Uploaded image for project: 'PHP Legacy Driver'
  1. PHP Legacy Driver
  2. PHP-1413

Driver segfaults with SSL connection and no context options

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 1.6.5
    • Fix Version/s: 1.6.6
    • Component/s: pecl-mongo
    • Labels:
    • Environment:
    • # Replies:
      4
    • Last comment by Customer:
      true

      Description

      Driver crashs with "ssl => true" connection.

      Valgrind output:

      root@mdb30:~# valgrind php -n -dextension=mongo.so mongo.tutorial.php
      ==16976== Memcheck, a memory error detector
      ==16976== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
      ==16976== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright info
      ==16976== Command: php -n -dextension=mongo.so mongo.tutorial.php
      ==16976== 
      ==16976== Invalid read of size 8
      ==16976==    at 0x6A7A4E: php_stream_context_get_option (in /usr/bin/php5)
      ==16976==    by 0x7975276: php_mongo_io_stream_connect (io_stream.c:186)
      ==16976==    by 0x798542A: mongo_connection_create (connections.c:88)
      ==16976==    by 0x7987643: mongo_get_connection_single (manager.c:94)
      ==16976==    by 0x79878E0: mongo_get_connection_multiple (manager.c:411)
      ==16976==    by 0x79886FD: mongo_get_read_write_connection (manager.c:553)
      ==16976==    by 0x795F8C1: php_mongo_connect (mongoclient.c:357)
      ==16976==    by 0x796009D: php_mongo_ctor (mongoclient.c:571)
      ==16976==    by 0x6DDA0A: dtrace_execute_internal (in /usr/bin/php5)
      ==16976==    by 0x79DA64: ??? (in /usr/bin/php5)
      ==16976==    by 0x717797: execute_ex (in /usr/bin/php5)
      ==16976==    by 0x6DD908: dtrace_execute_ex (in /usr/bin/php5)
      ==16976==  Address 0x8 is not stack'd, malloc'd or (recently) free'd
      ==16976== 
      ==16976== 
      ==16976== Process terminating with default action of signal 11 (SIGSEGV)
      ==16976==  Access not within mapped region at address 0x8
      ==16976==    at 0x6A7A4E: php_stream_context_get_option (in /usr/bin/php5)
      ==16976==    by 0x7975276: php_mongo_io_stream_connect (io_stream.c:186)
      ==16976==    by 0x798542A: mongo_connection_create (connections.c:88)
      ==16976==    by 0x7987643: mongo_get_connection_single (manager.c:94)
      ==16976==    by 0x79878E0: mongo_get_connection_multiple (manager.c:411)
      ==16976==    by 0x79886FD: mongo_get_read_write_connection (manager.c:553)
      ==16976==    by 0x795F8C1: php_mongo_connect (mongoclient.c:357)
      ==16976==    by 0x796009D: php_mongo_ctor (mongoclient.c:571)
      ==16976==    by 0x6DDA0A: dtrace_execute_internal (in /usr/bin/php5)
      ==16976==    by 0x79DA64: ??? (in /usr/bin/php5)
      ==16976==    by 0x717797: execute_ex (in /usr/bin/php5)
      ==16976==    by 0x6DD908: dtrace_execute_ex (in /usr/bin/php5)
      ==16976==  If you believe this happened as a result of a stack
      ==16976==  overflow in your program's main thread (unlikely but
      ==16976==  possible), you can try to increase the size of the
      ==16976==  main thread stack using the --main-stacksize= flag.
      ==16976==  The main thread stack size used in this run was 10485760.
      ==16976== 
      ==16976== HEAP SUMMARY:
      ==16976==     in use at exit: 3,607,507 bytes in 18,143 blocks
      ==16976==   total heap usage: 19,398 allocs, 1,255 frees, 3,836,272 bytes allocated
      ==16976== 
      ==16976== LEAK SUMMARY:
      ==16976==    definitely lost: 0 bytes in 0 blocks
      ==16976==    indirectly lost: 0 bytes in 0 blocks
      ==16976==      possibly lost: 0 bytes in 0 blocks
      ==16976==    still reachable: 3,607,507 bytes in 18,143 blocks
      ==16976==         suppressed: 0 bytes in 0 blocks
      ==16976== Rerun with --leak-check=full to see details of leaked memory
      ==16976== 
      ==16976== For counts of detected and suppressed errors, rerun with: -v
      ==16976== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
      

      Speicherzugriffsfehler

      gdb Output:

      root@mdb30:~# gdb --args php mongo.tutorial.php
      GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1
      Copyright (C) 2014 Free Software Foundation, Inc.
      License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
      and "show warranty" for details.
      This GDB was configured as "x86_64-linux-gnu".
      Type "show configuration" for configuration details.
      For bug reporting instructions, please see:
      <http://www.gnu.org/software/gdb/bugs/>.
      Find the GDB manual and other documentation resources online at:
      <http://www.gnu.org/software/gdb/documentation/>.
      For help, type "help".
      Type "apropos word" to search for commands related to "word"...
      Reading symbols from php...(no debugging symbols found)...done.
      (gdb) run
      Starting program: /usr/bin/php mongo.tutorial.php
      [Thread debugging using libthread_db enabled]
      Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
       
