Edit report at https://bugs.php.net/bug.php?id=63481&edit=1
ID: 63481 Updated by: m...@php.net Reported by: aurelijus at astdev dot lt Summary: Segmentation fault caused by unserialize() -Status: Assigned +Status: Feedback Type: Bug Package: Reproducible crash Operating System: RHEL 6 & Mac OS X 10.7.4 PHP Version: 5.4.8 Assigned To: mike Block user comment: N Private report: N New Comment: Please show the code, which does the serialisation. Which PHP version did the serialisation? Serialized strings are not portable between PHP versions, thea are just meant to be used as temporary representation. Previous Comments: ------------------------------------------------------------------------ [2012-11-11 07:45:16] larue...@php.net mike,do you have time to look at this? seems due to the unserialize hash level. I tried BG(seralize_lock)++ before calling zend_user_unserliaze, the problem gone. but that break test #63481. I am keeping dig this, but it's better if you can look at this ------------------------------------------------------------------------ [2012-11-10 17:15:44] larue...@php.net assigned by accident. ------------------------------------------------------------------------ [2012-11-10 17:10:04] larue...@php.net I can reproduce it. ------------------------------------------------------------------------ [2012-11-10 16:28:22] aurelijus at astdev dot lt Serialized object: http://aurelijus.eu/string2.txt ------------------------------------------------------------------------ [2012-11-10 16:24:38] aurelijus at astdev dot lt Description: ------------ Hey, I can reproduce this on my local machine (Mac OS X 10.7.4) & our dev server (RHEL 6) with PHP 5.4.* (including 5.4.9RC1). With 5.3.* it's fine. We are trying to unserialize big \Serializable object and it causes the segmentation fault. Code example bellow. Serialized object that causes the issue is attached. PHP Configure: ./configure --prefix=/opt/local --mandir=/opt/local/share/man -- infodir=/opt/local/share/info --program-suffix=54d -- includedir=/opt/local/include/php54d --libdir=/opt/local/lib/php54d --with- config-file-path=/opt/local/etc/php54d --with-config-file-scan- dir=/opt/local/var/db/php54d --disable-all --enable-bcmath --enable-ctype -- enable-dom --enable-fileinfo --enable-filter --enable-hash --enable-json -- enable-libxml --enable-pdo --enable-phar --enable-session --enable-simplexml -- enable-tokenizer --enable-xml --enable-xmlreader --enable-xmlwriter --with- bz2=/opt/local --with-mhash=/opt/local --with-pcre-regex=/opt/local --with- libxml-dir=/opt/local --with-zlib=/opt/local --without-pear --disable-cgi -- disable-fpm --enable-cli --with-libedit=/opt/local --enable-debug Test script: --------------- <?php class Token implements \Serializable { public function serialize() {} public function unserialize($str) { $r = unserialize($str); unserialize($r[2]); } } $token = file_get_contents('string2.txt'); $obj = unserialize($token); ?> Expected result: ---------------- It should not cause segmentation fault. Actual result: -------------- Segmentation fault. Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0xffffffffffffffbf VM Regions Near 0xffffffffffffffbf: --> shared memory 00007fffffe00000-00007fffffe02000 [ 8K] r-x/r-x SM=SHM Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 php54d 0x000000010f75d994 zend_mm_check_ptr + 500 1 php54d 0x000000010f75feed _zend_mm_free_int + 109 2 php54d 0x000000010f761bed _efree + 125 3 php54d 0x000000010f7ea6eb zend_object_std_dtor + 283 4 php54d 0x000000010f7ead20 zend_objects_free_object_storage + 32 5 php54d 0x000000010f7f7dc5 zend_objects_store_free_object_storage + 325 6 php54d 0x000000010f78c977 shutdown_executor + 1335 7 php54d 0x000000010f7a9d1a zend_deactivate + 122 8 php54d 0x000000010f6eb681 php_request_shutdown + 1009 9 php54d 0x000000010f9834c8 do_cli + 7288 10 php54d 0x000000010f984415 main + 3461 11 php54d 0x000000010f3de304 start + 52 ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=63481&edit=1
