[php-maint] Bug#751936: Bug#751936: php5: Segfault in highlight_string()/highlight_file() when pgsql module loaded
Ondřej Surý
ondrej at sury.org
Wed Jun 18 09:56:29 UTC 2014
Hi Andreas,
could you please report this bug to upstream bugzilla? (And add the link
here?)
It would be easier if the upstream developers can communicate directly
with you.
Ondrej
On Wed, Jun 18, 2014, at 1:33, Andreas Ferber wrote:
> Package: php5, php5-cli, libapache2-mod-php5, php5-pgsql
> Version: 5.6.0~beta4+dfsg-3
> Severity: important
>
> Hi,
>
> I encountered a segmentation fault that is triggered when syntax
> highlighting
> php source containing '__CLASS__' using the highlight_file() or
> highlight_string() functions while having the pgsql.so module loaded.
>
> To reproduce, install and enable the pgsql.so module and run the
> following script (also attached as 'test.php'):
>
> ---------- test.php ----------
> <?php
> $s = <<<EOT
> <?php
> __CLASS__;
> EOT;
> highlight_string($s);
> ?>
> ------------------------------
>
> (Note that it doesn't have anything to do with the fact that the
> __CLASS__ is used outside of any class scope here, I originally
> encountered the bug with a much longer script that had the __CLASS__
> properly within a class)
>
> Even though highlight_string()/highlight_file() might be considered
> minor PHP functionality, I'm setting the severity to "important" since
> the problem seriously hampers development (or makes it outright
> impossible) using for example the popular Symfony php framework. Symfony
> uses highlight_*() extensively to provide for example more friendly
> exception outputs during development, so having your apache child always
> dying with a segfault when encountering an error instead of displaying
> the error with backtrace etc. is a real problem.
>
>
> Backtrace of the Segfault:
>
> #0 _zend_mm_free_int (heap=0x7fee5d9ed048, p=0x7fee5d9ed058)
> at /tmp/buildd/php5-5.6.0~beta4+dfsg/Zend/zend_alloc.c:2104
> #1 0x00000000006c68b8 in zend_highlight (
> syntax_highlighter_ini=syntax_highlighter_ini at entry=0x7fff5203eaa0)
> at /tmp/buildd/php5-5.6.0~beta4+dfsg/Zend/zend_highlight.c:153
> #2 0x000000000069d865 in highlight_string (str=0x7fff5203e980,
> syntax_highlighter_ini=syntax_highlighter_ini at entry=0x7fff5203eaa0,
> str_name=str_name at entry=0x7fee5db28280
> "/home/sunshine/php-bug/test.php(6) : highlighted code")
> at Zend/zend_language_scanner.l:818
> #3 0x00000000005fafa9 in zif_highlight_string (ht=<optimized out>,
> return_value=0x7fee5db267b8,
> return_value_ptr=<optimized out>, this_ptr=<optimized out>,
> return_value_used=<optimized out>)
> at
> /tmp/buildd/php5-5.6.0~beta4+dfsg/ext/standard/basic_functions.c:5268
> #4 0x00000000006c2c4a in dtrace_execute_internal
> (execute_data_ptr=<optimized out>,
> fci=<optimized out>, return_value_used=<optimized out>)
> at /tmp/buildd/php5-5.6.0~beta4+dfsg/Zend/zend_dtrace.c:97
> #5 0x000000000077cdd8 in zend_do_fcall_common_helper_SPEC
> (execute_data=0x7fee5daf00f8)
> at /tmp/buildd/php5-5.6.0~beta4+dfsg/Zend/zend_vm_execute.h:560
> #6 0x000000000070e410 in execute_ex (execute_data=0x7fee5daf00f8)
> at /tmp/buildd/php5-5.6.0~beta4+dfsg/Zend/zend_vm_execute.h:363
> #7 0x00000000006c2b08 in dtrace_execute_ex (execute_data=0x7fee5daf00f8)
> at /tmp/buildd/php5-5.6.0~beta4+dfsg/Zend/zend_dtrace.c:73
> #8 0x00000000006d4dc0 in zend_execute_scripts (type=1570689096,
> type at entry=8,
> retval=0x7fee5d9ed058, retval at entry=0x0, file_count=1570796536,
> file_count at entry=3)
> at /tmp/buildd/php5-5.6.0~beta4+dfsg/Zend/zend.c:1330
> #9 0x0000000000673fdb in php_execute_script
> (primary_file=0x7fff52041140)
> at /tmp/buildd/php5-5.6.0~beta4+dfsg/main/main.c:2584
> #10 0x000000000077ed3d in do_cli (argc=1570689096, argv=0x7fee5d9ed058)
> at /tmp/buildd/php5-5.6.0~beta4+dfsg/sapi/cli/php_cli.c:994
> #11 0x00000000004620ea in main (argc=1570689096, argv=0x7fee5d9ed058)
> at /tmp/buildd/php5-5.6.0~beta4+dfsg/sapi/cli/php_cli.c:1378
>
> Please see the attached file for a "backtrace full". If necessary, I can
> also provide a core dump.