      Program received signal SIGSEGV, Segmentation fault.
      0x00000000006a7a4e in php_stream_context_get_option ()
      (gdb) bt full
      #0  0x00000000006a7a4e in php_stream_context_get_option ()
      No symbol table info available.
      #1  0x00007ffff2a67277 in php_mongo_io_stream_connect (manager=0x10bbd00, server=0x1166460, options=0x1166b78, error_message=0x7fffffffa9f0) at /opt/src/mongo-php-driver/io_stream.c:186
              zcert = 0x7c
              crypto_enabled = 1
              errmsg = 0x11664b0 "127.0.0.1"
              errcode = 0
              stream = 0x1166be0
              hash = <optimized out>
              ctimeout = {tv_sec = 60, tv_usec = 0}
              dsn = 0x7ffff7fdf080 ""
              dsn_len = <optimized out>
              tcp_socket = 1
              error_handler = {handling = EH_NORMAL, exception = 0x0, user_handler = 0x0}
      #2  0x00007ffff2a7742b in mongo_connection_create (manager=manager@entry=0x10bbd00, hash=hash@entry=0x1166940 "127.0.0.1:27017;-;.;17467", server_def=server_def@entry=0x1166460, options=options@entry=0x1166b78, error_message=error_message@entry=0x7fffffffa9f0) at /opt/src/mongo-php-driver/mcon/connections.c:88
              tmp = 0x11664f0
      #3  0x00007ffff2a79644 in mongo_get_connection_single (manager=manager@entry=0x10bbd00, server=0x1166460, options=options@entry=0x1166b78, connection_flags=connection_flags@entry=9, error_message=error_message@entry=0x7fffffffa9f0) at /opt/src/mongo-php-driver/mcon/manager.c:94
              hash = 0x1166940 "127.0.0.1:27017;-;.;17467"
              con = 0x0
              blacklist = <optimized out>
      #4  0x00007ffff2a798e1 in mongo_get_connection_multiple (manager=manager@entry=0x10bbd00, servers=servers@entry=0x1166970, connection_flags=connection_flags@entry=9, error_message=error_message@entry=0x7fffffffab68) at /opt/src/mongo-php-driver/mcon/manager.c:411
              ismaster_error = 0
              con_error_message = 0x0
              con = 0x0
              tmp = <optimized out>
              collection = 0x0
              tmp_rp = {type = 0, tagset_count = 0, tagsets = 0x0}
              i = 0
              found_connected_server = 0
              messages = 0x11664d0
              found_supported_wire_version = 1
      #5  0x00007ffff2a7a6fe in mongo_get_read_write_connection (manager=0x10bbd00, servers=0x1166970, connection_flags=9, error_message=error_message@entry=0x7fffffffab68) at /opt/src/mongo-php-driver/mcon/manager.c:553
      No locals.
      #6  0x00007ffff2a518c2 in php_mongo_connect (link=<optimized out>, flags=<optimized out>) at /opt/src/mongo-php-driver/mongoclient.c:357
              con = <optimized out>
              error_message = 0x0
      #7  0x00007ffff2a5209e in php_mongo_ctor (ht=<optimized out>, return_value=<optimized out>, return_value_ptr=<optimized out>, this_ptr=<optimized out>, return_value_used=<optimized out>, bc=<optimized out>) at /opt/src/mongo-php-driver/mongoclient.c:571
              server = 0x7ffff7edc858 "mongodb://127.0.0.1:27017"
              server_len = 25
              connect = 1 '\001'
              options = 0x7ffff7fdefc0
              slave_okay = <optimized out>
              zdoptions = 0x0
              link = 0x7ffff7fdfd08
              opt_entry = 0x7ffff7fdef80
              opt_key = 0x7ffff7edc8c0 "ssl"
              error = <optimized out>
              error_message = 0x0
              opt_key_len = 4
              num_key = 0
              pos = 0x0
      #8  0x00000000006dda0b in dtrace_execute_internal ()
      No symbol table info available.
      #9  0x000000000079da65 in ?? ()
      No symbol table info available.
      #10 0x0000000000717798 in execute_ex ()
      No symbol table info available.
      #11 0x00000000006dd909 in dtrace_execute_ex ()
      No symbol table info available.
      #12 0x00000000006ef390 in zend_execute_scripts ()
      No symbol table info available.
      #13 0x000000000068f275 in php_execute_script ()
      No symbol table info available.
      #14 0x000000000079fa3e in ?? ()
      No symbol table info available.
      #15 0x0000000000461e10 in main ()
      No symbol table info available.
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              bjori Hannes Magnusson
              Reporter:
              Bodenhaltung Bodenhaltung [X]
              Participants:
              Last commenter:
              Alexander Golin Alexander Golin
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since reply:
                6 years, 4 weeks, 3 days ago
                Date of 1st Reply: