Bug 1152738 - [abrt] php-fpm: zend_std_object_get_class_name(): php-fpm killed by SIGSEGV
Summary: [abrt] php-fpm: zend_std_object_get_class_name(): php-fpm killed by SIGSEGV
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: php-xcache
Version: 21
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Remi Collet
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:b4f06cdffb67ab94e280b615a6b...
: 1238879 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-10-14 20:13 UTC by Mikhail
Modified: 2015-07-04 07:53 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-11-04 14:27:28 UTC


Attachments (Terms of Use)
File: backtrace (18.31 KB, text/plain)
2014-10-14 20:14 UTC, Mikhail
no flags Details
File: cgroup (194 bytes, text/plain)
2014-10-14 20:14 UTC, Mikhail
no flags Details
File: core_backtrace (3.63 KB, text/plain)
2014-10-14 20:14 UTC, Mikhail
no flags Details
File: dso_list (10.64 KB, text/plain)
2014-10-14 20:14 UTC, Mikhail
no flags Details
File: environ (318 bytes, text/plain)
2014-10-14 20:14 UTC, Mikhail
no flags Details
File: exploitable (82 bytes, text/plain)
2014-10-14 20:14 UTC, Mikhail
no flags Details
File: limits (1.29 KB, text/plain)
2014-10-14 20:14 UTC, Mikhail
no flags Details
File: maps (55.74 KB, text/plain)
2014-10-14 20:14 UTC, Mikhail
no flags Details
File: open_fds (384 bytes, text/plain)
2014-10-14 20:14 UTC, Mikhail
no flags Details
File: proc_pid_status (939 bytes, text/plain)
2014-10-14 20:14 UTC, Mikhail
no flags Details
File: var_log_messages (14.86 KB, text/plain)
2014-10-14 20:14 UTC, Mikhail
no flags Details
xcache.patch (1.18 KB, text/plain)
2014-10-15 06:26 UTC, Remi Collet
no flags Details
xcache.patch (1.35 KB, text/plain)
2014-10-15 07:42 UTC, Remi Collet
no flags Details

Description Mikhail 2014-10-14 20:13:56 UTC
Description of problem:
Running this script twice:

<?php
	if(xcache_isset('boroda')) $a = xcache_get('boroda'); else $a = array();
	print_r($a);
	$db = new PDO('mysql:dbname=BPLnew;unix_socket=/var/lib/mysql/mysql.sock','root','');
	$a[] = $db->query("SELECT 1");
	xcache_set('boroda', $a, 3000);
?>

leads to crash

Version-Release number of selected component:
php-fpm-5.6.1-1.fc21

Additional info:
reporter:       libreport-2.2.3
backtrace_rating: 4
cmdline:        'php-fpm: pool mikhail' '' '' '' '' '' '' '' '' '' ''
crash_function: zend_std_object_get_class_name
executable:     /usr/sbin/php-fpm
kernel:         3.17.0-301.fc21.x86_64+debug
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 zend_std_object_get_class_name at /usr/src/debug/php-5.6.1/Zend/zend_object_handlers.c:1536
 #1 zend_print_zval_r_ex at /usr/src/debug/php-5.6.1/Zend/zend.c:420
 #2 print_hash at /usr/src/debug/php-5.6.1/Zend/zend.c:184
 #3 zend_print_zval_r_ex at /usr/src/debug/php-5.6.1/Zend/zend.c:409
 #4 zend_print_zval_r at /usr/src/debug/php-5.6.1/Zend/zend.c:395
 #5 zif_print_r at /usr/src/debug/php-5.6.1/ext/standard/basic_functions.c:5527
 #6 dtrace_execute_internal at /usr/src/debug/php-5.6.1/Zend/zend_dtrace.c:97
 #7 zend_do_fcall_common_helper_SPEC at /usr/src/debug/php-5.6.1/Zend/zend_vm_execute.h:560
 #8 execute_ex at /usr/src/debug/php-5.6.1/Zend/zend_vm_execute.h:363
 #9 dtrace_execute_ex at /usr/src/debug/php-5.6.1/Zend/zend_dtrace.c:73

Comment 1 Mikhail 2014-10-14 20:14:02 UTC
Created attachment 947022 [details]
File: backtrace

Comment 2 Mikhail 2014-10-14 20:14:04 UTC
Created attachment 947023 [details]
File: cgroup

Comment 3 Mikhail 2014-10-14 20:14:05 UTC
Created attachment 947024 [details]
File: core_backtrace

Comment 4 Mikhail 2014-10-14 20:14:07 UTC
Created attachment 947025 [details]
File: dso_list

Comment 5 Mikhail 2014-10-14 20:14:08 UTC
Created attachment 947026 [details]
File: environ

Comment 6 Mikhail 2014-10-14 20:14:09 UTC
Created attachment 947027 [details]
File: exploitable

Comment 7 Mikhail 2014-10-14 20:14:11 UTC
Created attachment 947028 [details]
File: limits

Comment 8 Mikhail 2014-10-14 20:14:13 UTC
Created attachment 947029 [details]
File: maps

Comment 9 Mikhail 2014-10-14 20:14:15 UTC
Created attachment 947030 [details]
File: open_fds

Comment 10 Mikhail 2014-10-14 20:14:16 UTC
Created attachment 947031 [details]
File: proc_pid_status

Comment 11 Mikhail 2014-10-14 20:14:18 UTC
Created attachment 947032 [details]
File: var_log_messages

Comment 12 Remi Collet 2014-10-15 06:24:59 UTC
First, this is not a PHP bug, so re-affecting to XCache.

Sorry but your code doesn't have any sense. You should not cache the query (PDOStatement) but the result of the Query.


Despite, XCache should not crash, and properly detect the error.

If you try 
   $a = $db->query("SELECT 1");
It will raise a fatal error
   Fatal error: xcache_set(): Objects cannot be stored in the variable cache.
   Use serialize before xcache_set in

But with 
  $a[] = $db->query("SELECT 1");
Xcache is unable to detect that the value cannot be cached.

Comment 13 Remi Collet 2014-10-15 06:26:10 UTC
Created attachment 947099 [details]
xcache.patch

This patch seems to solve this issue anc correctly raise a fatal error with an array of objects.

Need to get upstream feedback.

Comment 14 Remi Collet 2014-10-15 06:31:36 UTC
Upstream report: https://groups.google.com/forum/#!topic/xcache/vwlzkQBkeHI

Comment 15 Remi Collet 2014-10-15 07:42:03 UTC
Created attachment 947116 [details]
xcache.patch

Improve previous, protect against recursion

Comment 16 Remi Collet 2014-11-04 14:27:28 UTC
Closing as workaround (good code) exists, and this but have be reported upstream with a patch proposal. 

Even if it seems, upstream don't care of segfault on bad code.

Comment 17 Remi Collet 2015-07-04 07:53:35 UTC
*** Bug 1238879 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.