[php-maint] Bug#777275: php5-cli: Odd compiled assembly causing mmap detection to sometimes fail

anon no-email at example.com
Sat Feb 7 09:49:26 UTC 2015


Package: php5-cli
Version: 5.6.5+dfsg-1
Severity: normal

Dear Maintainer,

I've noticed some weird assembly being generated in the following piece of code.  I've only noticed this in the Debian amd64 binary - DotDeb's version doesn't seem to have the issue.
I suspect that this may be related to a compiler issue.

>From main/streams/plain_wrapper.c:

				switch (value) {
					case PHP_STREAM_MMAP_SUPPORTED:
						return fd == -1 ? PHP_STREAM_OPTION_RETURN_ERR : PHP_STREAM_OPTION_RETURN_OK;

					case PHP_STREAM_MMAP_MAP_RANGE:
						do_fstat(data, 1);

The above return statement (third line) seems to compile to the following:

  >x0x6a4740 <php_stdiop_set_option+672>    cmp    $0xffffffff,%r14d                      ; if (fd == -1)
   x0x6a4744 <php_stdiop_set_option+676>    je     0x6a4632 <php_stdiop_set_option+402>   ;   return -1
   x0x6a474a <php_stdiop_set_option+682>    mov    $0x1,%esi                              ;
   x0x6a474f <php_stdiop_set_option+687>    mov    %rbp,%rdi                              ;
   x0x6a4752 <php_stdiop_set_option+690>    callq  0x6a4440 <do_fstat>                    ; do_fstat(%rdi, 1)
   x0x6a4757 <php_stdiop_set_option+695>    xor    %eax,%eax                              ;
   x0x6a4759 <php_stdiop_set_option+697>    cmpq   $0x400000,0x60(%rbp)                   ; %eax = -( *(%rbp+0x60) > 0x400000 )
   x0x6a4761 <php_stdiop_set_option+705>    setg   %al                                    ;
   x0x6a4764 <php_stdiop_set_option+708>    neg    %eax                                   ;
   x0x6a4766 <php_stdiop_set_option+710>    jmpq   0x6a4538 <php_stdiop_set_option+152>   ; return %eax

First bit looks okay, but I don't know what the rest is about.  DotDeb's binary seems to compile to the following:

  >x0x693f55 <php_stdiop_set_option+437>    cmp    $0xffffffff,%r13d                      ; if (fd == -1)
   x0x693f59 <php_stdiop_set_option+441>    je     0x693ea8 <php_stdiop_set_option+264>   ;   return -1
   x0x693f5f <php_stdiop_set_option+447>    xor    %ebx,%ebx                              ; %ebx = 0
   x0x693f61 <php_stdiop_set_option+449>    jmpq   0x693de3 <php_stdiop_set_option+67>    ; return %ebx

....which makes a whole lot more sense.

I'm not sure what the "0x60(%rbp)" is referring to, but I've seen the comparison evaluate to true and false in various cases, sometimes causing mmap detection to fail.

I've only tested this with PHP 5.6.5 so I don't know what version it showed up in.

If you want a way to test it yourself, you can use the following PHP script:

# cat >t.php
	<?php
	$fr=fopen('/bin/ls','rb');
	$fw=fopen('/dev/null','wb');
	stream_copy_to_stream($fr, $fw);
^D
# gdb php
	break php_stdiop_set_option
	run t.php
	
	[ when it breaks, step through the assembly until you see the above ]




-- Package-specific info:
==== Additional PHP 5 information ====

++++ PHP 5 SAPI (php5query -S): ++++
cli

++++ PHP 5 Extensions (php5query -M -v): ++++
pdo (Enabled for cli by maintainer script)
opcache (Enabled for cli by maintainer script)
json (Enabled for cli by maintainer script)

