Edit report at https://bugs.php.net/bug.php?id=64883&edit=1
ID: 64883
Updated by: fel...@php.net
Reported by: pyo at mail dot ru
Summary: SIGSEGV in var.c:363
-Status: Open
+Status: Feedback
Type: Bug
Package: *General Issues
Operating System: FreeBSD 9.1
PHP Version: 5.4.15
Block user comment: N
Private report: N
New Comment:
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves.
A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external
resources such as databases, etc. If the script requires a
database to demonstrate the issue, please make sure it creates
all necessary tables, stored procedures etc.
Please avoid embedding huge scripts into the report.
Previous Comments:
------------------------------------------------------------------------
[2013-05-20 19:30:41] pyo at mail dot ru
Moved to General Issues.
------------------------------------------------------------------------
[2013-05-20 15:47:56] pyo at mail dot ru
Description:
------------
I have old 3rd party script, that was used on shared hosting with PHP 5.2.6
running as apache module. I have no complaints about it from hosting.
Now I moved this code to VPS and have SIGSEGV in both php-fpm or php-cli mode.
The code was not written by me, so I do not know what statements make
segmentation fault.
PHP Version => 5.4.15
System => FreeBSD torq1.pyo 9.1-RELEASE-p3 FreeBSD 9.1-RELEASE-p3 #0: Mon Apr
29 18:11:52 UTC 2013
r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386
Build Date => May 14 2013 16:21:38
Configure Command => './configure' '--with-layout=GNU' '--localstatedir=/var'
'--with-config-file-scan-dir=/usr/local/etc/php' '--disable-all'
'--enable-libxml' '--enable-mysqlnd' '--with-libxml-dir=/usr/local'
'--with-pcre-regex=/usr/local' '--with-zlib-dir=/usr' '--program-prefix='
'--enable-fpm' '--with-fpm-user=www' '--with-fpm-group=www' '--with-regex=php'
'--with-zend-vm=CALL' '--prefix=/usr/local' '--mandir=/usr/local/man'
'--infodir=/usr/local/info/' '--build=i386-portbld-freebsd9.1'
Server API => Command Line Interface
modified ini settings:
expose_php = Off
max_execution_time = 59
memory_limit = 64M
default_charset = "UTF-8"
date.timezone = "Europe/Moscow"
mysql.allow_persistent = Off
mysqli.allow_persistent = Off
pgsql.allow_persistent = Off
Actual result:
--------------
Current language: auto; currently minimal
#0 0x081ddddf in php_array_element_export (zv=0xbfbfdf88, num_args=137402536,
args=0x13e <Address 0x13e out of bounds>, hash_key=0x81dddce) at var.c:363
__nl = 0
__dest = (smart_str *) 0x29f8f894
tmp_spaces = 0x819a7f0 ""
tmp_spaces_len = 679495168
key = 0x819a815 "Ñй"
tmp_str = 0xbfbfdf38 "Ð'"
key_len = 28
tmp_len = 704231864
level = -1077944440
buf = (smart_str *) 0x29e0d038
#1 0x081af2fa in metaphone (word=0x2a184bb8 "", word_len=702293828,
max_phonemes=704185368, phoned_word=0xbfbfdf88, traditional=137402536)
at metaphone.c:360
skip_letter = 10720
w_idx = 318
p_idx = 136175054
max_buffer_len = -1077944440
#2 0x081dccce in php_var_export_ex (struc=0x2881602c, level=702608140,
buf=0x29e0d038) at var.c:489
__nl = 3217022776
__dest = (smart_str *) 0x1c
myht = (HashTable *) 0x2
tmp_str = 0x29571668 "8\001"
tmp_len = -1077944436
class_name = 0x29f88e84 "Ьна)"
class_name_len = 20
tmp_str2 = 0x0
tmp_len2 = 702606812
#3 0x08202ee4 in php_var_unserialize (rval=0x29e105a4, p=0x29571668,
max=0x8202ee4 "MÐ\017¶EÐ=/", var_hash=0xbfbfe028)
at var_unserializer.c:1179
yych = 41 ')'
cursor = (const unsigned char *) 0x16 <Address 0x16 out of bounds>
limit = (const unsigned char *) 0x29e0f30c "\002p\036),Ñа)Ьна)"
marker = (const unsigned char *) 0x2881602c "\234Ñа)\fÑа)"
start = (const unsigned char *) 0x2881602c "\234Ñа)\fÑа)"
rval_ref = (zval **) 0x29e0f30c
yybm = '\0' <repeats 48 times>,
"\200\200\200\200\200\200\200\200\200\200", '\0' <repeats 197 times>
#4 0x081de716 in php_array_element_export (zv=0xbfe068, num_args=702608140,
args=0xbfe180 <Address 0xbfe180 out of bounds>, hash_key=0x8320ae0)
at var.c:375
__nl = 3217023000
level = -1077944200
buf = (smart_str *) 0x1c
#5 0x081b0bb0 in _php_gettimeofday (ht=-1077944024, return_value=0x0,
return_value_ptr=0x0, this_ptr=0x0, return_value_used=0, mode=0)
at microtime.c:77
offset = (timelib_time_offset *) 0x0
get_as_float = 0 '\0'
