[xdebug-dev] Bug 0000329: PHP segfault due to XDebug

From: <noreply[@]lists.xdebug.org>
Date: Tue, 30 Oct 2007 17:11:21 +0100

The following bug requires your FEEDBACK.
======================================================================
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000329
======================================================================
Reporter: mhorvath
Handler:
======================================================================
Project: Xdebug
Bug ID: 329
Category: Usage problems
Reproducibility: always
Severity: crash
Priority: normal
Status: feedback
Operating System: Ubuntu 7.10 Server 64-Bit
PHP Version: 5.2.4
Xdebug Version: 2.1.0-dev
======================================================================
Date Submitted: 2007-10-30 11:24 CET
Last Modified: 2007-10-30 17:11 CET
======================================================================
Summary: PHP segfault due to XDebug
Description:
XDebug 2.1dev still crashes PHP (segfault) see bug 321 ...

--- snip ---
mhorvath[@]bamboo:~/PHX$ sudo gdb /opt/php/bin/php
[sudo] password for mhorvath:
GNU gdb 6.6-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "x86_64-linux-gnu"...
Using host libthread_db library "/lib/libthread_db.so.1".
(gdb) run -d safe_mode=Off /opt/php/bin/phpunit --log-xml
Logs/UnitTestsCodeCoverage.xml --exclude-group deactivated,CrashesXDebug
--coverage-xml Logs/CodeCoverage.xml --report Logs/CodeCoverage --verbose
UnitTests_AllTests UnitTests/AllTests.php
Starting program: /opt/php-5.2.4/bin/php -d safe_mode=Off
/opt/php/bin/phpunit --log-xml Logs/UnitTestsCodeCoverage.xml
--exclude-group deactivated,CrashesXDebug --coverage-xml
Logs/CodeCoverage.xml --report Logs/CodeCoverage --verbose
UnitTests_AllTests UnitTests/AllTests.php
[Thread debugging using libthread_db enabled]
[New Thread 47078054756912 (LWP 21939)]
PHPUnit 3.2.0RC1 by Sebastian Bergmann.

...

  Phoenix Unit Tests - Modules - User
   UnitTests_Modules_User_Models_ApiTest
   ..............

Time: 3 seconds

There were 2 errors:

1)
testSearchCorrect(UnitTests_Modules_Phoenix_Libraries_FindUserFromNameTest)
PDOException: SQLSTATE[HY000]: General error: 1429 Unable to connect to
foreign data source: Can't connect to sphinx server
/data/bamboo/build-dir/PHX-TRUNK/Libraries/Phx/Db/Statement.php:354
/data/bamboo/build-dir/PHX-TRUNK/Modules/Phoenix/Libraries/FindUserFromName.php:67
/data/bamboo/build-dir/PHX-TRUNK/Tests/UnitTests/Modules/Phoenix/Libraries/FindUserFromNameTest.php:39

2)
testSearchCountResult(UnitTests_Modules_Phoenix_Libraries_FindUserFromNameTest)
PDOException: SQLSTATE[HY000]: General error: 1429 Unable to connect to
foreign data source: Can't connect to sphinx server
/data/bamboo/build-dir/PHX-TRUNK/Libraries/Phx/Db/Statement.php:354
/data/bamboo/build-dir/PHX-TRUNK/Modules/Phoenix/Libraries/FindUserFromName.php:67
/data/bamboo/build-dir/PHX-TRUNK/Tests/UnitTests/Modules/Phoenix/Libraries/FindUserFromNameTest.php:46

FAILURES!
Tests: 235, Errors: 2.

Writing code coverage data to XML file, this may take a moment.
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 47078054756912 (LWP 21939)]
0x00000000007672cf in lex_scan (zendlval=0x7fff7759e900) at
/usr/local/src/php-5.2.4/Zend/zend_language_scanner.c:4988
4988 len += strlen(func_name);
(gdb) bt
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000000 0x00000000007672cf in lex_scan (zendlval=0x7fff7759e900) at
/usr/local/src/php-5.2.4/Zend/zend_language_scanner.c:4988
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000001 0x0000000000717227 in tokenize (return_value=0x6134d68) at
/usr/local/src/php-5.2.4/ext/tokenizer/tokenizer.c:161
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000002 0x0000000000717383 in zif_token_get_all (ht=1, return_value=0x6134d68,
return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at
/usr/local/src/php-5.2.4/ext/tokenizer/tokenizer.c:227
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000003 0x00000000007bffc9 in execute_internal
(execute_data_ptr=0x7fff7759f190, return_value_used=1) at
/usr/local/src/php-5.2.4/Zend/zend_execute.c:1385
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000004 0x00002ad136ddba45 in xdebug_execute_internal
(current_execute_data=0x7fff7759f190, return_value_used=1) at
/usr/local/src/xdebug/xdebug.c:1598
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000005 0x00002ad1372308e9 in suhosin_execute_internal
(execute_data_ptr=0x7fff7759f190, return_value_used=1) at
/usr/local/src/suhosin-0.9.20/execute.c:1151
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000006 0x00000000007c08b3 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff7759f190) at
/usr/local/src/php-5.2.4/Zend/zend_vm_execute.h:202
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000007 0x00000000007c7048 in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0x7fff7759f190) at
/usr/local/src/php-5.2.4/Zend/zend_vm_execute.h:1681
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000008 0x00000000007c02e6 in execute (op_array=0x2ad133685ab0) at
/usr/local/src/php-5.2.4/Zend/zend_vm_execute.h:92
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000009 0x00002ad136ddb6d2 in xdebug_execute (op_array=0x2ad133685ab0) at
/usr/local/src/xdebug/xdebug.c:1534
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000010 0x00002ad137230bdd in suhosin_execute_ex (op_array=0x2ad133685ab0,
zo=0, dummy=0) at /usr/local/src/suhosin-0.9.20/execute.c:558
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000011 0x00000000007c0a7f in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff7759f960) at
/usr/local/src/php-5.2.4/Zend/zend_vm_execute.h:234
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000012 0x00000000007c1770 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x7fff7759f960) at
/usr/local/src/php-5.2.4/Zend/zend_vm_execute.h:322
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000013 0x00000000007c02e6 in execute (op_array=0x2ad133684058) at
/usr/local/src/php-5.2.4/Zend/zend_vm_execute.h:92
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000014 0x00002ad136ddb6d2 in xdebug_execute (op_array=0x2ad133684058) at
/usr/local/src/xdebug/xdebug.c:1534
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000015 0x00002ad137230bdd in suhosin_execute_ex (op_array=0x2ad133684058,
zo=0, dummy=0) at /usr/local/src/suhosin-0.9.20/execute.c:558
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000016 0x00000000007c0a7f in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff775a2af0) at
/usr/local/src/php-5.2.4/Zend/zend_vm_execute.h:234
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000017 0x00000000007c1770 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x7fff775a2af0) at
/usr/local/src/php-5.2.4/Zend/zend_vm_execute.h:322
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000018 0x00000000007c02e6 in execute (op_array=0x18d82d0) at
/usr/local/src/php-5.2.4/Zend/zend_vm_execute.h:92
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000019 0x00002ad136ddb6d2 in xdebug_execute (op_array=0x18d82d0) at
/usr/local/src/xdebug/xdebug.c:1534
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000020 0x00002ad137230bdd in suhosin_execute_ex (op_array=0x18d82d0, zo=0,
dummy=0) at /usr/local/src/suhosin-0.9.20/execute.c:558
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000021 0x00000000007c0a7f in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff775a69b0) at
/usr/local/src/php-5.2.4/Zend/zend_vm_execute.h:234
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000022 0x00000000007c1770 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x7fff775a69b0) at
/usr/local/src/php-5.2.4/Zend/zend_vm_execute.h:322
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000023 0x00000000007c02e6 in execute (op_array=0x1064148) at
/usr/local/src/php-5.2.4/Zend/zend_vm_execute.h:92
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000024 0x00002ad136ddb6d2 in xdebug_execute (op_array=0x1064148) at
/usr/local/src/xdebug/xdebug.c:1534
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000025 0x00002ad137230bdd in suhosin_execute_ex (op_array=0x1064148, zo=0,
dummy=0) at /usr/local/src/suhosin-0.9.20/execute.c:558
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000026 0x00000000007c0a7f in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff775a77d0) at
/usr/local/src/php-5.2.4/Zend/zend_vm_execute.h:234
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000027 0x00000000007c1770 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x7fff775a77d0) at
/usr/local/src/php-5.2.4/Zend/zend_vm_execute.h:322
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000028 0x00000000007c02e6 in execute (op_array=0x101a4b0) at
/usr/local/src/php-5.2.4/Zend/zend_vm_execute.h:92
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000029 0x00002ad136ddb6d2 in xdebug_execute (op_array=0x101a4b0) at
/usr/local/src/xdebug/xdebug.c:1534
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000030 0x00002ad137230bdd in suhosin_execute_ex (op_array=0x101a4b0, zo=0,
dummy=0) at /usr/local/src/suhosin-0.9.20/execute.c:558
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000031 0x00000000007c0a7f in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fff775a7da0) at
/usr/local/src/php-5.2.4/Zend/zend_vm_execute.h:234
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000032 0x00000000007c1770 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x7fff775a7da0) at
/usr/local/src/php-5.2.4/Zend/zend_vm_execute.h:322
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000033 0x00000000007c02e6 in execute (op_array=0xf0d0c8) at
/usr/local/src/php-5.2.4/Zend/zend_vm_execute.h:92
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000034 0x00002ad136ddb6d2 in xdebug_execute (op_array=0xf0d0c8) at
/usr/local/src/xdebug/xdebug.c:1534
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000035 0x00002ad137230bdd in suhosin_execute_ex (op_array=0xf0d0c8, zo=0,
dummy=0) at /usr/local/src/suhosin-0.9.20/execute.c:558
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000036 0x00000000007c8079 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER
(execute_data=0x7fff775a81f0) at
/usr/local/src/php-5.2.4/Zend/zend_vm_execute.h:2030
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000037 0x00000000007c02e6 in execute (op_array=0xf0b7f8) at
/usr/local/src/php-5.2.4/Zend/zend_vm_execute.h:92
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000038 0x00002ad136ddb6d2 in xdebug_execute (op_array=0xf0b7f8) at
/usr/local/src/xdebug/xdebug.c:1534
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000039 0x00002ad137230bdd in suhosin_execute_ex (op_array=0xf0b7f8, zo=0,
dummy=0) at /usr/local/src/suhosin-0.9.20/execute.c:558
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000040 0x0000000000795ebc in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /usr/local/src/php-5.2.4/Zend/zend.c:1215
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000041 0x0000000000732b0b in php_execute_script (primary_file=0x7fff775aa9c0)
at /usr/local/src/php-5.2.4/main/main.c:2003
http://bugs.xdebug.org/bug_view_page.php?bug_id=0000042 0x000000000081d6cc in main (argc=15, argv=0x7fff775aac08) at
/usr/local/src/php-5.2.4/sapi/cli/php_cli.c:1146
(gdb) list
4983
4984 if (class_name) {
4985 len += strlen(class_name) + 2;
4986 }
4987 if (func_name) {
4988 len += strlen(func_name);
4989 }
4990
4991 zendlval->value.str.len =
zend_spprintf(&zendlval->value.str.val, 0, "%s%s%s",
4992 class_name ? class_name : "",
(gdb)
======================================================================

----------------------------------------------------------------------
 derick - 2007-10-30 11:29 CET
----------------------------------------------------------------------
Could you do a "print func_name" instead of "bt" for me?

----------------------------------------------------------------------
 mhorvath - 2007-10-30 11:33 CET
----------------------------------------------------------------------
--- snip ---

[Switching to Thread 47243155223088 (LWP 23149)]
0x00000000007672cf in lex_scan (zendlval=0x7fff06989e10) at
/usr/local/src/php-5.2.4/Zend/zend_language_scanner.c:4988
4988 len += strlen(func_name);
(gdb) print func_name
$1 = 0x74636e7566206369 <Address 0x74636e7566206369 out of bounds>

--- snip ---

Hm, should I be doing something else?

----------------------------------------------------------------------
 derick - 2007-10-30 13:38 CET
----------------------------------------------------------------------
Hmm, that is sorta useless :) Could you perhaps hand me over a (short) test
case that exhibits this problem?

----------------------------------------------------------------------
 mhorvath - 2007-10-30 15:22 CET
----------------------------------------------------------------------
Hm, I kindly don#t know, which test is responsible for the issue ... and I
cannot send you over our sources because of IP issues ... any other way to
help resolving the problem?

:(

----------------------------------------------------------------------
 derick - 2007-10-30 17:11 CET
----------------------------------------------------------------------
Not really, unless you want to spend some time to make a short reproducable
case out of this. But your first comment shows a stop in
zend_language_scanner... not in Xdebug. Did you interrupt it or something?
Try to do the print func_name when the segfault occurs...

Bug History
Date Modified Username Field Change
======================================================================
2007-10-30 11:24mhorvath New Bug
2007-10-30 11:24mhorvath Bug Monitored: mhorvath
2007-10-30 11:29derick Bugnote Added: 0000785
2007-10-30 11:33mhorvath Bugnote Added: 0000786
2007-10-30 13:38derick Bugnote Added: 0000787
2007-10-30 15:22mhorvath Bugnote Added: 0000788
2007-10-30 17:11derick Bugnote Added: 0000789
2007-10-30 17:11derick Status new => feedback
======================================================================
Received on Tue Oct 30 2007 - 17:11:22 GMT

This archive was generated by hypermail 2.2.0 : Sun Jun 24 2018 - 04:00:03 BST