LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 08-03-2012, 11:05 AM   #1
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,982
Blog Entries: 1

Rep: Reputation: 83
php (interpreter): SIGSEV on ZEND_MM_IS_FREE_BLOCK(next_block)


Hi!

I'm hacking the PHP interpreter. I want it to be able to get files that I have loaded into memory.

I create the php_streams by hand for them inside PHPAPI php_stream *_php_stream_fopen_with_path (in plain_wrapper.c).

The problem I'm facing is that I get a SIGSEV here:

Code:
Program received signal SIGSEGV, Segmentation fault.
_zend_mm_free_int (heap=0x84241d8, p=0x85197c0) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_alloc.c:1978
1978            if (ZEND_MM_IS_FREE_BLOCK(next_block)) {
(gdb) backtrace
#0  _zend_mm_free_int (heap=0x84241d8, p=0x85197c0) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_alloc.c:1978
#1  0x082adcd0 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (execute_data=0xbfffcbdc) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_vm_execute.h:2111
#2  0x082ec658 in execute (op_array=0x84e4e5c) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_vm_execute.h:92
#3  0x082adc34 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (execute_data=0xbfffcd1c) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_vm_execute.h:2104
#4  0x082ec658 in execute (op_array=0x84e4bf4) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_vm_execute.h:92
#5  0x08285089 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend.c:1134
#6  0x082421ff in php_execute_script (primary_file=0xbffff0d4) at /home/antoranz/Descargas/php/php-5.2.17/main/main.c:2036
#7  0x080884c7 in main (argc=2, argv=0xbffff1f4) at /home/antoranz/Descargas/php/php-5.2.17/sapi/cli/php_cli.c:1165
By the way, this is php 5.2.17 (I will move my hacks to later versions when we move our php code base to those later versions).

Keep in mind I'm probably been not the most neat guy in order to create the php_stream I use to read the file from memory so perhaps I'm skipping a needed step in that regard.

Thanks in advance.
 
Old 08-03-2012, 11:18 AM   #2
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,982
Blog Entries: 1

Original Poster
Rep: Reputation: 83
Following this guide from php [a]https://bugs.php.net/bugs-generating-backtrace.php[/a] I have found that in the last execute(), the value they print in debug is 0x0:

Code:
Program received signal SIGSEGV, Segmentation fault.
_zend_mm_free_int (heap=0x84241d8, p=0x85197c0) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_alloc.c:1978
1978            if (ZEND_MM_IS_FREE_BLOCK(next_block)) {
(gdb) backtrace
#0  _zend_mm_free_int (heap=0x84241d8, p=0x85197c0) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_alloc.c:1978
#1  0x082adcd0 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (execute_data=0xbfffcbdc) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_vm_execute.h:2111
#2  0x082ec658 in execute (op_array=0x84e4e5c) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_vm_execute.h:92
#3  0x082adc34 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (execute_data=0xbfffcd1c) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_vm_execute.h:2104
#4  0x082ec658 in execute (op_array=0x84e4bf4) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_vm_execute.h:92
#5  0x08285089 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend.c:1134
#6  0x082421ff in php_execute_script (primary_file=0xbffff0d4) at /home/antoranz/Descargas/php/php-5.2.17/main/main.c:2036
#7  0x080884c7 in main (argc=2, argv=0xbffff1f4) at /home/antoranz/Descargas/php/php-5.2.17/sapi/cli/php_cli.c:1165
(gdb) frame 2
#2  0x082ec658 in execute (op_array=0x84e4e5c) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_vm_execute.h:92
92                      if (EX(opline)->handler(&execute_data TSRMLS_CC) > 0) {
(gdb) print (char *)(executor_globals.function_state_ptr->function)->common.function_name
$1 = 0x0
What does that mean?
 
Old 08-03-2012, 03:53 PM   #3
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,982
Blog Entries: 1

Original Poster
Rep: Reputation: 83
What does mm_block represent?

Code:
(gdb) print size
$21 = 1936877892
(gdb) print mm_block
$22 = (zend_mm_block *) 0x85197b8
(gdb) print *mm_block
$23 = {info = {_size = 1936877894, _prev = 2036473972}}
Is it important that there is a difference between size and mm_block->info._size?
 
Old 08-03-2012, 04:06 PM   #4
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,982
Blog Entries: 1

Original Poster
Rep: Reputation: 83
I'm wondering.... in order to create my dynamic structures I'm using malloc. Do I have to use a different function to allocate memory in php?

Thanks in advance.
 
Old 08-03-2012, 04:23 PM   #5
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,982
Blog Entries: 1

Original Poster
Rep: Reputation: 83
_malloc/_efree? Now I get a sigsegv but in a different spot:

Code:
(gdb) backtrace
#0  0xb7d4b2c0 in ?? () from /lib/i386-linux-gnu/libc.so.6
#1  0x08253408 in _php_stream_read (stream=0x84e5078, buf=0x8b004e8 "", size=8192) at /usr/include/i386-linux-gnu/bits/string3.h:52
#2  0x08296ff1 in zend_stream_read (file_handle=0xbfffcbd8, buf=0x8b004e8 "", len=8192) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_stream.c:121
#3  0x08266f99 in yy_get_next_buffer () at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_language_scanner.c:5850
#4  lex_scan (zendlval=0xbfffc97c) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_language_scanner.c:5685
#5  0x08274f3f in zendlex (zendlval=0xbfffc978) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_compile.c:4196
#6  0x08260d4f in zendparse () at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_language_parser.c:2946
#7  0x082652cf in compile_file (file_handle=0xbfffcbd8, type=8) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_language_scanner.c:3420
#8  0x08264d0e in compile_filename (type=8, filename=0x84e4d8c) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_language_scanner.c:3465
#9  0x082ade58 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (execute_data=0xbfffcd1c) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_vm_execute.h:2074
#10 0x082ec728 in execute (op_array=0x84e4bf4) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_vm_execute.h:91
#11 0x08285159 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend.c:1134
#12 0x08242296 in php_execute_script (primary_file=0xbffff0d4) at /home/antoranz/Descargas/php/php-5.2.17/main/main.c:2052
#13 0x080884b7 in main (argc=2, argv=0xbffff1f4) at /home/antoranz/Descargas/php/php-5.2.17/sapi/cli/php_cli.c:1165
 
  


Reply

Tags
hack, interpreter, php, php_stream, sigsev


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
what is the right way to create debug messages in php (the interpreter itself)? eantoranz Programming 4 08-01-2012 01:13 AM
hacking php (interpreter): undefined reference to `ap_log_error' eantoranz Programming 3 07-31-2012 10:39 AM
How to create a new stream type for php (the interpreter itself) eantoranz Programming 0 07-27-2012 03:34 PM
/usr/bin/php: bad interpreter :::what install to avoid this message. Thank you sarajevo Linux - Software 1 09-23-2005 09:38 AM
Kopete-Strange sigsev issue sumguy231 Linux - Software 0 12-28-2004 03:43 PM


All times are GMT -5. The time now is 12:41 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration