[go: up one dir, main page]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PHP CLI segfault when INI file is not readable #7883

Closed
milo opened this issue Jan 4, 2022 · 6 comments
Closed

PHP CLI segfault when INI file is not readable #7883

milo opened this issue Jan 4, 2022 · 6 comments
Labels
Bug Category: Engine Status: Verified

Comments

@milo
Copy link
milo commented Jan 4, 2022

Description

Redirected there by oerdnj/deb.sury.org#1703

When mods-available INI file, e.g. /etc/php/8.1/mods-available/opcache.ini, has no sufficient permission to read by user, PHP CLI ends by segmentation fault.

php8.1[5509]: segfault at 0 ip 00007f4a768c97e4 sp 00007ffdae393780 error 4 in libc-2.28.so[7f4a7687c000+148000]

I've removed INI file permission by mistake and had no glue what happend to CLI scripts.

Steps to reproduce the behavior:

# Probably not needed, this is default after installation
chown root:root /etc/php/8.1/mods-available/opcache.ini

# Remove read permission for others
chmod 640 /etc/php/8.1/mods-available/opcache.ini

# Run php as non-root user
su username -c php8.1

Segmentation fault

Expected behavior
Not segafult. Probably, extension should not be loaded, or emit warning.

Distribution

  • Linux alfa-01 4.19.0-18-amd64 #1 SMP Debian 4.19.208-1 (2021-09-29) x86_64 GNU/Linux
  • OS: Debian 10.11
  • Architecture: amd64
  • Repository: deb https://packages.sury.org/php/ buster main

Last lines of strace:

stat("/etc/php/8.1/cli/conf.d/10-opcache.ini", {st_mode=S_IFREG|0640, st_size=79, ...}) = 0
openat(AT_FDCWD, "/etc/php/8.1/cli/conf.d/10-opcache.ini", O_RDONLY) = -1 EACCES (Permission denied)
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
+++ killed by SIGSEGV +++

PHP Version

PHP 8.1.1

Operating System

Debian 10.11
@provtemp
Copy link
provtemp commented Jan 7, 2022

Introduced by c732ab4#diff-3a12521d1fb28a95d8894ccdd98d1ec238b722eb45e8849624b52bd3c276480e

Crashes through

php-src/main/php_ini.c

Line 699 in 90b7bde

zend_destroy_file_handle(&fh); 

Program terminated with signal 11, Segmentation fault.
#0  _IO_new_fclose (fp=0x0) at iofclose.c:53
53	  if (fp->_IO_file_flags & _IO_IS_FILEBUF)
(gdb) bt
#0  _IO_new_fclose (fp=0x0) at iofclose.c:53
#1  0x000000000077d788 in zend_file_handle_dtor (fh=fh@entry=0x7888caf007b0) at /usr/src/debug/php-8.1.1/Zend/zend_stream.c:217
#2  0x000000000077df80 in zend_destroy_file_handle (file_handle=file_handle@entry=0x7888caf007b0) at /usr/src/debug/php-8.1.1/Zend/zend_stream.c:273
#3  0x00000000006b0c1c in php_init_config () at /usr/src/debug/php-8.1.1/main/php_ini.c:699

@cmb69
Copy link
Member
cmb69 commented Jan 11, 2022

According to @provtemp's comment above, this would be related to #7910.

@remicollet
Copy link
Member

PHP 8.0 is not affected.


$ gdb php81
(gdb) run -i
Program received signal SIGSEGV, Segmentation fault.
(gdb) bt
#0  0x00007ffff76e4c1b in _IO_new_fclose (fp=0x0) at iofclose.c:48
#1  0x0000555555859a60 in zend_file_handle_dtor (fh=0x7fffffffb3e0) at /usr/src/debug/php81-php-8.1.2~RC1-1.fc35.remi.x86_64/Zend/zend_stream.c:217
#2  0x000055555585a096 in zend_destroy_file_handle (file_handle=<optimized out>) at /usr/src/debug/php81-php-8.1.2~RC1-1.fc35.remi.x86_64/Zend/zend_stream.c:273
#3  0x000055555578996c in php_init_config () at /usr/src/debug/php81-php-8.1.2~RC1-1.fc35.remi.x86_64/main/php_ini.c:699
#4  0x0000555555782abc in php_module_startup (sf=<optimized out>, additional_modules=0x0, num_additional_modules=<optimized out>) at /usr/src/debug/php81-php-8.1.2~RC1-1.fc35.remi.x86_64/main/main.c:2191
#5  0x00005555558ce641 in php_cli_startup (sapi_module=<optimized out>) at /usr/src/debug/php81-php-8.1.2~RC1-1.fc35.remi.x86_64/sapi/cli/php_cli.c:409
#6  0x000055555563a9b9 in main (argc=2, argv=0x555555e10c50) at /usr/src/debug/php81-php-8.1.2~RC1-1.fc35.remi.x86_64/sapi/cli/php_cli.c:1334

@remicollet
Copy link
Member

Related to c732ab400af

@@ -693,6 +692,7 @@ int php_init_config(void)
 									zend_llist_add_element(&scanned_ini_list, &p);
 								}
 							}
+							zend_destroy_file_handle(&fh);
 						}
 					}
 					free(namelist[i]);

In previous version, fh was not freed, it is not freed, even if null.

remicollet added a commit to remicollet/php-src that referenced this issue Jan 17, 2022
@remicollet
Fix phpGH-7883 don't close not open file handle
bd25fa0
@remicollet remicollet mentioned this issue Jan 17, 2022
Closed
@remicollet
Copy link
Member

PR #7956 should fix this one

@remicollet remicollet changed the title PHP CLI segafult when INI file is not readable PHP CLI segfault when INI file is not readable Jan 18, 2022
remicollet added a commit that referenced this issue Jan 18, 2022
@remicollet
Merge branch 'PHP-8.1'
ac1c2dc 
* PHP-8.1:
  Fix GH-7883 don't close not open file handle don't create a stream if file is not open
@milo
Copy link
Author
milo commented Jan 18, 2022

Thank you.

@cmb69 cmb69 mentioned this issue Feb 21, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Category: Engine Status: Verified
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@remicollet @milo @cmb69 @provtemp and others