length=5)
  51 => string 'Zend OPcache' (length=12)
  52 => string 'xdebug' (length=6)

Unfortunately the coredump does not get created - any ideas on how i might 
force the generation of one?

------------------------------------------------------------------------
[2013-09-10 09:52:06] leight+bugs dot php at gmail dot com

Unable to reproduce with 5.5.3 or 5.6.0-dev on Debian 7 or OSX using PHP CLI 
(unable to test with Apache at present).

Piotr do you get the same results using the CLI? What other modules do you have 
loaded?

A backtrace of the coredump might also be useful.

------------------------------------------------------------------------
[2013-09-10 09:21:08] piotr dot m at shwrm dot com

Description:
------------
Call to @list on an array returned by function_get_args() will incorrectly fill 
variables (only last one is filled) 80% of the time and will cause a 
Segmentation fault (11) on the other 20%.

PHP 5.5.3 run on Apache 2.2.22

Test script:
---------------
function a() {
        $opts = func_get_args();
        @list($a, $b, $c) = $opts;
        var_dump($a, $b, $c);
}

a('1','22', '333');

Expected result:
----------------
string '1' (length=1)

string '22' (length=2)

string '333' (length=3)


Actual result:
--------------
null

null

string '333' (length=3)

Or segfault:
[Tue Sep 10 10:57:46 2013] [notice] child pid 32315 exit signal Segmentation 
fault (11), possible coredump in /etc/apache2



------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=65647&edit=1

Bug #65647 [Fbk->Opn]: @list call behaves incorrectly and may cause Segmentation fault (11)

Reply via email to