Edit report at https://bugs.php.net/bug.php?id=60038&edit=1
ID: 60038 Patch added by: larue...@php.net Reported by: larue...@php.net Summary: SIGALRM cause segfault in php_error_cb Status: Assigned Type: Bug Package: Scripting Engine problem PHP Version: 5.3.8 Assigned To: laruence Block user comment: N Private report: N New Comment: The following patch has been added/updated: Patch Name: bug60038.patch Revision: 1318466568 URL: https://bugs.php.net/patch-display.php?bug=60038&patch=bug60038.patch&revision=1318466568 Previous Comments: ------------------------------------------------------------------------ [2011-10-11 09:31:54] larue...@php.net Assign to myself, if there is no objections in ML, I will apply the patch. ------------------------------------------------------------------------ [2011-10-11 09:27:18] larue...@php.net actully, there are two issue about this segfault I have explained before in my blog: http://www.laruence.com/2011/01/27/1854.html and http://www.laruence.com/2008/12/31/647.html so the point is do you think this is worth fixing? ------------------------------------------------------------------------ [2011-10-11 09:16:19] larue...@php.net The following patch has been added/updated: Patch Name: bug60038.patch Revision: 1318324579 URL: https://bugs.php.net/patch-display.php?bug=60038&patch=bug60038.patch&revision=1318324579 ------------------------------------------------------------------------ [2011-10-11 09:13:55] larue...@php.net Description: ------------ in php_error_cb: freeing PG(last_error_message) and PG(last_error_file) without blocking alarm signal. so there is a chance that php will segfault when max_execution_time limit reachead. since zend_signal was introduced in PHP 5.4, so I think it's okey to add signal block mechanism for this codes. Test script: --------------- <?php error_reporting(E_ALL|E_NOTICE); set_time_limit(1); while(1) { $a = $arr['index_miss']; } ?> do following steps: 1. gdb php 2. b php_error_cb 3. r "above script" 4. when breakpoint reach: 893 if (PG(last_error_message)) { (gdb) 894 free(PG(last_error_message)); 5. signal SIGPROF 6. next (*n) *** glibc detected *** double free or corruption (fasttop): 0x0000000001207ca0 *** Expected result: ---------------- no segfault Actual result: -------------- segfault ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=60038&edit=1