search

facebook / hhvm

A virtual machine for executing programs written in Hack.
https://hhvm.com
Other
18.19k stars 3k forks source link

[ Crash ] Curling an https url from a universal deb segfaults #9189

Closed lexidor closed 2 years ago

lexidor commented 2 years ago

Describe the bug \curl_exec() segfaults when given an https url when running in a universal deb.

Standalone code, or other way to reproduce the problem

<<__EntryPoint>>
function my_main(): void {
  curl_and_print_length('http://example.com');
  curl_and_print_length('https://example.com');
}

function curl_and_print_length(string $url): void {
  $ch = \curl_init($url);
  \curl_setopt($ch, CURLOPT_RETURNTRANSFER, "1");
  $res = \curl_exec($ch);
  invariant($res is string, "Curl exec did not return a string");
  echo \strlen($res)."\n\n";
}

Steps to reproduce the behavior:

  1. Install a universal deb of hhvm (the release specific doesn't break).
  2. Execute hhvm --no-config file.hack
  3. Observe segfault

Expected behavior

Script should print two positive integers and exit gracefully.

Actual behavior

$ hhvm --no-config file.hack 
1256

Core dumped: Segmentation fault
Stack trace in /tmp/stacktrace.7261.log
Segmentation fault (core dumped)

Environment

Additional context The stacktrace.\d+.log file is not very meaningful. It is not possible to install hhvm-dbg when using universal debs.

Thread 1 "hhvm" received signal SIGSEGV, Segmentation fault.
0x00000000032d80ab in HPHP::CurlResource::ssl_ctx_callback(void*, void*, void*) ()
(gdb) thread apply all bt

Thread 2 (LWP 7921):
#0  0x00007ffff3f5185c in sigtimedwait () from /nix/store/fz54faknl123dimzz6jsppw193lx2mip-glibc-2.35-163/lib/libc.so.6
#1  0x00007ffff3f50f7c in sigwait () from /nix/store/fz54faknl123dimzz6jsppw193lx2mip-glibc-2.35-163/lib/libc.so.6
#2  0x0000000003d7e4b7 in HPHP::(anonymous namespace)::handle_signals(void*) ()
#3  0x00007ffff3f9be86 in start_thread () from /nix/store/fz54faknl123dimzz6jsppw193lx2mip-glibc-2.35-163/lib/libc.so.6
#4  0x00007ffff4021e14 in clone () from /nix/store/fz54faknl123dimzz6jsppw193lx2mip-glibc-2.35-163/lib/libc.so.6

Thread 1 (LWP 7899):
#0  0x00000000032d80ab in HPHP::CurlResource::ssl_ctx_callback(void*, void*, void*) ()
#1  0x00007ffff5bd8a91 in ossl_connect_step1 () from /nix/store/g2ha6rdlbswqicpf9k971vs2ddjyccmh-curl-7.84.0/lib/libcurl.so.4
#2  0x00007ffff5bdb5b7 in ossl_connect_common () from /nix/store/g2ha6rdlbswqicpf9k971vs2ddjyccmh-curl-7.84.0/lib/libcurl.so.4
#3  0x00007ffff5bdc6d7 in Curl_ssl_connect_nonblocking () from /nix/store/g2ha6rdlbswqicpf9k971vs2ddjyccmh-curl-7.84.0/lib/libcurl.so.4
#4  0x00007ffff5b954f6 in Curl_http_connect () from /nix/store/g2ha6rdlbswqicpf9k971vs2ddjyccmh-curl-7.84.0/lib/libcurl.so.4
#5  0x00007ffff5bad124 in multi_runsingle () from /nix/store/g2ha6rdlbswqicpf9k971vs2ddjyccmh-curl-7.84.0/lib/libcurl.so.4
#6  0x00007ffff5bae28e in curl_multi_perform () from /nix/store/g2ha6rdlbswqicpf9k971vs2ddjyccmh-curl-7.84.0/lib/libcurl.so.4
#7  0x00007ffff5b85a03 in curl_easy_perform () from /nix/store/g2ha6rdlbswqicpf9k971vs2ddjyccmh-curl-7.84.0/lib/libcurl.so.4
#8  0x00000000032d5236 in HPHP::CurlResource::execute() ()
#9  0x00000000032dadbe in HPHP::f_curl_exec(HPHP::Resource const&) ()
#10 0x0000000008c00d8c in ?? ()
#11 0x0000000008c0005f in ?? ()
#12 0x0000000008aea6e0 in ?? ()
#13 0x0000000000000000 in ?? ()
Atry commented 2 years ago

I can reproduce the crash by running the test at hphp/test/slow/ext_curl/curl_close_in_callback.php

Atry commented 2 years ago

9191