Bug #62661 [Ver->Csd]: Interactive php-cli crashes if include() is used in auto_prepend_file

[laruence]

Edit report at https://bugs.php.net/bug.php?id=62661&edit=1

 ID:                 62661
 Updated by:         larue...@php.net
 Reported by:        pierre at guinoiseau dot eu
 Summary:            Interactive php-cli crashes if include() is used in
                     auto_prepend_file
-Status:             Verified
+Status:             Closed
 Type:               Bug
 Package:            Reproducible crash
 Operating System:   FreeBSD / Ubuntu
 PHP Version:        5.4.5
-Assigned To:        
+Assigned To:        laruence
 Block user comment: N
 Private report:     N

 New Comment:

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.




Previous Comments:
------------------------------------------------------------------------
[2012-07-26 04:43:04] larue...@php.net

Automatic comment on behalf of laruence
Revision: 
http://git.php.net/?p=php-src.git;a=commit;h=b4b3a65f5518803c4a3bca34ac67e139b2547133
Log: Fixed bug #62661 (Interactive php-cli crashes if include() is used in 
auto_prepend_file)

------------------------------------------------------------------------
[2012-07-26 04:42:05] larue...@php.net

Automatic comment on behalf of laruence
Revision: 
http://git.php.net/?p=php-src.git;a=commit;h=b4b3a65f5518803c4a3bca34ac67e139b2547133
Log: Fixed bug #62661 (Interactive php-cli crashes if include() is used in 
auto_prepend_file)

------------------------------------------------------------------------
[2012-07-26 01:47:43] ahar...@php.net

Verified on a current 5.4 build.

Backtrace for the prepend_segfault.php case:

#0  0x0000000000a423d6 in ZEND_DO_FCALL_SPEC_CONST_HANDLER 
(execute_data=0x7ffff7f7b240)
    at /home/adam/trees/php-src/5.4/Zend/zend_vm_execute.h:2209
#1  0x0000000000a3935d in execute (op_array=0x7ffff7fb3920)
    at /home/adam/trees/php-src/5.4/Zend/zend_vm_execute.h:410
#2  0x00000000009e5d5a in execute_new_code ()
    at /home/adam/trees/php-src/5.4/Zend/zend_execute_API.c:1322
#3  0x00000000009932cc in zendparse () at 
/home/adam/trees/php-src/5.4/Zend/zend_language_parser.y:218
#4  0x000000000099b1af in compile_file (file_handle=0x7fffffffa620, type=2)
    at Zend/zend_language_scanner.l:582
#5  0x00000000007335b1 in phar_compile_file (file_handle=0x7fffffffa620, type=2)
    at /home/adam/trees/php-src/5.4/ext/phar/phar.c:3391
#6  0x000000000099b367 in compile_filename (type=2, filename=0x7ffff7fb2ca8)
    at Zend/zend_language_scanner.l:625
#7  0x0000000000a432e7 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER 
(execute_data=0x7ffff7f7b0e8)
    at /home/adam/trees/php-src/5.4/Zend/zend_vm_execute.h:2592
#8  0x0000000000a3935d in execute (op_array=0x7ffff7fb1d40)
    at /home/adam/trees/php-src/5.4/Zend/zend_vm_execute.h:410
#9  0x00000000009f8d57 in zend_execute_scripts (type=8, retval=0x0, 
file_count=3)
    at /home/adam/trees/php-src/5.4/Zend/zend.c:1279
#10 0x000000000095f0e1 in php_execute_script (primary_file=0x7fffffffce60)
    at /home/adam/trees/php-src/5.4/main/main.c:2473
#11 0x0000000000b4b9c7 in do_cli (argc=5, argv=0x7fffffffe248)
    at /home/adam/trees/php-src/5.4/sapi/cli/php_cli.c:988
#12 0x0000000000b4cc4a in main (argc=5, argv=0x7fffffffe248)
    at /home/adam/trees/php-src/5.4/sapi/cli/php_cli.c:1364

prepend_twotimes.php executes as described for me (with the double output from 
prepend_twotimes.php itself), then blocks on a read() syscall. The strace 
output is at https://gist.github.com/852ba3b100a4a7437e53

------------------------------------------------------------------------
[2012-07-25 16:12:20] pierre at guinoiseau dot eu

Description:
------------
Hello,

this bug may be related to bug #49000. php-cli crashes in interactive mode if 
you do an include() in auto_prepend_file. An example will explain it better 
(see 
test scripts):
  % php -d auto_prepend_file=prepend.php -a
  Interactive mode enabled
  
  test 1
  test 2
  Ran out of opcode space!
  You should probably consider writing this huge script into a file!

This was tested with PHP 5.4.5 (from ports) on FreeBSD 8.1 and PHP 5.4.4 (from 
Debian Git repository) on Ubuntu 12.04.

No error if the include file is missing (only the usual warning).

Also, I got another very weird case...
The provided prepend_segfault.php segfaults instead of the error above:
  % php -d auto_prepend_file=prepend_segfault.php -a
  Interactive shell
  
  test 1
  zsh: segmentation fault (core dumped)  php -d 
auto_prepend_file=prepend_segfault.php -a

But there is no segfault and no errors if I remove "$toto = 1".

If I replace one (or both) if/elseif conditions with true or false, it execute 
the script 2 times instead on 5.4.4 (and it segfaults on 5.4.5):
% php -d auto_prepend_file=prepend_towtimes.php -a
  Interactive shell
  
  test 1
  test 1 bis
  test 1
  test 1 bis
  test 2
  php > 

Of course if I remove the include() line, everything is back to normal.

Something is very wrong, isn't it? :)

Test script:
---------------
// prepend.php => weird error
<?php
echo "test 1\n";
include("include.php");
?>

// include.php
<?php
echo "test 2\n";
?>

// prepend_segfault.php => segfaults
<?php
$toto = 1;
if (php_sapi_name() == "cli") {
} elseif (php_sapi_name() == 'fpm-fcgi') {
}
echo "test 1\n";
include("include.php");
?>

// prepend_towtimes.php => script is executed two times (5.4.4) or segfaults 
(5.4.5)
<?php
$toto = 1;
if (true) {
} elseif (false) {
}
echo "test 1\n";
echo "test 1 bis\n";
include("include.php");
?>


Expected result:
----------------
No weird behaviour and not segfaults when I use include() in an 
auto_prepend_file 
in interactive mode.



------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=62661&edit=1