Edit report at https://bugs.php.net/bug.php?id=53022&edit=1
ID: 53022
Comment by: hightman at twomice dot net
Reported by: hightman at twomice dot net
Summary: Segfault in php-cgi after executing a script with
syntax error
Status: Feedback
Type: Bug
Package: Reproducible crash
Operating System: FreeBSD Linux
PHP Version: 5.3.3
Block user comment: N
Private report: N
New Comment:
I tested php-5.3.6 and php-5.3.3 respectively again.
The problem disappeared in 5.3.6, but still can reproduce in 5.3.3.
In the latest version seems to solve the problem, you can close this bug, but I
still don't know the real reason of this bug.
Previous Comments:
------------------------------------------------------------------------
[2011-07-10 14:12:52] fel...@php.net
Please try using this snapshot:
http://snaps.php.net/php5.3-latest.tar.gz
For Windows:
http://windows.php.net/snapshots/
I can't reproduce it.
------------------------------------------------------------------------
[2010-10-08 15:16:26] hightman at twomice dot net
I have resolved this bug after some hours hard work, but I don't know whether
it is a good way and fully kill the bug.
1) Patch the source file 'zend/zend_language_scanner.l' as following diff
output:
*** zend/zend_language_scanner.l.orig 2010-10-08 20:48:35.000000000 +0800
--- zend/zend_language_scanner.l 2010-10-08 20:49:36.000000000 +0800
***************
*** 355,360 ****
--- 355,361 ----
zend_do_return(&retval_znode, 0 TSRMLS_CC);
CG(in_compilation) = original_in_compilation;
if (compiler_result==1) { /* parser error */
+ zend_restore_lexical_state(&original_lex_state
TSRMLS_CC);
zend_bailout();
}
compilation_successful=1;
2) Re-compile the php, and it will generate a new zend/zend_language_scanner.c
automatically, but you should install `re2c` first. Otherwise, you should
modify zend/zend_language_scanner.c refers to the above patch.
------------------------------------------------------------------------
[2010-10-08 10:44:18] hightman at twomice dot net
Description:
------------
Every php-cgi/fastcgi process was designed to handle multi requests, but after
executing a script file which has syntax error, the php-cgi will crash when
next request comming in.
Test script:
---------------
1. start the php-cgi:
php-cgi -b /tmp/php53/php-cgi.sock
2. simple test script with syntax error:
<?php $++; ?>
3. run twice requests to this script
Actual result:
--------------
The first time, request was handled normally, but the second time, php-cgi
crashed.
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: 13 at address: 0x0000000000000000
0x0000000100418211 in _zend_mm_alloc_int (heap=0x101025a00, size=4) at
/Users/hightman/Temp/setup/php-5.3.3/Zend/zend_alloc.c:1825
1825 heap->cache[index] = best_fit->prev_free_block;
(gdb) bt
#0 0x0000000100418211 in _zend_mm_alloc_int (heap=0x101025a00, size=4) at
/Users/hightman/Temp/setup/php-5.3.3/Zend/zend_alloc.c:1825
#1 0x00000001004196cc in _emalloc (size=4) at
/Users/hightman/Temp/setup/php-5.3.3/Zend/zend_alloc.c:2340
#2 0x0000000100432af4 in init_op_array (op_array=0x100e5c2d0, type=2 '\002',
initial_ops_size=64) at
/Users/hightman/Temp/setup/php-5.3.3/Zend/zend_opcode.c:63
#3 0x00000001003fa309 in compile_file (file_handle=0x7fff5fbfd660, type=8) at
zend_language_scanner.l:351
#4 0x000000010043f8ee in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /Users/hightman/Temp/setup/php-5.3.3/Zend/zend.c:1186
#5 0x00000001003c6e01 in php_execute_script (primary_file=0x7fff5fbfd660) at
/Users/hightman/Temp/setup/php-5.3.3/main/main.c:2260
#6 0x00000001005222f3 in main (argc=3, argv=0x7fff5fbff850) at
/Users/hightman/Temp/setup/php-5.3.3/sapi/cgi/cgi_main.c:2109
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=53022&edit=1
