Uploaded image for project: 'PHP Driver: Extension'
  1. PHP Driver: Extension
  2. PHPC-940

php_phongo_free_ssl_opt() attempts to free interned strings

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor - P4
    • Resolution: Fixed
    • Affects Version/s: 1.2.8
    • Fix Version/s: 1.2.9
    • Labels:
      None
    • Environment:
      php-7.1.3, Ubuntu 14.04.5 LTS

      Description

      Original title: Segfault with ""cafile" => false" as stream_context_create option

      gdb result:

      Starting program: /usr/bin/php /root/debug-segfault.php                                                                                                                                             [1/4995]
      [Thread debugging using libthread_db enabled]
      Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
       
      Program received signal SIGSEGV, Segmentation fault.
      0x000055555579260a in _efree ()
      (gdb) bt full
      #0  0x000055555579260a in _efree ()
      No symbol table info available.
      #1  0x00007fffe9d809eb in php_phongo_free_ssl_opt (ssl_opt=0x7ffff5e8b2a0) at /tmp/pear/temp/mongodb/php_phongo.c:1387
      No locals.
      #2  phongo_manager_init (manager=manager@entry=0x7ffff5e55270, uri_string=0x7ffff5e7e068 "mongodb://php7dev:27010,php7dev:27020,php7dev:27030/", options=<optimized out>, driverOptions=<optimized out>)
          at /tmp/pear/temp/mongodb/php_phongo.c:1631
              hash = <optimized out>
              hash_len = 387
              bson_options = {flags = 3, len = 115,
                padding = "s\000\000\000\002username\000\b\000\000\000USER\000\002password\000\031\000\000\000PW\000\bssl\000\001\002replicaSet\000\004\000\000\000rs0\000\002authSource\
      000\a\000\000\000DB\000\000\000\000\000\000"}
              uri = 0x555555de6af0
              ssl_opt = 0x7ffff5e8b2a0
              iter = {raw = 0x0, len = 0, off = 114, type = 114, key = 115, d1 = 0, d2 = 0, d3 = 0, d4 = 0, next_off = 0, err_off = 0, value = {value_type = 4125487648, padding = 32767, value = {v_oid = {
                      bytes = "'\225\336\367\377\177\000\000\001\000\000"}, v_int64 = 140737351947559, v_int32 = -136407769, v_int8 = 39 '\'', v_double = 6.9533490683957554e-310, v_bool = 39,
                    v_datetime = 140737351947559, v_timestamp = {timestamp = 4158559527, increment = 32767}, v_utf8 = {str = 0x7ffff7de9527 <_dl_fixup+247> "H\211\305d\213\004%\030", len = 1}, v_doc = {
                      data = 0x7ffff7de9527 <_dl_fixup+247> "H\211\305d\213\004%\030", data_len = 1}, v_binary = {data = 0x7ffff7de9527 <_dl_fixup+247> "H\211\305d\213\004%\030", data_len = 1,
                      subtype = BSON_SUBTYPE_BINARY}, v_regex = {regex = 0x7ffff7de9527 <_dl_fixup+247> "H\211\305d\213\004%\030", options = 0x1 <error: Cannot access memory at address 0x1>}, v_dbpointer = {
                      collection = 0x7ffff7de9527 <_dl_fixup+247> "H\211\305d\213\004%\030", collection_len = 1, oid = {bytes = '\000' <repeats 11 times>}}, v_code = {
                      code = 0x7ffff7de9527 <_dl_fixup+247> "H\211\305d\213\004%\030", code_len = 1}, v_codewscope = {code = 0x7ffff7de9527 <_dl_fixup+247> "H\211\305d\213\004%\030",
                      scope_data = 0x1 <error: Cannot access memory at address 0x1>, code_len = 0, scope_len = 0}, v_symbol = {symbol = 0x7ffff7de9527 <_dl_fixup+247> "H\211\305d\213\004%\030", len = 1},
                    v_decimal128 = {low = 140737351947559, high = 1}}}}
      #3  0x00007fffe9d8d85d in zim_Manager___construct (execute_data=<optimized out>, return_value=<optimized out>) at /tmp/pear/temp/mongodb/src/MongoDB/Manager.c:195
              error_handling = {handling = EH_NORMAL, exception = 0x0, user_handler = {value = {lval = 0, dval = 0, counted = 0x0, str = 0x0, arr = 0x0, obj = 0x0, res = 0x0, ref = 0x0, ast = 0x0, zv = 0x0,
                    ptr = 0x0, ce = 0x0, func = 0x0, ww = {w1 = 0, w2 = 0}}, u1 = {v = {type = 0 '\000', type_flags = 0 '\000', const_flags = 0 '\000', reserved = 0 '\000'}, type_info = 0}, u2 = {
                    next = 32767, cache_slot = 32767, lineno = 32767, num_args = 32767, fe_pos = 32767, fe_iter_idx = 32767, access_flags = 32767, property_guard = 32767, extra = 32767}}}
              uri_string = 0x7ffff5e7e068 "mongodb://php7dev:27010,php7dev:27020,php7dev:27030/"
              uri_string_len = 52
              options = 0x7ffff5e13380
              driverOptions = 0x7ffff5e13390
      #4  0x000055555584d426 in ?? ()
      No symbol table info available.
      #5  0x00005555557fc23b in execute_ex ()
      No symbol table info available.
      #6  0x000055555584f174 in zend_execute ()
      No symbol table info available.
      #7  0x00005555557b71e4 in zend_execute_scripts ()
      No symbol table info available.
      #8  0x0000555555756638 in php_execute_script ()
      No symbol table info available.
      #9  0x0000555555851369 in ?? ()
      No symbol table info available.
      #10 0x000055555563dadf in main ()
      

      And debug-segfault.php:

      <?php
       
      require '/var/www/xyz/htdocs/includes/vendor/autoload.php';
       
      try {
              $sslContext = stream_context_create(array("ssl" => array("verify_peer" => false, "verify_peer_name" => false, "allow_self_signed" => true, "cafile" => false)));
       
              $m = new MongoDB\Client(
                      'mongodb://php7dev:27010,php7dev:27020,php7dev:27030/',
                      [
                              'username'               => "USER",
                              'password'               => "PW",
                              'ssl'                    => true,
                              'replicaSet'             => "rs0",
                              'authSource'             => "DB",
              ],
              [
                              'context' => $sslContext,
                              'typeMap' => ['root' => 'array', 'document' => 'array', 'array' => 'array']
              ]
      );
      }
      catch (MongoConnectionException $e) {
              trigger_error($e, E_USER_NOTICE);
              die('Error connecting to DB');
      }
      catch (MongoException $e) {
              die('Error: ' . $e->getMessage());
      }
      

      Without the "cafile" option it works fine.

      Best regards,

      Norbert

        Attachments

          Activity

            People

            Assignee:
            jmikola Jeremy Mikola
            Reporter:
            Bodenhaltung Bodenhaltung [X]
            Participants:
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: