segmentation fault when calling phpinfo() in ZTS builds
dunglas opened this issue · 2 comments
dunglas commented
Calling phpinfo();
in a script with ZTS builds causes segmentation faults.
Here is the GDB backtrace:
#0 0x0000fffff7fa9128 in strlen () from /lib/ld-musl-aarch64.so.1
#1 0x00000000004259d8 in smart_str_appends (
src=0x100000001 <error: Cannot access memory at address 0x100000001>, dest=0xffffb08e7f08)
at /static-php-cli/source/php-src/Zend/zend_smart_str.h:176
#2 zm_info_apcu (zend_module=0x21f04e0 <apcu_module_entry>)
at /static-php-cli/source/php-src/ext/apcu/php_apc.c:189
#3 0x0000000000429e70 in php_print_info (flag=-1) at /static-php-cli/source/php-src/ext/standard/info.c:967
#4 0x0000000000a77af0 in zif_phpinfo (execute_data=<optimized out>, return_value=0xffffb08e8078)
at /static-php-cli/source/php-src/ext/standard/info.c:1286
#5 0x00000000007e4c78 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER ()
at /static-php-cli/source/php-src/Zend/zend_vm_execute.h:1250
#6 execute_ex (ex=<optimized out>) at /static-php-cli/source/php-src/Zend/zend_vm_execute.h:56040
#7 0x00000000007ef9a4 in zend_execute (op_array=0xffffb0671000, return_value=0x0)
at /static-php-cli/source/php-src/Zend/zend_vm_execute.h:60408
#8 0x00000000007769ec in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0,
file_count=file_count@entry=3) at /static-php-cli/source/php-src/Zend/zend.c:1827
#9 0x0000000000729da0 in php_execute_script (primary_file=0x0)
at /static-php-cli/source/php-src/main/main.c:2557
#10 0x0000000000720b40 in frankenphp_execute_script ()
#11 0x000000000071ecb4 in _cgo_a58bc83e1d24_Cfunc_frankenphp_execute_script ()
#12 0x00000000004992bc in runtime.asmcgocall () at /usr/local/go/src/runtime/asm_arm64.s:974
#13 0x0000004000082680 in ?? ()
#14 0x0000ffffb08ea740 in ?? ()
#15 0xf9401bf7a94153f3 in ?? ()
To reproduce, run this FrankenPHP test: https://github.com/dunglas/frankenphp/blob/main/frankenphp_test.go#L335-L336
All other tests pass.
nikic commented
Is this reproducible without FrankenPHP? At least I don't see a crash for a plain phpinfo call with a ZTS build.
The serializer registration mechanism is certainly not thread-safe, but I believe that's fine as it happens in MINIT.
dunglas commented
I don't know if it's reproducible in other contexts. That's not a big issue anyway as just ˋphpinfo()ˋ looks affected.