Segmentation fault when run php -i

[csandanov]

I get a segmentation fault when run php -i inside of a php docker container based on alpine with imagick 3.3.4 installed via pecl. Reproduced with PHP 5.3, 5.6, 7.0, 7.1

I've prepared an image with php 7.1 compiled with --enable-debug option and pre-installed imagick:
https://github.com/csandanov/php-imagick

You can reproduce it by running:

# With option for strace:
$ docker run --rm -ti --security-opt seccomp:unconfined csandanov/php-imagick sh
# From container:
$ php -i

You will see a segmentation fault at the very end of the output. I tried to trace it but nothing helpful:

$ apk add --update strace
$ strace php -i
### ...
--- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=0} ---
+++ killed by SIGSEGV +++
Segmentation fault

Not sure how this could affect working applications.

[Danack]

Installing valgrind and running php -i through that, I can see that the error is in the underlying ImageMagick library, rather than Imagick itself.

==18== Invalid write of size 8
==18==    at 0x72688B5: CreateMagickThreadKey (in /usr/lib/libMagickCore-6.Q16.so.2.0.0)
==18==    by 0x175C559D: RegisterTIFFImage (in /usr/lib/ImageMagick-6.9.5/modules-Q16/coders/tiff.so)
....
==18==  Address 0x87091e8 is 0 bytes after a block of size 8 alloc'd
==18==    at 0x4C91A2C: malloc (vg_replace_malloc.c:299)
==18==    by 0x7268893: CreateMagickThreadKey (in /usr/lib/libMagickCore-6.Q16.so.2.0.0)
==18==    by 0x175C559D: RegisterTIFFImage (in /usr/lib/ImageMagick-6.9.5/modules-Q16/coders/tiff.so)

Someone else has the same issue docker-library/php#275 and reported it at alpine https://bugs.alpinelinux.org/issues/6021.

If you want to investigate this, you should either use gdb to step through ImageMagick's code, or just put some debugging in place. In particular I think that the code may be assuming that the size of a pointer to MagickThreadKey is going to be the same size as the pthread_key_t structure, which might not be the case.

Alternatively, if you just want to get it working, compiling ImageMagick without thread support would probably work.

[csandanov]

Thanks for the feedback. I see that ImageMagick is already compiled with --without-threads flag https://git.alpinelinux.org/cgit/aports/tree/main/imagemagick/APKBUILD?h=3.4-stable#n62

[Danack]

Apparently CreateMagickThreadKey still does stuff when threads aren't compiled in.

https://github.com/ImageMagick/ImageMagick/blob/ac23b02ecb741e5de60f5235ea443790c88a0b80/magick/thread.c#L145-L166

Either stepping through that code, or just putting in printfs to find the exact line that is causing the issue would be the next step in finding what the error is.

Actually - opening an issue with the ImageMagick guys at https://github.com/ImageMagick/ImageMagick/ would also be a good idea.

[Danack]

Just to set your expectations, investigating this your self, at least as far as finding the exact line that is causing the problem is going to get it resolved far faster than waiting for people who don't use Alpine linux to investigate it.

[Danack]

Or they might fix it within 48 hours.

I'm going to close this as there's no further action for me to take.