Segmentation fault after switching to last zephir version `Phalcon\Http\Request::getLanguages()`

[michanismus]

Expected and Actual Behavior

A segmentation fault is thrown for Phalcon\Http\Request::getLanguages(). Broken tree (I guess) and all after... https://github.com/phalcon/zephir/tree/6607edf26d7974662de27c68d24553e4ee4def0c (Variable::isComplex())

For me the last working tree is https://github.com/phalcon/zephir/tree/d5b5eca2c7522723c092d44e7a2eeaf17f13173d (Introduce alternative frames)

Can somebody confirm!?

Here is a core dump

Reading symbols from /usr/bin/php...(no debugging symbols found)...done.

warning: core file may not match specified executable file.
[New LWP 24599]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `php /srv/data/htdocs/xxx/index.php'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00000000006cf2f8 in ?? ()
(gdb) bt
#0  0x00000000006cf2f8 in ?? ()
#1  0x00007f3e491bc16a in zim_Phalcon_Http_Request__getQualityHeader () from /usr/lib/php5/20131226/phalcon.so
#2  0x00000000006e812a in dtrace_execute_internal ()
#3  0x00007f3e49355efe in zephir_call_user_function () from /usr/lib/php5/20131226/phalcon.so
#4  0x00007f3e4935d2f0 in zephir_call_class_method_aparams () from /usr/lib/php5/20131226/phalcon.so
#5  0x00007f3e491b62dc in zim_Phalcon_Http_Request_getLanguages () from /usr/lib/php5/20131226/phalcon.so
#6  0x00000000006e812a in dtrace_execute_internal ()
#7  0x00000000007a8b10 in ?? ()
#8  0x0000000000736e60 in execute_ex ()
#9  0x00000000006e7fc8 in dtrace_execute_ex ()
#10 0x00000000006fabb0 in zend_execute_scripts ()
#11 0x0000000000695dd0 in php_execute_script ()
#12 0x00000000007aaacb in ?? ()
#13 0x0000000000462c6d in main ()
(gdb)

Expected content for var $l (see script)

array:3 [
0 => array:2 [
"language" => "de"
"quality" => 1.0
]
1 => array:2 [
"language" => "en-US"
"quality" => 0.8
]
2 => array:2 [
"language" => "en"
"quality" => 0.6
]
]

Provide minimal script to reproduce the issue

<?php

$_SERVER["HTTP_ACCEPT_LANGUAGE"] = "de,en-US;q=0.8,en;q=0.6";
$r = new \Phalcon\Http\Request;
$l = $r->getLanguages();

Details

• Phalcon version: 3.1.2 / 3.2.x
• PHP Version: PHP 5.6.30-0+deb8u1 (cli) (built: Feb 8 2017 08:50:21)
• Operating System: Linux bdb8e7d51018 3.16.0-4-amd64 #1 SMP Debian 3.16.39-1+deb8u2 (2017-03-07) x86_64 GNU/Linux
• Installation type: Compiling from source
• Zephir version (if any): see description
• Server: Nginx
• Other related info (Database, table schema): none

[sergeyklay]

@michanismus Did you try the commit-sha ff769131f3751b590da702e3c7595411c07b0919? See current Phalcon's composer.json

[sergeyklay]

Cc: @sjinks

[michanismus]

@sergeyklay ff769131f3751b590da702e3c7595411c07b0919 works fine, no segfault. @sjinks Latest commit still produces segfault

[sjinks]

@michanismus yes, I have identified the source of the segmentation fault but I have to wait until Travis fixes the issue with build logs :-(

[sjinks]

@michanismus could you please apply this patch (to the latest master) and check if the code works?

diff --git a/Library/Backends/ZendEngine2/Backend.php b/Library/Backends/ZendEngine2/Backend.php
index fe2be80..0aa1f41 100644
--- a/Library/Backends/ZendEngine2/Backend.php
+++ b/Library/Backends/ZendEngine2/Backend.php
@@ -348,11 +348,6 @@ class Backend extends BaseBackend

         /* Initialize default values in dynamic variables */
         foreach ($variables as $variable) {
-            if (!$this->isZE3() && $variable->isComplex() && $variable->isLocalOnly() && $variable->mustInitNull()) {
-                $codePrinter->output('zephir_memory_observe_alt(&' . $variable->getName() . ' TSRMLS_CC);');
-                $compilationContext->symbolTable->mustGrownStack(true);
-            }
-
             /**
              * Initialize 'dynamic' variables with default values
              */

[michanismus]

@sjinks I'll try - give you an update within some minutes...

[michanismus]

@sjinks Nope - still segfault...

