LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 08-06-2012, 10:43 AM   #1
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,982
Blog Entries: 1

Rep: Reputation: 83
php (interpreter): sigsegv with empty backtrace


Hi!

I'm hacking php (the interpreter). I've got it to almost do what I need (getting some php files from memory instead of FS).

Now, the problem is that I'm getting a sigsegv and the backtrace is basically empty:

Code:
Program received signal SIGSEGV, Segmentation fault.
0x0000004d in ?? ()
(gdb) backtrace
#0  0x0000004d in ?? ()
That's when running php from cli. In apache I get the same kind of sigsegv stuff in the error log:

Code:
[Mon Aug 06 10:32:06 2012] [notice] child pid 10088 exit signal Segmentation fault (11)
Could anybody tell me what's going on? Thanks in advance.
 
Old 08-06-2012, 11:14 AM   #2
NevemTeve
Senior Member
 
Registered: Oct 2011
Location: Budapest
Distribution: Debian/GNU/Linux, AIX
Posts: 1,776

Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
You managed to overwrite the stack
 
Old 08-06-2012, 11:17 AM   #3
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,982
Blog Entries: 1

Original Poster
Rep: Reputation: 83
No kidding!
 
Old 08-06-2012, 02:18 PM   #4
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,982
Blog Entries: 1

Original Poster
Rep: Reputation: 83
This has been a great crash course for using gdb. I'm "stepping" and I think I got very close to the moment when the sigsegv is thrown.

I think within the next two or 3 next's the signal is thrown.

Code:
(gdb) bt full
#0  ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (execute_data=0xbfffcbdc) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_vm_execute.h:2143
        opline = <optimized out>
        new_op_array = <optimized out>
        original_return_value = 0xbfffcce4
        return_value_used = 0
        inc_filename = <optimized out>
        tmp_inc_filename = {value = {lval = 7, dval = 5.0055584978380607e-270, str = {val = 0x7 <Address 0x7 out of bounds>, len = 134555584}, ht = 0x7, obj = {handle = 7, 
              handlers = 0x80527c0}}, refcount = 3221211496, type = 116 't', is_ref = 250 '\372'}
        failure_retval = <optimized out>
#1  0x0830eeb8 in execute (op_array=0x8537454) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_vm_execute.h:95
        execute_data = {opline = 0x85377f8, function_state = {function_symbol_table = 0x0, function = 0x8537454, reserved = {0x82759d0, 0x8262010, 0x8262000, 0x0}}, fbc = 0x0, 
          op_array = 0x8537454, object = 0x0, Ts = 0xbfffc940, CVs = 0xbfffc930, original_in_execution = 1 '\001', symbol_table = 0x846fe50, prev_execute_data = 0xbfffcd1c, 
          old_error_reporting = 0x0}
#2  0x082d03e4 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (execute_data=0xbfffcd1c) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_vm_execute.h:2107
        saved_object = 0x0
        saved_function = <optimized out>
        opline = 0x8537368
        new_op_array = 0x8537454
        original_return_value = 0xbfffcda0
        return_value_used = 0
        inc_filename = <optimized out>
        tmp_inc_filename = {value = {lval = 7, dval = 6.3659873732416629e-313, str = {val = 0x7 <Address 0x7 out of bounds>, len = 30}, ht = 0x7, obj = {handle = 7, 
              handlers = 0x1e}}, refcount = 138296164, type = 211 '\323', is_ref = 65 'A'}
        failure_retval = <optimized out>
#3  0x0830eeb8 in execute (op_array=0x85371fc) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_vm_execute.h:95
        execute_data = {opline = 0x8537368, function_state = {function_symbol_table = 0xb7d7b980, function = 0x8537454, reserved = {0x1e, 0xb7c3e758, 0xb7d7b980, 0x83e3b64}}, 
          fbc = 0x0, op_array = 0x85371fc, object = 0x0, Ts = 0xbfffcce0, CVs = 0xbfffccd0, original_in_execution = 0 '\000', symbol_table = 0x846fe50, prev_execute_data = 0x0, 
          old_error_reporting = 0x0}
#4  0x082a780a in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend.c:1140
        files = 0xbfffcde4 ""
        i = <optimized out>
        file_handle = <optimized out>
        orig_op_array = 0x0
        orig_retval_ptr_ptr = 0x0
        local_retval = 0x0
#5  0x082648db in php_execute_script (primary_file=0xbffff0d4) at /home/antoranz/Descargas/php/php-5.2.17/main/main.c:2039
        realfile = "/home/antoranz/proyectos/sanos/repo/local/prueba.php", '\000' <repeats 2004 times>, "Mv\376\267\257˾\267\304\344ܷ", '\000' <repeats 20 times>, "\002\000\000\000F\342ܷ\020\245۷\000\000\000\000\364\357\377\267\024̽\267\n\000\000\000L\251۷\234|\376\267", '\000' <repeats 12 times>, "Mv\376\267-̾\267\033\345ܷ\000\000\000\000L\251۷", '\000' <repeats 12 times>, "\f\000\000\000\220u\202\r\363\003\000\000\000\000\000\000\310(\276\267\310\327\275\267<\235\377\267\070\336\275\267\234|\376\267\000\000\000\000\021\360ķ\000\000\000\000\000\000\000\000\001\000\000\000\021\360ķP\223\275\267X\245۷\341ZܷXq\276\267\270\345۷\001\000\000\000S\325r~I\345ķ\001\000\000\000\020'\000\000H\000\000\000I\345ķx\264"...
        __orig_bailout = 0xbfffef78
        __bailout = {{__jmpbuf = {1, 1, -1073750280, -1073746168, -111239871, 1246479918}, __mask_was_saved = 0, __saved_mask = {__val = {0, 10000, 48, 0, 134633872, 138699680, 
                40, 3083112830, 0, 3082675240, 0, 0, 134888, 3084365812, 3084368416, 3083065202, 3084368416, 3086952096, 138910112, 3083065088, 3084365812, 139639320, 138869736, 
                137425312, 3084368416, 0, 40, 3083148604, 3084365812, 139639320, 138869736, 136752535}}}}
        prepend_file_p = 0x0
        append_file_p = <optimized out>
        prepend_file = {type = 0 '\000', filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0, closer = 0, fteller = 0, 
              interactive = 0}}, free_filename = 0 '\000'}
        append_file = {type = 0 '\000', filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0, closer = 0, fteller = 0, 
              interactive = 0}}, free_filename = 0 '\000'}
        old_cwd = 0xbfffcdf0 ""
        retval = 0
#6  0x0808bc89 in main (argc=2, argv=0xbffff1f4) at /home/antoranz/Descargas/php/php-5.2.17/sapi/cli/php_cli.c:1170
        __orig_bailout = 0x0
        __bailout = {{__jmpbuf = {-1210601484, 110, 2, -1073745576, -115663551, 396177966}, __mask_was_saved = 0, __saved_mask = {__val = {0, 0, 0, 0, 3086906957, 3082734511, 
                134740059, 0, 0, 0, 3086906511, 3086757888, 2, 134639817, 3084625168, 3087003636, 3087003636, 3082673200, 10, 3084626252, 3086908572, 0, 0, 0, 0, 0, 0, 0, 
                3084626252, 0, 0, 0}}}}
        exit_status = 0
        c = <optimized out>
        file_handle = {type = 2 '\002', filename = 0xbffff3c3 "/var/www/sanoslocal/prueba.php", opened_path = 0x0, handle = {fd = 139901480, fp = 0x856ba28, stream = {
              handle = 0x856ba28, reader = 0x82b9500 <zend_stream_stdio_reader>, closer = 0x82b94e0 <zend_stream_stdio_closer>, fteller = 0x82b94d0 <zend_stream_stdio_fteller>, 
              interactive = 0}}, free_filename = 0 '\000'}
        behavior = 1
        reflection_what = 0x0
        orig_optind = 1
        orig_optarg = 0x0
        arg_free = <optimized out>
        arg_excp = <optimized out>
        script_file = <optimized out>
        interactive = <optimized out>
        module_started = 1
        request_started = 1
        lineno = 1
        exec_direct = 0x0
        exec_run = 0x0
        exec_begin = 0x0
        exec_end = 0x0
        param_error = <optimized out>
        hide_argv = 0
        ini_entries_len = <optimized out>
Is frame 0's tmp_inc_filename->value->str->val the problem?
 
Old 08-06-2012, 04:32 PM   #5
NevemTeve
Senior Member
 
Registered: Oct 2011
Location: Budapest
Distribution: Debian/GNU/Linux, AIX
Posts: 1,776

Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
Perhaps. You are the only one who could decide -- but first turn of optimization: -O0
 
Old 08-06-2012, 04:41 PM   #6
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,982
Blog Entries: 1

Original Poster
Rep: Reputation: 83
Well... I'll keep that trick in mind next time I face something like this. It took me some hours but thanks to gdb I was able to get to the place where the brown thing was hitting the fan and I hacked it to support our own PHP hacks (that I think are causing the whole problem).

Thanks for yuor kind help, anyway.
 
  


Reply

Tags
hack, interpreter, php, sigsegv


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
php (interpreter): SIGSEV on ZEND_MM_IS_FREE_BLOCK(next_block) eantoranz Programming 4 08-03-2012 04:23 PM
what is the right way to create debug messages in php (the interpreter itself)? eantoranz Programming 4 08-01-2012 01:13 AM
hacking php (interpreter): undefined reference to `ap_log_error' eantoranz Programming 3 07-31-2012 10:39 AM
How to create a new stream type for php (the interpreter itself) eantoranz Programming 0 07-27-2012 03:34 PM
PHP compile error - bug report needs backtrace - how to do this? jpmad4it Linux - Software 0 02-20-2009 02:17 AM


All times are GMT -5. The time now is 05:19 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration