search

zephir-lang / zephir

Zephir is a compiled high-level language aimed to ease the creation of C-extensions for PHP
https://zephir-lang.com
MIT License
3.3k stars 466 forks source link

seg fault when i do several calls to zephir functions #2411

Open tecworks-dev opened 1 year ago

tecworks-dev commented 1 year ago

Hi

Im getting seg fault core dump when i run several

The issue persists across various PHP versions and the latest Zephir version. Compiling with debug isn't an option because the ionCube loader doesn't support it, and other script functions rely on ionCube. The problem seems to be related to memory overwrites, as indicated by the issue being resolved when using USE_ZEND_ALLOC=0. Interestingly, reducing the code size or commenting out any single functions prevents the segmentation fault from occurring.

zend_mm_alloc_small (bin_num=5, heap=0x7ffff4400040) at /home/xui/bin/php-7.4.10/Zend/zend_alloc.c:1255 1255 heap->free_slot[bin_num] = p->next_free_slot; 1: x/i $pc => 0x555555a74ea8 <_emalloc+104>: mov (%rax),%rcx (gdb) list 1250 } while (0); 1251 #endif 1252 1253 if (EXPECTED(heap->free_slot[bin_num] != NULL)) { 1254 zend_mm_free_slot p = heap->free_slot[bin_num]; 1255 heap->free_slot[bin_num] = p->next_free_slot; 1256 return (void)p; 1257 } else { 1258 return zend_mm_alloc_small_slow(heap, bin_num ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); 1259 } (gdb) bt

0 zend_mm_alloc_small (bin_num=5, heap=0x7ffff4400040) at /home/xui/bin/php-7.4.10/Zend/zend_alloc.c:1255

1 zend_mm_alloc_heap (size=, heap=0x7ffff4400040) at /home/xui/bin/php-7.4.10/Zend/zend_alloc.c:1326

2 _emalloc (size=) at /home/xui/bin/php-7.4.10/Zend/zend_alloc.c:2539

3 0x00007ffff469b4a6 in zephir_concat_vv.constprop () from /home/xui/bin/php/lib/php/extensions/no-debug-non-zts-20190902/xui.so

4 0x00007ffff46af595 in zim_Xui_Functions_loggerrr4 () from /home/xui/bin/php/lib/php/extensions/no-debug-non-zts-20190902/xui.so

5 0x0000555555a8b5c7 in zend_call_function (fci=0x7fffffffa3c0, fci_cache=0x7fffffffa3a0) at /home/xui/bin/php-7.4.10/Zend/zend_execute_API.c:826

6 0x00007ffff4691993 in zephir_call_user_function.constprop () from /home/xui/bin/php/lib/php/extensions/no-debug-non-zts-20190902/xui.so

7 0x00007ffff46a9cc2 in zephir_call_class_method_aparams () from /home/xui/bin/php/lib/php/extensions/no-debug-non-zts-20190902/xui.so

8 0x00007ffff469f8ba in zim_Xui_Functions_connect () from /home/xui/bin/php/lib/php/extensions/no-debug-non-zts-20190902/xui.so

9 0x0000555555b20c4e in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER () at /home/xui/bin/php-7.4.10/Zend/zend_vm_execute.h:1730

10 execute_ex (ex=0x7ffff4400040) at /home/xui/bin/php-7.4.10/Zend/zend_vm_execute.h:53772

11 0x0000555555b220ad in zend_execute (op_array=0x7ffff44722a0, return_value=0x0) at /home/xui/bin/php-7.4.10/Zend/zend_vm_execute.h:57864

12 0x0000555555a9a05c in zend_execute_scripts (type=type@entry=8, retval=0x7fffd498ffc0, retval@entry=0x0, file_count=-197054432, file_count@entry=3) at /home/xui/bin/php-7.4.10/Zend/zend.c:1677

13 0x0000555555a3b2b0 in php_execute_script (primary_file=) at /home/xui/bin/php-7.4.10/main/main.c:2621

14 0x0000555555b241f2 in do_cli (argc=2, argv=0x55555677e910) at /home/xui/bin/php-7.4.10/sapi/cli/php_cli.c:964

15 0x000055555579f2a8 in main (argc=2, argv=0x55555677e910) at /home/xui/bin/php-7.4.10/sapi/cli/php_cli.c:1359

heres another gdb --args /home/xui/bin/php/bin/php ../../www/getxui.php (gdb) display/i $pc (gdb) run Starting program: /home/xui/bin/php/bin/php ../../www/getxui.php [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7fffd33bb700 (LWP 1633712)] [Thread 0x7fffd33bb700 (LWP 1633712) exited] Thread 1 "php" received signal SIGSEGV, Segmentation fault. zend_mm_alloc_small (bin_num=5, heap=0x7ffff4400040) at /home/xui/bin/php-7.4.10/Zend/zend_alloc.c:1255 1255 heap->free_slot[bin_num] = p->next_free_slot; 1: x/i $pc => 0x555555a636a8 <_emalloc+104>: mov (%rax),%rcx (gdb) bt

0 zend_mm_alloc_small (bin_num=5, heap=0x7ffff4400040) at /home/xui/bin/php-7.4.10/Zend/zend_alloc.c:1255

1 zend_mm_alloc_heap (size=, heap=0x7ffff4400040) at /home/xui/bin/php-7.4.10/Zend/zend_alloc.c:1326

2 _emalloc (size=) at /home/xui/bin/php-7.4.10/Zend/zend_alloc.c:2539

3 0x00007ffff46cd266 in zephir_concat_vv.constprop () from /home/xui/bin/php/lib/php/extensions/no-debug-non-zts-20190902/xui.so

4 0x00007ffff46df4d1 in zim_Xui_Functions_loggerrr4 () from /home/xui/bin/php/lib/php/extensions/no-debug-non-zts-20190902/xui.so

5 0x0000555555a79dc7 in zend_call_function (fci=0x7fffffffa3e0, fci_cache=0x7fffffffa3c0) at /home/xui/bin/php-7.4.10/Zend/zend_execute_API.c:826

6 0x00007ffff46c3973 in zephir_call_user_function.constprop () from /home/xui/bin/php/lib/php/extensions/no-debug-non-zts-20190902/xui.so

7 0x00007ffff46d7002 in zephir_call_class_method_aparams () from /home/xui/bin/php/lib/php/extensions/no-debug-non-zts-20190902/xui.so

8 0x00007ffff46d00aa in zim_Xui_Functions_connect () from /home/xui/bin/php/lib/php/extensions/no-debug-non-zts-20190902/xui.so

9 0x0000555555b0f44e in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER () at /home/xui/bin/php-7.4.10/Zend/zend_vm_execute.h:1730

10 execute_ex (ex=0x7ffff4400040) at /home/xui/bin/php-7.4.10/Zend/zend_vm_execute.h:53772

11 0x0000555555b108ad in zend_execute (op_array=0x7ffff44732a0, return_value=0x0) at /home/xui/bin/php-7.4.10/Zend/zend_vm_execute.h:57864

12 0x0000555555a8885c in zend_execute_scripts (type=type@entry=8, retval=0x7fffd49bf270, retval@entry=0x0, file_count=-197054432,

file_count@entry=3) at /home/xui/bin/php-7.4.10/Zend/zend.c:1677

13 0x0000555555a27fe0 in php_execute_script (primary_file=) at /home/xui/bin/php-7.4.10/main/main.c:2621

14 0x0000555555b129f2 in do_cli (argc=2, argv=0x55555677ef30) at /home/xui/bin/php-7.4.10/sapi/cli/php_cli.c:964

15 0x000055555579ca88 in main (argc=2, argv=0x55555677ef30) at /home/xui/bin/php-7.4.10/sapi/cli/php_cli.c:1359

(gdb) list 1250 } while (0); 1251 #endif 1252 1253 if (EXPECTED(heap->free_slot[bin_num] != NULL)) { 1254 zend_mm_free_slot p = heap->free_slot[bin_num]; 1255 heap->free_slot[bin_num] = p->next_free_slot; 1256 return (void)p; 1257 } else { 1258 return zend_mm_alloc_small_slow(heap, bin_num ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); 1259 } Current Memory Usage: 439296 bytesCurrent Memory Usage (with PHP's overhead): 2097152 bytesPeak Memory Usage: 580224 bytesPeak Memory Usage (with PHP's overhead): 2097152 bytesPHP Memory Limit: 512MAvailable System Memory: 114394400 kB

Segmentation fault (core dumped)

Jeckerson commented 1 year ago

Could you provide code example where it occurs?

tecworks-dev commented 1 year ago

hi i have put the code here https://github.com/vital121/test/tree/main seems to happen at various places if i comment out one line that seems to cause it then it seems to move to another line in a differnet function for instance if you uncomment line 805 from functions.zep //print_r("self::license" . self::license); it doesnt core dump when line 806 print_r(self::license); runs

JWprogrammer commented 1 year ago

Hello. Yes, I too have been facing this problem for two years now. The problem has been in many different versions of Zephir. Including the latest one. Issue opener has already provided a code.

My case is the same: 1) I use some compiled functions of a Zephir extension in PHP code 2) I then continue to execute the normal PHP code (no longer calling Zephir), and a "Segmentation fault" error is displayed. 3) I completely remove (or comment) the piece of PHP code where this error appears, and replace it with different code. The same error begins to occur on a different piece of code. This is happening specifically after using Zephir

JWprogrammer commented 1 year ago

Two years ago I temporarily solved the problem by running Zephir function calls in a separate PHP script, running another PHP instance by shell_exec and passing call parameters and return value via base64encode(serialize($value)) 🙄🙄

But now I am facing this problem again. @Jeckerson, thank you in advance 🙏

tecworks-dev commented 1 year ago

code is here https://github.com/vital121/test/tree/main

tecworks-dev commented 1 year ago

@Jeckerson did you see code?

JWprogrammer commented 3 months ago

Hi. Is there any news on this issue? This is a very serious bug that makes the possibility of using Zephir in production projects questionable.

The problem has been in many different versions of Zephir. Including the latest one 0.17.0 Thank you in advance, @sergeyklay @andresgutierrez @Jeckerson @ovr @carvajaldiazeduar @niden @AlexNDRmac

JWprogrammer commented 3 months ago

Look at my description of the problem above: https://github.com/zephir-lang/zephir/issues/2411#issuecomment-1742733213

Jeckerson commented 3 months ago

@JWprogrammer try with development branch please. And please provide: