Runkit Sandbox causes PHP-FPM to crash #44

Closed
Tranelson opened this Issue Nov 13, 2012 · 1 comment

Comments

Projects
None yet
2 participants

I've got PHP-5.4.8 compiled with thread safety and FPM support, trying to run a sandbox within FPM.

When I run the following script inside PHP-FPM, I get a crash. The same script works fine on the command line. PHP-FPM is working great apart from using runkit sandbox.

            $options = array(
            'safe_mode'=>false,
            'open_basedir'=>'',
            'allow_url_fopen'=>'true',
            'disable_functions'=>'exec,shell_exec,passthru,system',
            'disable_classes'=>'myAppClass');
            
            $sandbox = new Runkit_Sandbox($options);
            $sandbox->eval('echo "hello from sandbox\n";');
            $hello = "hello world from parent";
            echo $hello;

Here's the stack trace of PHP-FPM in the core dump
#0 fcgi_finish_request (req=0x0, force_close=0)

at /home/tranelson/php-5.4.8/sapi/fpm/fpm/fastcgi.c:1040

#1 0x08440032 in sapi_cgi_deactivate (tsrm_ls=)

at /home/tranelson/php-5.4.8/sapi/fpm/fpm/fpm_main.c:843

#2 sapi_cgi_deactivate (tsrm_ls=0xa6adaf8)

at /home/tranelson/php-5.4.8/sapi/fpm/fpm/fpm_main.c:832

#3 0x0831eaf4 in sapi_deactivate (tsrm_ls=0xa6adaf8)

at /home/tranelson/php-5.4.8/main/SAPI.c:529

#4 0x08315f3c in php_request_shutdown (dummy=0xa6adaf8)

at /home/tranelson/php-5.4.8/main/main.c:1799

#5 0xb68241fb in php_runkit_sandbox_dtor (objval=0xb6a76548,

tsrm_ls=0xa51a070)
at /home/tranelson/runkit/runkit-master/runkit_sandbox.c:1838

#6 0x083ab42c in zend_objects_store_del_ref_by_handle_ex (handle=1,

handlers=0xb68307a0, tsrm_ls=0xa51a070)
at /home/tranelson/php-5.4.8/Zend/zend_objects_API.c:220

#7 0x083ab466 in zend_objects_store_del_ref (zobject=0xb6a7652c,

tsrm_ls=0xa51a070) at /home/tranelson/php-5.4.8/Zend/zend_objects_API.c:172

#8 0x08380581 in _zval_dtor_func (zvalue=0xb6a7652c)

at /home/tranelson/php-5.4.8/Zend/zend_variables.c:52

#9 0x08371768 in _zval_dtor (zvalue=)

at /home/tranelson/php-5.4.8/Zend/zend_variables.h:35

#10 _zval_ptr_dtor (zval_ptr=0xb6a766ec)

---Type to continue, or q to quit---
at /home/tranelson/php-5.4.8/Zend/zend_execute_API.c:438
#11 _zval_ptr_dtor (zval_ptr=0xb6a766ec)

at /home/tranelson/php-5.4.8/Zend/zend_execute_API.c:427

#12 0x0838f055 in zend_hash_apply_deleter (ht=0xa51bb88, p=0xb6a766e0)

at /home/tranelson/php-5.4.8/Zend/zend_hash.c:650

#13 0x083908e1 in zend_hash_reverse_apply (ht=0xa51bb88,

apply_func=0x8371590 <zval_call_destructor>, tsrm_ls=0xa51a070)
at /home/tranelson/php-5.4.8/Zend/zend_hash.c:804

#14 0x08371c1e in shutdown_destructors (tsrm_ls=0xa51a070)

at /home/tranelson/php-5.4.8/Zend/zend_execute_API.c:217

#15 0x08382098 in zend_call_destructors (tsrm_ls=0xa51a070)

at /home/tranelson/php-5.4.8/Zend/zend.c:922

#16 0x08315fc4 in php_request_shutdown (dummy=0x0)

at /home/tranelson/php-5.4.8/main/main.c:1732

#17 0x0806efc2 in main (argc=1, argv=0xbfac87a4)

at /home/tranelson/php-5.4.8/sapi/fpm/fpm/fpm_main.c:1948

Thanks
-Travis

This is happening to me too,
Ubuntu 12.10
PHP 5.4.8 (cli) (built: Nov 15 2012 20:17:03)
nginx version: nginx/1.2.1

@zenovich zenovich closed this in 555d5ab Jul 26, 2014

tony2001 added a commit to tony2001/runkit that referenced this issue Mar 25, 2015

Merge branch 'upstream'
* upstream:
  fix test
  comment out unused methods
  memory issue in sandbox's echo (may fix #44)
  importing of class extending another class was fixed #48
  compilation fixed for php4
  Fixing 'uninitialized variable' compiler error.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment