Segmentation fault with enabled suhosin
milo opened this issue · 1 comments
milo commented
Hi,
I'm getting segfault with suhosin enabled. When disabled, everything works fine. Environment and steps to reproduce it:
# uname -a
Linux jessie 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u4 (2016-02-29) x86_64 GNU/Linux
# dpkg -l | grep php
ii dh-php5 0.2 all
ii libapache2-mod-php5 5.6.29+dfsg-0+deb8u1 amd64
ii php-pear 5.6.29+dfsg-0+deb8u1 all
ii php5-cli 5.6.29+dfsg-0+deb8u1 amd64
ii php5-common 5.6.29+dfsg-0+deb8u1 amd64
ii php5-dev 5.6.29+dfsg-0+deb8u1 amd64
ii php5-fpm 5.6.29+dfsg-0+deb8u1 amd64
ii php5-json 1.3.6-1 amd64
ii php5-mysqlnd 5.6.29+dfsg-0+deb8u1 amd64
ii php5-readline 5.6.29+dfsg-0+deb8u1 amd64
ii php5-sqlite 5.6.29+dfsg-0+deb8u1 amd64
ii php5-suhosin-extension 0.9.38-1 amd64
ii pkg-php-tools 1.28 all
# php -v
PHP 5.6.29-0+deb8u1 (cli) (built: Dec 13 2016 16:02:08)
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies
with Suhosin v0.9.38, Copyright (c) 2007-2015, by SektionEins GmbH
# php -m
# suhosin module is from "deb http://repo.suhosin.org/ debian-jessie main"
[PHP Modules]
bcmath
bz2
calendar
Core
ctype
date
dba
dom
ereg
exif
fileinfo
filter
ftp
gettext
hash
iconv
json
libxml
mbstring
mhash
mysql
mysqli
mysqlnd
ncurses
openssl
pcntl
pcre
PDO
pdo_mysql
pdo_sqlite
Phar
posix
readline
Reflection
session
shmop
Following is the setup of Nette Sanbox application:
# Setup by Composer (if you prefer prepared zipped application, let me know)
cd /tmp
composer create-project nette/sandbox sandbox v2.4.3
Segfault can be reproduced from CLI
cd /tmp/sandbox/www/
php index.php
Segmentation fault
Or if you wish reproduce it from Apache2, setup proper permissions:
cd /tmp/sandbox
chown www-data:www-data log temp
chmod 775 log temp
cd /var/www/
ln -s /tmp/sandbox/www sandbox
# go to http://localhost/sandbox
# in log
[Mon Feb 06 17:42:59.378335 2017] [core:notice] [pid 14486] AH00052: child pid 14563 exit signal Segmentation fault (11)
[Mon Feb 06 17:42:59.378341 2017] [core:notice] [pid 14486] AH00052: child pid 14564 exit signal Segmentation fault (11)
[Mon Feb 06 17:42:59.378346 2017] [core:notice] [pid 14486] AH00052: child pid 14565 exit signal Segmentation fault (11)
[Mon Feb 06 17:42:59.378352 2017] [core:notice] [pid 14486] AH00052: child pid 14566 exit signal Segmentation fault (11)
[Mon Feb 06 17:43:00.380444 2017] [core:notice] [pid 14486] AH00052: child pid 14560 exit signal Segmentation fault (11)
If you don't want to prepare setup, please, let me, how can I collect debug information for you.
Btw. I have to disable suhosin module for composer
to run.
milo commented
I tried to isolate it and:
1) there is a generated warning
2) translated to exception
3) which is thrown inside a `__toString()` method
4) and it cause the segfault on the given stack
Isolated source of warning is:
$func = 'preg_replace';
$args = [
0 => '#a#',
1 => 'b',
2 => 'aaa',
];
$func(...$args);
# PHP Warning: preg_replace() expects at least 3 parameters, 0 given in /var/www/html/sandbox/www/test.php on line 11
In the sendbox setup a posted above, the warning is thrown on this line.