View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0000279XdebugUncategorizedpublic2007-05-31 23:322007-07-15 19:39
Reporternlgordon Assigned To 
PrioritynormalSeveritycrashReproducibilityalways
Status closedResolutionopen 
Summary0000279: PHP segfault on use of virtual() function
Description

When using the virtual function to include a file, approximately 8000 characters later php segfaults in xdebug.c at line:2894

Additional Information

Backtrace:

(gdb) bt
#0 0x00419aa6 in xdebug_statement_call (op_array=0xb7d0cae8) at /tmp/pear/cache/xdebug-2.0.0RC4/xdebug.c:2894
#1 0x01074196 in zend_llist_apply_with_argument (l=0x12e7128, func=0x10967dc <zend_extension_statement_handler>, arg=0xb7d0cae8)
at /tmp/server-install/php-5.2.2/Zend/zend_llist.c:236
0000002 0x01098d2b in ZEND_EXT_STMT_SPEC_HANDLER (execute_data=0xbffa64f0) at /tmp/server-install/php-5.2.2/Zend/zend_vm_execute.h:459
0000003 0x010974dd in execute (op_array=0xb7d0cae8) at /tmp/server-install/php-5.2.2/Zend/zend_vm_execute.h:92
0000004 0x004163f3 in xdebug_execute (op_array=0xb7d0cae8) at /tmp/pear/cache/xdebug-2.0.0RC4/xdebug.c:1487
0000005 0x0107e315 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /tmp/server-install/php-5.2.2/Zend/zend.c:1134
0000006 0x01045c65 in php_execute_script (primary_file=0xbffa8800) at /tmp/server-install/php-5.2.2/main/main.c:1794
0000007 0x010f8384 in php_handler (r=0xab7c9a8) at /tmp/server-install/php-5.2.2/sapi/apache2handler/sapi_apache2.c:623
0000008 0x080be8d8 in ap_run_handler ()
0000009 0x080bf036 in ap_invoke_handler ()
0000010 0x0808e142 in ap_process_request ()
0000011 0x0808856e in ap_process_http_connection ()
0000012 0x080cb350 in ap_run_process_connection ()
0000013 0x080cb73b in ap_process_connection ()
0000014 0x080bd193 in child_main ()
0000015 0x080bd31d in make_child ()
0000016 0x080bd577 in perform_idle_server_maintenance ()
0000017 0x080bd9cc in ap_mpm_run ()
0000018 0x080c449e in main ()

Upon investigating that line references a return from EG that appears to be NULL. Checking for null and instead setting the lineno variable to 0 fixes the problem. I'm not going to claim that it is a real fix, but that is where it is segfaulting.

<xdebug.c: 2893>
cur_opcode = *EG(opline_ptr);
lineno = cur_opcode ? cur_opcode->lineno : 0;
</xdebug.c>

Reproducing was a little difficult in that there had to be over 8000 characters output after the end of the php block containing the virtual() function. For example:

<?php
echo 'foo';
virtual('bar.php');
echo 'bar':
?>
< Over 8000 chars of data >
...
< segfault >

I've listed the php version as 5.2-dev, but it is actually 5.2.2. Interestingly enough having the suhosin extension enabled prevents the segfault from happening.

TagsNo tags attached.
Operating SystemRedhat Enterprise 4
PHP Version5.2-dev

Activities

derick

2007-07-15 19:39

administrator   ~0000697

Fixed in CVS, thanks for your report!

Issue History

Date Modified Username Field Change
2007-05-31 23:32 nlgordon New Issue
2007-07-15 19:39 derick Status new => closed
2007-07-15 19:39 derick Note Added: 0000697
2016-07-31 12:36 derick Category Usage problems => Usage problems (Crashes)
2016-07-31 12:38 derick Category Usage problems (Crashes) => Usage problems (Wrong Results)
2020-03-12 16:35 derick Category Usage problems (Wrong Results) => Variable Display
2020-03-12 16:38 derick Category Variable Display => Uncategorized