Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

seg fault when i do several calls to zephir functions #2411

Open
tecworks-dev opened this issue Sep 13, 2023 · 9 comments
Open

seg fault when i do several calls to zephir functions #2411

tecworks-dev opened this issue Sep 13, 2023 · 9 comments

Comments

@tecworks-dev
Copy link

Hi

Im getting seg fault core dump when i run several

The issue persists across various PHP versions and the latest Zephir version. Compiling with debug isn't an option because the ionCube loader doesn't support it, and other script functions rely on ionCube. The problem seems to be related to memory overwrites, as indicated by the issue being resolved when using USE_ZEND_ALLOC=0. Interestingly, reducing the code size or commenting out any single functions prevents the segmentation fault from occurring.

zend_mm_alloc_small (bin_num=5, heap=0x7ffff4400040) at /home/xui/bin/php-7.4.10/Zend/zend_alloc.c:1255
1255 heap->free_slot[bin_num] = p->next_free_slot;
1: x/i $pc
=> 0x555555a74ea8 <_emalloc+104>: mov (%rax),%rcx
(gdb) list
1250 } while (0);
1251 #endif
1252
1253 if (EXPECTED(heap->free_slot[bin_num] != NULL)) {
1254 zend_mm_free_slot p = heap->free_slot[bin_num];
1255 heap->free_slot[bin_num] = p->next_free_slot;
1256 return (void
)p;
1257 } else {
1258 return zend_mm_alloc_small_slow(heap, bin_num ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
1259 }
(gdb) bt
#0 zend_mm_alloc_small (bin_num=5, heap=0x7ffff4400040) at /home/xui/bin/php-7.4.10/Zend/zend_alloc.c:1255
#1 zend_mm_alloc_heap (size=, heap=0x7ffff4400040) at /home/xui/bin/php-7.4.10/Zend/zend_alloc.c:1326
#2 _emalloc (size=) at /home/xui/bin/php-7.4.10/Zend/zend_alloc.c:2539
#3 0x00007ffff469b4a6 in zephir_concat_vv.constprop () from /home/xui/bin/php/lib/php/extensions/no-debug-non-zts-20190902/xui.so
#4 0x00007ffff46af595 in zim_Xui_Functions_loggerrr4 () from /home/xui/bin/php/lib/php/extensions/no-debug-non-zts-20190902/xui.so
#5 0x0000555555a8b5c7 in zend_call_function (fci=0x7fffffffa3c0, fci_cache=0x7fffffffa3a0) at /home/xui/bin/php-7.4.10/Zend/zend_execute_API.c:826
#6 0x00007ffff4691993 in zephir_call_user_function.constprop () from /home/xui/bin/php/lib/php/extensions/no-debug-non-zts-20190902/xui.so
#7 0x00007ffff46a9cc2 in zephir_call_class_method_aparams () from /home/xui/bin/php/lib/php/extensions/no-debug-non-zts-20190902/xui.so
#8 0x00007ffff469f8ba in zim_Xui_Functions_connect () from /home/xui/bin/php/lib/php/extensions/no-debug-non-zts-20190902/xui.so
#9 0x0000555555b20c4e in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER () at /home/xui/bin/php-7.4.10/Zend/zend_vm_execute.h:1730
#10 execute_ex (ex=0x7ffff4400040) at /home/xui/bin/php-7.4.10/Zend/zend_vm_execute.h:53772
#11 0x0000555555b220ad in zend_execute (op_array=0x7ffff44722a0, return_value=0x0) at /home/xui/bin/php-7.4.10/Zend/zend_vm_execute.h:57864
#12 0x0000555555a9a05c in zend_execute_scripts (type=type@entry=8, retval=0x7fffd498ffc0, retval@entry=0x0, file_count=-197054432, file_count@entry=3) at /home/xui/bin/php-7.4.10/Zend/zend.c:1677
#13 0x0000555555a3b2b0 in php_execute_script (primary_file=) at /home/xui/bin/php-7.4.10/main/main.c:2621
#14 0x0000555555b241f2 in do_cli (argc=2, argv=0x55555677e910) at /home/xui/bin/php-7.4.10/sapi/cli/php_cli.c:964
#15 0x000055555579f2a8 in main (argc=2, argv=0x55555677e910) at /home/xui/bin/php-7.4.10/sapi/cli/php_cli.c:1359