++++ Configuration files: ++++
[PHP]
engine = On
short_open_tag = On
asp_tags = Off
precision = 14
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
unserialize_callback_func =
serialize_precision = 17
disable_functions =
disable_classes =
zend.enable_gc = On
expose_php = On
max_execution_time = 30
max_input_time = 60
memory_limit = -1
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors = Off
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
track_errors = Off
html_errors = On
variables_order = "GPCS"
request_order = "GP"
register_argc_argv = Off
auto_globals_jit = On
post_max_size = 8M
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
doc_root =
user_dir =
enable_dl = On
file_uploads = On
upload_max_filesize = 2M
max_file_uploads = 20
allow_url_fopen = On
allow_url_include = Off
default_socket_timeout = 60
[CLI Server]
cli_server.color = On
[Date]
[filter]
[iconv]
[intl]
[sqlite]
[sqlite3]
[Pcre]
[Pdo]
[Pdo_mysql]
pdo_mysql.cache_size = 2000
pdo_mysql.default_socket=
[Phar]
[mail function]
SMTP = localhost
smtp_port = 25
mail.add_x_header = On
[SQL]
sql.safe_mode = Off
[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
[Interbase]
ibase.allow_persistent = 1
ibase.max_persistent = -1
ibase.max_links = -1
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
ibase.dateformat = "%Y-%m-%d"
ibase.timeformat = "%H:%M:%S"
[MySQL]
mysql.allow_local_infile = On
mysql.allow_persistent = On
mysql.cache_size = 2000
mysql.max_persistent = -1
mysql.max_links = -1
mysql.default_port =
mysql.default_socket =
mysql.default_host =
mysql.default_user =
mysql.default_password =
mysql.connect_timeout = 60
mysql.trace_mode = Off
[MySQLi]
mysqli.max_persistent = -1
mysqli.allow_persistent = On
mysqli.max_links = -1
mysqli.cache_size = 2000
mysqli.default_port = 3306
mysqli.default_socket =
mysqli.default_host =
mysqli.default_user =
mysqli.default_pw =
mysqli.reconnect = Off
[mysqlnd]
mysqlnd.collect_statistics = On
mysqlnd.collect_memory_statistics = Off
[OCI8]
[PostgreSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0
[Sybase-CT]
sybct.allow_persistent = On
sybct.max_persistent = -1
sybct.max_links = -1
sybct.min_server_severity = 10
sybct.min_client_severity = 10
[bcmath]
bcmath.scale = 0
[browscap]
[Session]
session.save_handler = files
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.serialize_handler = php
session.gc_probability = 0
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 5
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
[MSSQL]
mssql.allow_persistent = On
mssql.max_persistent = -1
mssql.max_links = -1
mssql.min_error_severity = 10
mssql.min_message_severity = 10
mssql.compatability_mode = Off
mssql.secure_connection = Off
[Assertion]
[COM]
[mbstring]
[gd]
[exif]
[Tidy]
tidy.clean_output = Off
[soap]
soap.wsdl_cache_enabled=1
soap.wsdl_cache_dir="/tmp"
soap.wsdl_cache_ttl=86400
soap.wsdl_cache_limit = 5
[sysvshm]
[ldap]
ldap.max_links = -1
[mcrypt]
[dba]
[curl]

**** /etc/php5/cli/conf.d/20-json.ini ****
extension=json.so

**** /etc/php5/cli/conf.d/10-pdo.ini ****
extension=pdo.so

**** /etc/php5/cli/conf.d/05-opcache.ini ****
zend_extension=opcache.so


-- System Information:
Debian Release: 7.8
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 2.6.32-042stab092.2 (SMP w/6 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

Versions of packages php5-cli depends on:
ii  libbz2-1.0        1.0.6-4
ii  libc6             2.19-13
ii  libcomerr2        1.42.5-1.1
ii  libdb5.3          5.3.28-7~deb8u1
ii  libedit2          2.11-20080614-5
ii  libgssapi-krb5-2  1.10.1+dfsg-5+deb7u3
ii  libk5crypto3      1.10.1+dfsg-5+deb7u3
ii  libkrb5-3         1.10.1+dfsg-5+deb7u3
ii  libmagic1         5.11-2+deb7u7
ii  libonig2          5.9.5-3.2
ii  libpcre3          2:8.35-3.3
ii  libqdbm14         1.8.78-2
ii  libssl1.0.0       1.0.1e-2+deb7u14
ii  libxml2           2.9.1+dfsg1-4
ii  mime-support      3.52-1+deb7u1
ii  php5-common       5.6.5+dfsg-1
ii  php5-json         1.3.6-1
ii  tzdata            2014j-0wheezy1
ii  ucf               3.0025+nmu3
ii  zlib1g            1:1.2.7.dfsg-13

Versions of packages php5-cli recommends:
pn  php5-readline  <none>

Versions of packages php5-cli suggests:
pn  php-pear  <none>

Versions of packages php5-common depends on:
ii  libc6   2.19-13
ii  lsof    4.86+dfsg-1
ii  psmisc  22.19-1+deb7u1
ii  sed     4.2.1-10
ii  ucf     3.0025+nmu3

Versions of packages php5-common suggests:
pn  php5-user-cache  <none>

-- no debconf information



More information about the pkg-php-maint mailing list