search

krakjoe / apcu

APCu - APC User Cache
Other
957 stars 193 forks source link

segmentation fault when calling phpinfo() in ZTS builds #493

Open dunglas opened 1 year ago

dunglas commented 1 year ago

Calling phpinfo(); in a script with ZTS builds causes segmentation faults.

Here is the GDB backtrace:

#0  0x0000fffff7fa9128 in strlen () from /lib/ld-musl-aarch64.so.1
#1  0x00000000004259d8 in smart_str_appends (
    src=0x100000001 <error: Cannot access memory at address 0x100000001>, dest=0xffffb08e7f08)
    at /static-php-cli/source/php-src/Zend/zend_smart_str.h:176
#2  zm_info_apcu (zend_module=0x21f04e0 <apcu_module_entry>)
    at /static-php-cli/source/php-src/ext/apcu/php_apc.c:189
#3  0x0000000000429e70 in php_print_info (flag=-1) at /static-php-cli/source/php-src/ext/standard/info.c:967
#4  0x0000000000a77af0 in zif_phpinfo (execute_data=<optimized out>, return_value=0xffffb08e8078)
    at /static-php-cli/source/php-src/ext/standard/info.c:1286
#5  0x00000000007e4c78 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER ()
    at /static-php-cli/source/php-src/Zend/zend_vm_execute.h:1250
#6  execute_ex (ex=<optimized out>) at /static-php-cli/source/php-src/Zend/zend_vm_execute.h:56040
#7  0x00000000007ef9a4 in zend_execute (op_array=0xffffb0671000, return_value=0x0)
    at /static-php-cli/source/php-src/Zend/zend_vm_execute.h:60408
#8  0x00000000007769ec in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, 
    file_count=file_count@entry=3) at /static-php-cli/source/php-src/Zend/zend.c:1827
#9  0x0000000000729da0 in php_execute_script (primary_file=0x0)
    at /static-php-cli/source/php-src/main/main.c:2557
#10 0x0000000000720b40 in frankenphp_execute_script ()
#11 0x000000000071ecb4 in _cgo_a58bc83e1d24_Cfunc_frankenphp_execute_script ()
#12 0x00000000004992bc in runtime.asmcgocall () at /usr/local/go/src/runtime/asm_arm64.s:974
#13 0x0000004000082680 in ?? ()
#14 0x0000ffffb08ea740 in ?? ()
#15 0xf9401bf7a94153f3 in ?? ()

To reproduce, run this FrankenPHP test: https://github.com/dunglas/frankenphp/blob/main/frankenphp_test.go#L335-L336

All other tests pass.

nikic commented 9 months ago

Is this reproducible without FrankenPHP? At least I don't see a crash for a plain phpinfo call with a ZTS build.

The serializer registration mechanism is certainly not thread-safe, but I believe that's fine as it happens in MINIT.

dunglas commented 9 months ago

I don't know if it's reproducible in other contexts. That's not a big issue anyway as just ˋphpinfo()ˋ looks affected.