>
>
> Observations during investigating the problem:
>
> * The segfault only happens if the pgsql.so module is loaded. I tested
> different combinations of the PHP modules on my system, only the
> pgsql.so makes a difference. Whether any other modules are loaded or
> not doesn't affect the problem.
>
> * It happens with both the CLI and the Apache2 SAPI. I didn't test any
> other SAPIs, however they are probably affected as well.
>
> * The problem doesn't exist in package version 5.5.12+dfsg-2, however
> it is already present in 5.6.0~beta3+dfsg-2. No other versions
> tested.
>
> * The segfault happens right after outputting the '__CLASS__' token
> itself.
>
> * It is only triggered by '__CLASS__', other internal constants like
> '__FILE__' or '__LINE__' are fine.
>
> Regards,
> Andreas Ferber
>
> -- Package-specific info:
> ==== Additional PHP 5 information ====
>
> ++++ PHP 5 SAPI (php5query -S): ++++
> apache2
> cgi
> cli
>
> ++++ PHP 5 Extensions (php5query -M -v): ++++
> pgsql (Enabled for apache2 by maintainer script)
> pgsql (Enabled for cgi by maintainer script)
> pgsql (Enabled for cli by maintainer script)
>
> ++++ Configuration files: ++++
> [PHP]
> engine = On
> short_open_tag = Off
> asp_tags = Off
> precision = 14
> output_buffering = 4096
> zlib.output_compression = Off
> implicit_flush = Off
> unserialize_callback_func =
> serialize_precision = 17
> disable_functions =
> disable_classes =
> zend.enable_gc = On
> expose_php = On
> max_execution_time = 30
> max_input_time = 60
> memory_limit = -1
> error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
> display_errors = Off
> display_startup_errors = Off
> log_errors = On
> log_errors_max_len = 1024
> ignore_repeated_errors = Off
> ignore_repeated_source = Off
> report_memleaks = On
> track_errors = Off
> html_errors = On
> variables_order = "GPCS"
> request_order = "GP"
> register_argc_argv = Off
> auto_globals_jit = On
> post_max_size = 8M
> auto_prepend_file =
> auto_append_file =
> default_mimetype = "text/html"
> default_charset = "UTF-8"
> doc_root =
> user_dir =
> enable_dl = Off
> file_uploads = On
> upload_max_filesize = 2M
> max_file_uploads = 20
> allow_url_fopen = On
> allow_url_include = Off
> default_socket_timeout = 60
> [CLI Server]
> cli_server.color = On
> [Date]
> [filter]
> [iconv]
> [intl]
> [sqlite]
> [sqlite3]
> [Pcre]
> [Pdo]
> [Pdo_mysql]
> pdo_mysql.cache_size = 2000
> pdo_mysql.default_socket=
> [Phar]
> [mail function]
> SMTP = localhost
> smtp_port = 25
> mail.add_x_header = On
> [SQL]
> sql.safe_mode = Off
> [ODBC]
> odbc.allow_persistent = On
> odbc.check_persistent = On
> odbc.max_persistent = -1
> odbc.max_links = -1
> odbc.defaultlrl = 4096
> odbc.defaultbinmode = 1