tp = {tv_sec = 0, tv_usec = 0}
#6 0x081ceeb6 in php_strtr_array_do_repl (text=0x0, d=0x0, return_value=0x101)
at string.c:3113
__nl = 3217023396
__dest = (smart_str *) 0xbfbfe1a8
pnr = (PATNREPL *) 0x0
h2 = 10583
offset_start = 32
i = -1077944036
prefix_h = 5736
offset_end = -1077943896
h = 0
shift = 36
pos = 693573224
nextwpos = 3217023332
lastpos = 0
result = {c = 0xbfbfe170 "\034бÑÑÐбÑÑ ", len = 0, a = 3217023340}
#7 0x081d8967 in zif_get_headers (ht=702608140, return_value=0x29571668,
return_value_ptr=0x0, this_ptr=0x0, return_value_used=0) at url.c:755
c = 0 '\0'
s = 0x101 <Address 0x101 out of bounds>
p = 0x29571668 "8\001"
url = 0x0
prev_val = (zval **) 0x29e0eddc
pos = 0xbfbfe1f8
hashT = (HashTable *) 0x0
url_len = 10
stream = (php_stream *) 0xbfbfe1e8
hdr = (zval **) 0xbfbfe1e4
h = (zval **) 0x81d8967
context = (php_stream_context *) 0x82fa235
format = 312
#8 0x081ddb72 in php_array_element_export (zv=0xbfbfe248, num_args=312,
args=0x29f88e84 "Ьна)", hash_key=0x81ddb72) at var.c:355
__nl = 0
__dest = (smart_str *) 0x101
level = -1077943784
buf = (smart_str *) 0x26e0
#9 0x081af3ae in metaphone (word=0x2879fd0c "hÑ\020", word_len=693361284,
max_phonemes=136080733, phoned_word=0xbfbf127f, traditional=-1077943680)
at metaphone.c:362
skip_letter = 49087
w_idx = -1077943176
p_idx = -1077943704
max_buffer_len = -1077943780
#10 0x081bc23e in _zval_copy_ctor () at zend_variables.h:46
rot13_to = "nopqrstuvwxyzabcdefghijklmNOPQRSTUVWXYZABCDEFGHIJKLM"
hexconvtab = "0123456789abcdef"
rot13_from = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
#11 0x08167702 in zif_putenv (ht=0, return_value=0x0, return_value_ptr=0x0,
this_ptr=0x0, return_value_used=0) at basic_functions.c:4102
p = 0x0
env = (char **) 0xbfbfeb60
pe = {putenv_string = 0x81676d2 "Ñ", previous_value = 0xbfbfeb01 "",
key = 0xbfbfe2bc "\002w\026\bxдÑÑ", key_len = -1077943064}
setting = 0x0
setting_len = 4735
#12 0x0823e98d in mysqlnd_mbcharlen_gb2312 (gb=137388869)
at mysqlnd_charset.c:308
No locals.
#13 0x08305ebc in lex_scan (zendlval=0x0) at zend_language_scanner.l:1467
yych = 8 '\b'
yyaccept = 136572551
yybm = "\000\000\000\000\000\000\000\000\000\200\200\000\000\200", '\0'
<repeats 18 times>, "\200", '\0' <repeats 222 times>
yybm = '\0' <repeats 48 times>,
"\200\200\200\200\200\200\200\200\200\200\000\000\000\000\000\000\000", '\200'
<repeats 26 times>, "\000\000\000\000\200\000", '\200' <repeats 26 times>,
"\000\000\000\000", '\200' <repeats 129 times>
yybm = '\0' <repeats 48 times>,
"\200\200\200\200\200\200\200\200\200\200\000\000\000\000\000\000\000", '\200'
<repeats 26 times>, "\000\000\000\000\200\000", '\200' <repeats 26 times>,
"\000\000\000\000", '\200' <repeats 129 times>
yybm = '\0' <repeats 48 times>,
"\200\200\200\200\200\200\200\200\200\200\000\000\000\000\000\000\000", '\200'
<repeats 26 times>, "\000\000\000\000\200\000", '\200' <repeats 26 times>,
"\000\000\000\000", '\200' <repeats 129 times>
yybm = "\000\000\000\000\000\000\000\000\000Ð@\000\000@", '\0'
<repeats 18 times>, "Ð", '\0' <repeats 15 times>,
"<<,,,,,,,,\000\000\000\000\000\000\000$$$$$$", '\004' <repeats 20 times>,
"\000\000\000\000\004\000$$$$$$", '\004' <repeats 20 times>,
"\000\000\000\000", '\004' <repeats 129 times>
yybm = "\000\000\000\000\000\000\000\000\000\200\200\000\000\200", '\0'
<repeats 18 times>, "\200", '\0' <repeats 15 times>,
"@@@@@@@@@@\000\000\000\000\000\000\000", '@' <repeats 26 times>,
"\000\000\000\000@\000", '@' <repeats 26 times>, "\000\000\000\000", '@'
<repeats 129 times>
yybm = '\0' <repeats 48 times>,
"\200\200\200\200\200\200\200\200\200\200\000\000\000\000\000\000\000", '\200'
<repeats 26 times>, "\000\000\000\000\200\000", '\200' <repeats 26 times>,
"\000\000\000\000", '\200' <repeats 129 times>
yybm = '\0' <repeats 48 times>,
"ÑÑpppppppp\000\000\000\000\000\000\000PPPPPP", '\020' <repeats 20 times>,
"\000\000\000\000\020\000PPPPPP", '\020' <repeats 20 times>,
"\000\000\000\000", '\020' <repeats 129 times>
#14 0x0823d7bf in mysqlnd_build_trace_args (arg=0x0, num_args=1,
args=0x218 <Address 0x218 out of bounds>, hash_key=0x0) at mysqlnd_bt.c:318
l_added = -1077941268
str = (char **) 0xbfbfeba8
len = (int *) 0xbfbfebf8
#15 0x0806ee87 in fileno@plt ()
No symbol table info available.
#16 0x00000002 in ?? ()
No symbol table info available.
#17 0xbfbfebec in ?? ()
No symbol table info available.
#18 0xbfbfebf8 in ?? ()
No symbol table info available.
#19 0xbfbfebd0 in ?? ()
No symbol table info available.
#20 0xbfbfebe8 in ?? ()
No symbol table info available.
#21 0x00000000 in ?? ()
No symbol table info available.
#22 0xbfbfebe4 in ?? ()
No symbol table info available.
#23 0x0806edf8 in __isnanf@plt ()
No symbol table info available.
#24 0x28310380 in ?? ()
No symbol table info available.
#25 0x00000002 in ?? ()
No symbol table info available.
#26 0xbfbfebec in ?? ()
No symbol table info available.
#27 0x00000000 in ?? ()
No symbol table info available.
#28 0x00000000 in ?? ()
No symbol table info available.
#29 0x00000000 in ?? ()
No symbol table info available.
#30 0x00000002 in ?? ()
No symbol table info available.
#31 0xbfbfed24 in ?? ()
No symbol table info available.
#32 0xbfbfed28 in ?? ()
No symbol table info available.
#33 0x00000000 in ?? ()
No symbol table info available.
#34 0xbfbfed34 in ?? ()
No symbol table info available.
#35 0xbfbfed41 in ?? ()
No symbol table info available.
#36 0xbfbfed58 in ?? ()
No symbol table info available.
#37 0xbfbfed67 in ?? ()
No symbol table info available.
#38 0xbfbfed89 in ?? ()
No symbol table info available.
#39 0xbfbfed96 in ?? ()
No symbol table info available.
#40 0xbfbfeda1 in ?? ()
No symbol table info available.
#41 0xbfbfedb2 in ?? ()
No symbol table info available.
#42 0xbfbfedcb in ?? ()
No symbol table info available.
#43 0xbfbfee22 in ?? ()
No symbol table info available.
#44 0xbfbfee2c in ?? ()
No symbol table info available.
#45 0xbfbfee40 in ?? ()
No symbol table info available.
#46 0xbfbfee87 in ?? ()
No symbol table info available.
#47 0xbfbfee92 in ?? ()
No symbol table info available.
#48 0xbfbfeea5 in ?? ()
No symbol table info available.
#49 0xbfbfeeb0 in ?? ()
No symbol table info available.
#50 0xbfbfeeba in ?? ()
No symbol table info available.
#51 0xbfbfeeee in ?? ()
No symbol table info available.
#52 0xbfbfeefa in ?? ()
No symbol table info available.
#53 0xbfbfef0b in ?? ()
No symbol table info available.
#54 0xbfbfef18 in ?? ()
No symbol table info available.
#55 0xbfbfef27 in ?? ()
No symbol table info available.
#56 0xbfbfef35 in ?? ()
No symbol table info available.
#57 0xbfbfef3d in ?? ()
No symbol table info available.
#58 0xbfbfef49 in ?? ()
No symbol table info available.
#59 0xbfbfef58 in ?? ()
No symbol table info available.
#60 0x00000000 in ?? ()
No symbol table info available.
#61 0x00000003 in ?? ()
No symbol table info available.
#62 0x08048034 in ?? ()
No symbol table info available.
#63 0x00000004 in ?? ()
No symbol table info available.
#64 0x00000020 in ?? ()
No symbol table info available.
#65 0x00000005 in ?? ()
No symbol table info available.
#66 0x00000008 in ?? ()
No symbol table info available.
#67 0x00000006 in ?? ()
No symbol table info available.
#68 0x00001000 in ?? ()
No symbol table info available.
#69 0x00000008 in ?? ()
No symbol table info available.
#70 0x00000000 in ?? ()
No symbol table info available.
#71 0x00000009 in ?? ()
No symbol table info available.
#72 0x0806ede0 in getpid@plt ()
No symbol table info available.
#73 0x00000007 in ?? ()
No symbol table info available.
#74 0x28308000 in ?? ()
No symbol table info available.
#75 0x0000000f in ?? ()
No symbol table info available.
#76 <signal handler called>
No symbol table info available.
Cannot access memory at address 0x5c
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=64883&edit=1