[sjinks]

Program received signal SIGSEGV, Segmentation fault.
_zend_mm_free_int (heap=0x555556443b90, p=0x7fffe22fd3db) at /tmp/php-build/source/5.6.30/Zend/zend_alloc.c:2104
2104            if (ZEND_MM_IS_FREE_BLOCK(next_block)) {
(gdb) bt
#0  _zend_mm_free_int (heap=0x555556443b90, p=0x7fffe22fd3db) at /tmp/php-build/source/5.6.30/Zend/zend_alloc.c:2104
#1  0x00007fffe1a2ab16 in _zval_dtor (zvalue=0x7fffffffa170) at /.phpenv/versions/5.6.30-zts-release/include/php/Zend/zend_variables.h:35
#2  zim_Phalcon_Http_Request__getQualityHeader (ht=2, return_value=0x7ffff7fc8d60, return_value_ptr=0x7ffff7f930f0, this_ptr=0x7ffff7fc5fe0, return_value_used=1, tsrm_ls=0x5555564435f0) at /opt/cphalcon/ext/phalcon/http/request.zep.c:2398
#3  0x00007fffe1782198 in zephir_call_function_opt (fci=0x7fffffffa670, fci_cache=0x7fffffffa640, info=0x7fffffffa7c0, tsrm_ls=0x5555564435f0) at /opt/cphalcon/ext/kernel/extended/fcall.c:1318
#4  0x00007fffe177a160 in zephir_call_user_function (object_pp=0x7fffffffa780, obj_ce=0x5555568a6e70, type=zephir_fcall_method, function_name=0x0, retval_ptr_ptr=0x7ffff7f930f0, cache_entry=0x0, cache_slot=244, param_count=2, params=0x7fffffffa980, info=0x7fffffffa7c0,
    tsrm_ls=0x5555564435f0) at /opt/cphalcon/ext/kernel/fcall.c:569
#5  0x00007fffe177a92c in zephir_call_class_method_aparams (return_value_ptr=0x7ffff7f930f0, ce=0x5555568a6e70, type=zephir_fcall_method, object=0x7ffff7fc5fe0, method_name=0x7fffe22fd2e3 "_getqualityheader", method_len=17, cache_entry=0x0, cache_slot=244,
    param_count=2, params=0x7fffffffa980, tsrm_ls=0x5555564435f0) at /opt/cphalcon/ext/kernel/fcall.c:822
#6  0x00007fffe1a1070b in zephir_return_call_class_method (return_value=0x7ffff7fc8d60, return_value_ptr=0x7ffff7f930f0, ce=0x5555568a6e70, type=zephir_fcall_method, object=0x7ffff7fc5fe0, method_name=0x7fffe22fd2e3 "_getqualityheader", method_len=17, cache_entry=0x0,
    cache_slot=244, param_count=2, params=0x7fffffffa980, tsrm_ls=0x5555564435f0) at ./kernel/fcall.h:600
#7  0x00007fffe1a2895a in zim_Phalcon_Http_Request_getLanguages (ht=0, return_value=0x7ffff7fc8d60, return_value_ptr=0x7ffff7f930f0, this_ptr=0x7ffff7fc5fe0, return_value_used=1, tsrm_ls=0x5555564435f0) at /opt/cphalcon/ext/phalcon/http/request.zep.c:2228
#8  0x0000555555b67f8e in zend_do_fcall_common_helper_SPEC (execute_data=<optimized out>, tsrm_ls=0x5555564435f0) at /tmp/php-build/source/5.6.30/Zend/zend_vm_execute.h:558
#9  0x0000555555aed09b in execute_ex (execute_data=0x7ffff7f93208, tsrm_ls=0x5555564435f0) at /tmp/php-build/source/5.6.30/Zend/zend_vm_execute.h:363
#10 0x0000555555aaccf1 in zend_execute_scripts (type=type@entry=8, tsrm_ls=tsrm_ls@entry=0x5555564435f0, retval=retval@entry=0x0, file_count=file_count@entry=3) at /tmp/php-build/source/5.6.30/Zend/zend.c:1341
#11 0x0000555555a38cea in php_execute_script (primary_file=0x7fffffffcfb0, tsrm_ls=0x5555564435f0) at /tmp/php-build/source/5.6.30/main/main.c:2613
#12 0x0000555555b69d2b in do_cli (argc=2, argv=0x555556414e60, tsrm_ls=0x5555564435f0) at /tmp/php-build/source/5.6.30/sapi/cli/php_cli.c:998
#13 0x0000555555668520 in main (argc=2, argv=0x555556414e60) at /tmp/php-build/source/5.6.30/sapi/cli/php_cli.c:1382

[sjinks]

@michanismus could you please try this one in addition to the previous one?

diff --git a/kernels/ZendEngine2/memory.h b/kernels/ZendEngine2/memory.h
index 70b7c63..0b9f433 100644
--- a/kernels/ZendEngine2/memory.h
+++ b/kernels/ZendEngine2/memory.h
@@ -81,11 +81,7 @@ void zephir_deinitialize_memory(TSRMLS_D);
                ZVAL_NULL(&z);      \
        } while (0)

-#define ZEPHIR_SINIT_NVAR(z) \
-       do {                     \
-               zval_dtor(&z);       \
-               INIT_PZVAL(&z);      \
-       } while (0)
+#define ZEPHIR_SINIT_NVAR(z) Z_SET_REFCOUNT_P(&z, 1)

 #define ZEPHIR_INIT_ZVAL_NREF(z) \
        do {                         \

[michanismus]

@sjinks Both patches applied - no segfault anymore.

[sjinks]

OK, committing this fix to master then

[michanismus]

Ok, thanks! I close this issue...

[sjinks]

phalcon/zephir#1527