Bug #60158 [Fbk->Opn]: Segmentation fault in zend_variables.c

michael dot irey at gmail dot com Mon, 31 Oct 2011 14:03:11 -0700

Edit report at https://bugs.php.net/bug.php?id=60158&edit=1


 ID:                 60158
 User updated by:    michael dot irey at gmail dot com
 Reported by:        michael dot irey at gmail dot com
 Summary:            Segmentation fault in zend_variables.c
-Status:             Feedback
+Status:             Open
 Type:               Bug
 Package:            Scripting Engine problem
 Operating System:   Ubuntu 10.04.3 LTS
 PHP Version:        5.3.x
 Block user comment: N
 Private report:     N

 New Comment:

I would really like to provide a short example script to reproduce the problem. 
However, the problem only seems to pop up on when a large amount of objects are 
used, but that is only a guess.

We use ZendFramework 1.11.x. I have re-compiled PHP with --enable-debug and 
when 
I execute the script that caused the seg fault I get this:

Unknown(0) : Warning - String is not zero-terminated (APPLICATION_PATH??
bZZZZZZZZZZZ?b) (source: /root/downloads/php-5.3.8/Zend/zend_opcode.c:261)
[Mon Oct 31 12:17:52 2011]  Script:  
'/web/vhosts/imac.michael.dev.bluehawk.evanta.com/website/public/index.php'
---------------------------------------
/root/downloads/php-5.3.8/Zend/zend_opcode.c(261) : Block 0x7f88250c2ab0 status:
/root/downloads/php-5.3.8/Zend/zend_variables.c(36) : Actual location (location 
was relayed)
Beginning:      OK (allocated on Zend/zend_language_scanner.l:1695, 17 bytes)
    Start:      OK
      End:      Overflown (magic=0x0000002B instead of 0x62D3082C)
                1 byte(s) overflown
---------------------------------------
[Mon Oct 31 12:17:52 2011]  Script:  
'/web/vhosts/imac.michael.dev.bluehawk.evanta.com/website/public/index.php'
Zend/zend_language_scanner.l(1695) :  Freeing 0x7F88250C2AB0 (17 bytes), 
script=/web/vhosts/imac.michael.dev.bluehawk.evanta.com/website/public/index.php
=== Total 1 memory leaks detected ===
Unknown(0) : Warning - String is not zero-terminated (APPLICATION_PATH??
bZZZZZZZZZZZ?b) (source: /root/downloads/php-5.3.8/Zend/zend_opcode.c:261)
[Mon Oct 31 12:18:09 2011]  Script:  
'/web/vhosts/imac.michael.dev.bluehawk.evanta.com/website/public/index.php'
---------------------------------------
/root/downloads/php-5.3.8/Zend/zend_opcode.c(261) : Block 0x7f88250c2ab0 status:
/root/downloads/php-5.3.8/Zend/zend_variables.c(36) : Actual location (location 
was relayed)
Beginning:      OK (allocated on Zend/zend_language_scanner.l:1695, 17 bytes)
    Start:      OK
      End:      Overflown (magic=0x0000002B instead of 0x62D3082C)
                1 byte(s) overflown
---------------------------------------
[Mon Oct 31 12:18:09 2011]  Script:  
'/web/vhosts/imac.michael.dev.bluehawk.evanta.com/website/public/index.php'
Zend/zend_language_scanner.l(1695) :  Freeing 0x7F88250C2AB0 (17 bytes), 
script=/web/vhosts/imac.michael.dev.bluehawk.evanta.com/website/public/index.php
=== Total 1 memory leaks detected ===


Is there anything else I can do to help diagnose and resolve this issue?


Previous Comments:
------------------------------------------------------------------------
[2011-10-31 20:13:05] paj...@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.



------------------------------------------------------------------------
[2011-10-31 19:51:35] michael dot irey at gmail dot com

Changed the package description

------------------------------------------------------------------------
[2011-10-31 18:49:12] michael dot irey at gmail dot com

Updated the summary line to contain zend_variables.c

------------------------------------------------------------------------
[2011-10-31 18:47:39] michael dot irey at gmail dot com

Ok, I have reproduced the bug from a clean PHP build using 5.3.8

Here is the new gdb details:


Program terminated with signal 11, Segmentation fault.
#0  0x00007fabd4b288b6 in _zval_dtor_func (zvalue=0x7fff0a50eb70, 
__zend_filename=0x7fabd4ea8558 "/root/downloads/php-
5.3.8/Zend/zend_object_handlers.c", __zend_lineno=441)
    at /root/downloads/php-5.3.8/Zend/zend_variables.c:35
35                              CHECK_ZVAL_STRING_REL(zvalue);
(gdb) dump_bt executor_globals.current_execute_data
[0xd8959e80] setElement() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Form/Decorator/Abstract.php:186 
[0xd8959b18] setElement() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Form/Element.php:2030 
[0xd8959940] render() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Form/Element.php:2046 
[0x0a50eec0] __toString() 
[0xd89580d0] ??? 
/web/vhosts/imac.michael.dev.bluehawk.evanta.com/website/application/views/scrip
ts/contacts/duplicate.phtml:62 
[0xd8957ed0] ??? /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/View.php:108 
[0xd8957c88] _run() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/View/Abstract.php:888 
[0xd89579b8] render() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Controller/Action/Helper/ViewRenderer.php:900 
[0xd89577b0] renderScript() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Controller/Action/Helper/ViewRenderer.php:921 
[0xd8957670] render() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Controller/Action/Helper/ViewRenderer.php:960 
[0xd89574a8] postDispatch() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Controller/Action/HelperBroker.php:277 
[0xd8956e20] notifyPostDispatch() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Controller/Action.php:527 
[0xd8956008] dispatch() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Controller/Dispatcher/Standard.php:295 
[0xd89545e0] dispatch() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Controller/Front.php:954 
[0xd89541e0] dispatch() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Application/Bootstrap/Bootstrap.php:97 
[0xd89540a0] run() /web/lib/zend/ZendFramework-1.11.10-
minimal/library/Zend/Application.php:366 
[0xd8953090] run() 
/web/vhosts/imac.michael.dev.bluehawk.evanta.com/website/public/index.php:69

------------------------------------------------------------------------
[2011-10-28 16:14:44] fel...@php.net

zend_alloc_canary.c is from Suhosin project, not PHP.

So, try reproduce the crash in a clean PHP build.

------------------------------------------------------------------------


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

    https://bugs.php.net/bug.php?id=60158


-- 
Edit this bug report at https://bugs.php.net/bug.php?id=60158&edit=1

Bug #60158 [Fbk->Opn]: Segmentation fault in zend_variables.c

Reply via email to