> [Interbase]
> ibase.allow_persistent = 1
> ibase.max_persistent = -1
> ibase.max_links = -1
> ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
> ibase.dateformat = "%Y-%m-%d"
> ibase.timeformat = "%H:%M:%S"
> [MySQL]
> mysql.allow_local_infile = On
> mysql.allow_persistent = On
> mysql.cache_size = 2000
> mysql.max_persistent = -1
> mysql.max_links = -1
> mysql.default_port =
> mysql.default_socket =
> mysql.default_host =
> mysql.default_user =
> mysql.default_password =
> mysql.connect_timeout = 60
> mysql.trace_mode = Off
> [MySQLi]
> mysqli.max_persistent = -1
> mysqli.allow_persistent = On
> mysqli.max_links = -1
> mysqli.cache_size = 2000
> mysqli.default_port = 3306
> mysqli.default_socket =
> mysqli.default_host =
> mysqli.default_user =
> mysqli.default_pw =
> mysqli.reconnect = Off
> [mysqlnd]
> mysqlnd.collect_statistics = On
> mysqlnd.collect_memory_statistics = Off
> [OCI8]
> [PostgreSQL]
> pgsql.allow_persistent = On
> pgsql.auto_reset_persistent = Off
> pgsql.max_persistent = -1
> pgsql.max_links = -1
> pgsql.ignore_notice = 0
> pgsql.log_notice = 0
> [Sybase-CT]
> sybct.allow_persistent = On
> sybct.max_persistent = -1
> sybct.max_links = -1
> sybct.min_server_severity = 10
> sybct.min_client_severity = 10
> [bcmath]
> bcmath.scale = 0
> [browscap]
> [Session]
> session.save_handler = files
> session.use_strict_mode = 0
> session.use_cookies = 1
> session.use_only_cookies = 1
> session.name = PHPSESSID
> session.auto_start = 0
> session.cookie_lifetime = 0
> session.cookie_path = /
> session.cookie_domain =
> session.cookie_httponly =
> session.serialize_handler = php
> session.gc_probability = 0
> session.gc_divisor = 1000
> session.gc_maxlifetime = 1440
> session.referer_check =
> session.cache_limiter = nocache
> session.cache_expire = 180
> session.use_trans_sid = 0
> session.hash_function = 0
> session.hash_bits_per_character = 5
> url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
> [MSSQL]
> mssql.allow_persistent = On
> mssql.max_persistent = -1
> mssql.max_links = -1
> mssql.min_error_severity = 10
> mssql.min_message_severity = 10
> mssql.compatibility_mode = Off
> mssql.secure_connection = Off
> [Assertion]
> [COM]
> [mbstring]
> [gd]
> [exif]
> [Tidy]
> tidy.clean_output = Off
> [soap]
> soap.wsdl_cache_enabled=1
> soap.wsdl_cache_dir="/tmp"
> soap.wsdl_cache_ttl=86400
> soap.wsdl_cache_limit = 5
> [sysvshm]
> [ldap]
> ldap.max_links = -1
> [mcrypt]
> [dba]
> [opcache]
> [curl]
> [openssl]
>
> **** /etc/php5/cli/conf.d/20-pgsql.ini ****
> extension=pgsql.so
>
>
> -- System Information:
> Debian Release: 7.5
> APT prefers stable
> APT policy: (550, 'stable'), (500, 'stable-updates'), (250, 'testing'),
> (180, 'unstable'), (110, 'experimental')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
>
> Kernel: Linux 3.14-1-amd64 (SMP w/3 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/bash
>
> Versions of packages php5-cli depends on:
> ii libbz2-1.0 1.0.6-4
> ii libc6 2.19-1
> ii libcomerr2 1.42.5-1.1
> ii libdb5.3 5.3.28-3
> ii libedit2 3.1-20140213-1
> ii libgssapi-krb5-2 1.10.1+dfsg-5+deb7u1
> ii libk5crypto3 1.10.1+dfsg-5+deb7u1
> ii libkrb5-3 1.10.1+dfsg-5+deb7u1
> ii libmagic1 5.11-2+deb7u3
> ii libonig2 5.9.5-2
> ii libpcre3 1:8.31-5
> ii libqdbm14 1.8.78-2
> ii libssl1.0.0 1.0.1e-2+deb7u11
> ii libxml2 2.9.1+dfsg1-3
> ii mime-support 3.52-1
> ii php5-common 5.6.0~beta4+dfsg-3
> ii php5-json 1.3.5-2
> ii tzdata 2014a-0wheezy1
> ii ucf 3.0025+nmu3
> ii zlib1g 1:1.2.7.dfsg-13
>
> Versions of packages php5-cli recommends:
> ii php5-readline 5.6.0~beta4+dfsg-3
>
> Versions of packages php5-cli suggests:
> ii php-pear 5.4.4-14+deb7u11
>
> Versions of packages php5-pgsql depends on:
> ii dpkg 1.17.10
> ii libc6 2.19-1
> ii libpq5 9.3.4-2
> ii php5-common [phpapi-20131226] 5.6.0~beta4+dfsg-3
> ii ucf 3.0025+nmu3
>
> php5-pgsql recommends no packages.
>
> php5-pgsql suggests no packages.
>
> Versions of packages php5-common depends on:
> ii libc6 2.19-1
> ii lsof 4.86+dfsg-1
> ii psmisc 22.19-1+deb7u1
> ii sed 4.2.1-10
> ii ucf 3.0025+nmu3
>
> Versions of packages php5-common suggests:
> ii php5-apcu [php5-user-cache] 4.0.4-2
>
> Versions of packages libapache2-mod-php5 depends on:
> ii apache2 2.4.9-2
> ii apache2-bin [apache2-api-20120211] 2.4.9-2
> ii libbz2-1.0 1.0.6-4
> ii libc6 2.19-1
> ii libcomerr2 1.42.5-1.1
> ii libdb5.3 5.3.28-3
> ii libgssapi-krb5-2 1.10.1+dfsg-5+deb7u1
> ii libk5crypto3 1.10.1+dfsg-5+deb7u1
> ii libkrb5-3 1.10.1+dfsg-5+deb7u1
> ii libmagic1 5.11-2+deb7u3
> ii libonig2 5.9.5-2
> ii libpcre3 1:8.31-5
> ii libqdbm14 1.8.78-2
> ii libssl1.0.0 1.0.1e-2+deb7u11
> ii libstdc++6 4.9.0-6
> ii libxml2 2.9.1+dfsg1-3
> ii mime-support 3.52-1
> ii php5-common 5.6.0~beta4+dfsg-3
> ii php5-json 1.3.5-2
> ii tzdata 2014a-0wheezy1
> ii ucf 3.0025+nmu3
> ii zlib1g 1:1.2.7.dfsg-13
>
> Versions of packages libapache2-mod-php5 recommends:
> ii php5-cli 5.6.0~beta4+dfsg-3
>
> Versions of packages libapache2-mod-php5 suggests:
> ii php-pear 5.4.4-14+deb7u11
>
> -- no debconf information
>
> -- debsums errors found:
> sh: /usr/sbin/dpkg-divert: No such file or directory
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint
> Email had 2 attachments:
> + test.php
> 1k (text/x-php)
> + backtrace-full.txt
> 8k (text/plain)
--
Ondřej Surý <ondrej at sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
More information about the pkg-php-maint
mailing list