heres another
gdb --args /home/xui/bin/php/bin/php ../../www/getxui.php
(gdb) display/i $pc
(gdb) run
Starting program: /home/xui/bin/php/bin/php ../../www/getxui.php
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffd33bb700 (LWP 1633712)]
[Thread 0x7fffd33bb700 (LWP 1633712) exited]
Thread 1 "php" received signal SIGSEGV, Segmentation fault.
zend_mm_alloc_small (bin_num=5, heap=0x7ffff4400040) at /home/xui/bin/php-7.4.10/Zend/zend_alloc.c:1255
1255 heap->free_slot[bin_num] = p->next_free_slot;
1: x/i $pc
=> 0x555555a636a8 <_emalloc+104>: mov (%rax),%rcx
(gdb) bt
#0 zend_mm_alloc_small (bin_num=5, heap=0x7ffff4400040) at /home/xui/bin/php-7.4.10/Zend/zend_alloc.c:1255
#1 zend_mm_alloc_heap (size=, heap=0x7ffff4400040) at /home/xui/bin/php-7.4.10/Zend/zend_alloc.c:1326
#2 _emalloc (size=) at /home/xui/bin/php-7.4.10/Zend/zend_alloc.c:2539
#3 0x00007ffff46cd266 in zephir_concat_vv.constprop () from /home/xui/bin/php/lib/php/extensions/no-debug-non-zts-20190902/xui.so
#4 0x00007ffff46df4d1 in zim_Xui_Functions_loggerrr4 () from /home/xui/bin/php/lib/php/extensions/no-debug-non-zts-20190902/xui.so
#5 0x0000555555a79dc7 in zend_call_function (fci=0x7fffffffa3e0, fci_cache=0x7fffffffa3c0) at /home/xui/bin/php-7.4.10/Zend/zend_execute_API.c:826
#6 0x00007ffff46c3973 in zephir_call_user_function.constprop () from /home/xui/bin/php/lib/php/extensions/no-debug-non-zts-20190902/xui.so
#7 0x00007ffff46d7002 in zephir_call_class_method_aparams () from /home/xui/bin/php/lib/php/extensions/no-debug-non-zts-20190902/xui.so
#8 0x00007ffff46d00aa in zim_Xui_Functions_connect () from /home/xui/bin/php/lib/php/extensions/no-debug-non-zts-20190902/xui.so
#9 0x0000555555b0f44e in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER () at /home/xui/bin/php-7.4.10/Zend/zend_vm_execute.h:1730
#10 execute_ex (ex=0x7ffff4400040) at /home/xui/bin/php-7.4.10/Zend/zend_vm_execute.h:53772
#11 0x0000555555b108ad in zend_execute (op_array=0x7ffff44732a0, return_value=0x0) at /home/xui/bin/php-7.4.10/Zend/zend_vm_execute.h:57864
#12 0x0000555555a8885c in zend_execute_scripts (type=type@entry=8, retval=0x7fffd49bf270, retval@entry=0x0, file_count=-197054432,
file_count@entry=3) at /home/xui/bin/php-7.4.10/Zend/zend.c:1677
#13 0x0000555555a27fe0 in php_execute_script (primary_file=) at /home/xui/bin/php-7.4.10/main/main.c:2621
#14 0x0000555555b129f2 in do_cli (argc=2, argv=0x55555677ef30) at /home/xui/bin/php-7.4.10/sapi/cli/php_cli.c:964
#15 0x000055555579ca88 in main (argc=2, argv=0x55555677ef30) at /home/xui/bin/php-7.4.10/sapi/cli/php_cli.c:1359
(gdb) list
1250 } while (0);
1251 #endif
1252
1253 if (EXPECTED(heap->free_slot[bin_num] != NULL)) {
1254 zend_mm_free_slot p = heap->free_slot[bin_num];
1255 heap->free_slot[bin_num] = p->next_free_slot;
1256 return (void
)p;
1257 } else {
1258 return zend_mm_alloc_small_slow(heap, bin_num ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
1259 }
Current Memory Usage: 439296 bytesCurrent Memory Usage (with PHP's overhead): 2097152 bytesPeak Memory Usage: 580224 bytesPeak Memory Usage (with PHP's overhead): 2097152 bytesPHP Memory Limit: 512MAvailable System Memory: 114394400 kB

Segmentation fault (core dumped)

@Jeckerson
Copy link
Member

Could you provide code example where it occurs?

@tecworks-dev
Copy link
Author

tecworks-dev commented Sep 13, 2023

hi i have put the code here
https://github.com/vital121/test/tree/main
seems to happen at various places if i comment out one line that seems to cause it then it seems to move to another line in a differnet function
for instance if you uncomment line
805 from functions.zep //print_r("self::license" . self::license); it doesnt core dump
when line 806 print_r(self::license); runs

@JWprogrammer
Copy link

Hello.
Yes, I too have been facing this problem for two years now. The problem has been in many different versions of Zephir. Including the latest one.
Issue opener has already provided a code.

My case is the same:

  1. I use some compiled functions of a Zephir extension in PHP code
  2. I then continue to execute the normal PHP code (no longer calling Zephir), and a "Segmentation fault" error is displayed.
  3. I completely remove (or comment) the piece of PHP code where this error appears, and replace it with different code. The same error begins to occur on a different piece of code. This is happening specifically after using Zephir

@JWprogrammer
Copy link

JWprogrammer commented Oct 2, 2023

Two years ago I temporarily solved the problem by running Zephir function calls in a separate PHP script, running another PHP instance by shell_exec and passing call parameters and return value via base64encode(serialize($value)) 🙄🙄

But now I am facing this problem again.
@Jeckerson, thank you in advance 🙏

@tecworks-dev
Copy link
Author

code is here
https://github.com/vital121/test/tree/main

@tecworks-dev
Copy link
Author

@Jeckerson did you see code?

@JWprogrammer
Copy link

Hi. Is there any news on this issue?
This is a very serious bug that makes the possibility of using Zephir in production projects questionable.

The problem has been in many different versions of Zephir. Including the latest one 0.17.0
Thank you in advance, @sergeyklay @andresgutierrez @Jeckerson @ovr @carvajaldiazeduar @niden @AlexNDRmac

@JWprogrammer
Copy link

Look at my description of the problem above: #2411 (comment)

@Jeckerson
Copy link
Member

Jeckerson commented Aug 21, 2024

@JWprogrammer try with development branch please. And please provide:

  • Zephir and PHP code examples
  • PHP version

@Jeckerson Jeckerson self-assigned this Aug 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants