php (interpreter): SIGSEV on ZEND_MM_IS_FREE_BLOCK(next_block)
ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
php (interpreter): SIGSEV on ZEND_MM_IS_FREE_BLOCK(next_block)
Hi!
I'm hacking the PHP interpreter. I want it to be able to get files that I have loaded into memory.
I create the php_streams by hand for them inside PHPAPI php_stream *_php_stream_fopen_with_path (in plain_wrapper.c).
The problem I'm facing is that I get a SIGSEV here:
Code:
Program received signal SIGSEGV, Segmentation fault.
_zend_mm_free_int (heap=0x84241d8, p=0x85197c0) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_alloc.c:1978
1978 if (ZEND_MM_IS_FREE_BLOCK(next_block)) {
(gdb) backtrace
#0 _zend_mm_free_int (heap=0x84241d8, p=0x85197c0) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_alloc.c:1978
#1 0x082adcd0 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (execute_data=0xbfffcbdc) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_vm_execute.h:2111
#2 0x082ec658 in execute (op_array=0x84e4e5c) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_vm_execute.h:92
#3 0x082adc34 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (execute_data=0xbfffcd1c) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_vm_execute.h:2104
#4 0x082ec658 in execute (op_array=0x84e4bf4) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_vm_execute.h:92
#5 0x08285089 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend.c:1134
#6 0x082421ff in php_execute_script (primary_file=0xbffff0d4) at /home/antoranz/Descargas/php/php-5.2.17/main/main.c:2036
#7 0x080884c7 in main (argc=2, argv=0xbffff1f4) at /home/antoranz/Descargas/php/php-5.2.17/sapi/cli/php_cli.c:1165
By the way, this is php 5.2.17 (I will move my hacks to later versions when we move our php code base to those later versions).
Keep in mind I'm probably been not the most neat guy in order to create the php_stream I use to read the file from memory so perhaps I'm skipping a needed step in that regard.
Following this guide from php [a]https://bugs.php.net/bugs-generating-backtrace.php[/a] I have found that in the last execute(), the value they print in debug is 0x0:
Code:
Program received signal SIGSEGV, Segmentation fault.
_zend_mm_free_int (heap=0x84241d8, p=0x85197c0) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_alloc.c:1978
1978 if (ZEND_MM_IS_FREE_BLOCK(next_block)) {
(gdb) backtrace
#0 _zend_mm_free_int (heap=0x84241d8, p=0x85197c0) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_alloc.c:1978
#1 0x082adcd0 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (execute_data=0xbfffcbdc) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_vm_execute.h:2111
#2 0x082ec658 in execute (op_array=0x84e4e5c) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_vm_execute.h:92
#3 0x082adc34 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (execute_data=0xbfffcd1c) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_vm_execute.h:2104
#4 0x082ec658 in execute (op_array=0x84e4bf4) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_vm_execute.h:92
#5 0x08285089 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend.c:1134
#6 0x082421ff in php_execute_script (primary_file=0xbffff0d4) at /home/antoranz/Descargas/php/php-5.2.17/main/main.c:2036
#7 0x080884c7 in main (argc=2, argv=0xbffff1f4) at /home/antoranz/Descargas/php/php-5.2.17/sapi/cli/php_cli.c:1165
(gdb) frame 2
#2 0x082ec658 in execute (op_array=0x84e4e5c) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_vm_execute.h:92
92 if (EX(opline)->handler(&execute_data TSRMLS_CC) > 0) {
(gdb) print (char *)(executor_globals.function_state_ptr->function)->common.function_name
$1 = 0x0
_malloc/_efree? Now I get a sigsegv but in a different spot:
Code:
(gdb) backtrace
#0 0xb7d4b2c0 in ?? () from /lib/i386-linux-gnu/libc.so.6
#1 0x08253408 in _php_stream_read (stream=0x84e5078, buf=0x8b004e8 "", size=8192) at /usr/include/i386-linux-gnu/bits/string3.h:52
#2 0x08296ff1 in zend_stream_read (file_handle=0xbfffcbd8, buf=0x8b004e8 "", len=8192) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_stream.c:121
#3 0x08266f99 in yy_get_next_buffer () at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_language_scanner.c:5850
#4 lex_scan (zendlval=0xbfffc97c) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_language_scanner.c:5685
#5 0x08274f3f in zendlex (zendlval=0xbfffc978) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_compile.c:4196
#6 0x08260d4f in zendparse () at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_language_parser.c:2946
#7 0x082652cf in compile_file (file_handle=0xbfffcbd8, type=8) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_language_scanner.c:3420
#8 0x08264d0e in compile_filename (type=8, filename=0x84e4d8c) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_language_scanner.c:3465
#9 0x082ade58 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (execute_data=0xbfffcd1c) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_vm_execute.h:2074
#10 0x082ec728 in execute (op_array=0x84e4bf4) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend_vm_execute.h:91
#11 0x08285159 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/antoranz/Descargas/php/php-5.2.17/Zend/zend.c:1134
#12 0x08242296 in php_execute_script (primary_file=0xbffff0d4) at /home/antoranz/Descargas/php/php-5.2.17/main/main.c:2052
#13 0x080884b7 in main (argc=2, argv=0xbffff1f4) at /home/antoranz/Descargas/php/php-5.2.17/sapi/cli/php_cli.c:1165
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.