From: aurelijus at astdev dot lt
Operating system: RHEL 6 & Mac OS X 10.7.4
PHP version: 5.4.8
Package: Reproducible crash
Bug Type: Bug
Bug description:Segmentation fault caused by unserialize()
Description:
------------
Hey,
I can reproduce this on my local machine (Mac OS X 10.7.4) & our dev server
(RHEL
6) with PHP 5.4.* (including 5.4.9RC1). With 5.3.* it's fine.
We are trying to unserialize big \Serializable object and it causes the
segmentation fault.
Code example bellow. Serialized object that causes the issue is attached.
PHP Configure:
./configure --prefix=/opt/local --mandir=/opt/local/share/man --
infodir=/opt/local/share/info --program-suffix=54d --
includedir=/opt/local/include/php54d --libdir=/opt/local/lib/php54d
--with-
config-file-path=/opt/local/etc/php54d --with-config-file-scan-
dir=/opt/local/var/db/php54d --disable-all --enable-bcmath --enable-ctype
--
enable-dom --enable-fileinfo --enable-filter --enable-hash --enable-json
--
enable-libxml --enable-pdo --enable-phar --enable-session
--enable-simplexml --
enable-tokenizer --enable-xml --enable-xmlreader --enable-xmlwriter
--with-
bz2=/opt/local --with-mhash=/opt/local --with-pcre-regex=/opt/local
--with-
libxml-dir=/opt/local --with-zlib=/opt/local --without-pear --disable-cgi
--
disable-fpm --enable-cli --with-libedit=/opt/local --enable-debug
Test script:
---------------
<?php
class Token implements \Serializable {
public function serialize()
{}
public function unserialize($str)
{
$r = unserialize($str);
unserialize($r[2]);
}
}
$token = file_get_contents('string2.txt');
$obj = unserialize($token);
?>
Expected result:
----------------
It should not cause segmentation fault.
Actual result:
--------------
Segmentation fault.
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0xffffffffffffffbf
VM Regions Near 0xffffffffffffffbf:
--> shared memory 00007fffffe00000-00007fffffe02000 [ 8K]
r-x/r-x
SM=SHM
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 php54d 0x000000010f75d994 zend_mm_check_ptr + 500
1 php54d 0x000000010f75feed _zend_mm_free_int + 109
2 php54d 0x000000010f761bed _efree + 125
3 php54d 0x000000010f7ea6eb zend_object_std_dtor + 283
4 php54d 0x000000010f7ead20 zend_objects_free_object_storage + 32
5 php54d 0x000000010f7f7dc5 zend_objects_store_free_object_storage +
325
6 php54d 0x000000010f78c977 shutdown_executor + 1335
7 php54d 0x000000010f7a9d1a zend_deactivate + 122
8 php54d 0x000000010f6eb681 php_request_shutdown + 1009
9 php54d 0x000000010f9834c8 do_cli + 7288
10 php54d 0x000000010f984415 main + 3461
11 php54d 0x000000010f3de304 start + 52
--
Edit bug report at https://bugs.php.net/bug.php?id=63481&edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=63481&r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=63481&r=trysnapshot53
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=63481&r=trysnapshottrunk
Fixed in SVN: https://bugs.php.net/fix.php?id=63481&r=fixed
Fixed in release: https://bugs.php.net/fix.php?id=63481&r=alreadyfixed
Need backtrace: https://bugs.php.net/fix.php?id=63481&r=needtrace
Need Reproduce Script: https://bugs.php.net/fix.php?id=63481&r=needscript
Try newer version: https://bugs.php.net/fix.php?id=63481&r=oldversion
Not developer issue: https://bugs.php.net/fix.php?id=63481&r=support
Expected behavior: https://bugs.php.net/fix.php?id=63481&r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=63481&r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=63481&r=submittedtwice
register_globals: https://bugs.php.net/fix.php?id=63481&r=globals
PHP 4 support discontinued: https://bugs.php.net/fix.php?id=63481&r=php4
Daylight Savings: https://bugs.php.net/fix.php?id=63481&r=dst
IIS Stability: https://bugs.php.net/fix.php?id=63481&r=isapi
Install GNU Sed: https://bugs.php.net/fix.php?id=63481&r=gnused
Floating point limitations: https://bugs.php.net/fix.php?id=63481&r=float
No Zend Extensions: https://bugs.php.net/fix.php?id=63481&r=nozend
MySQL Configuration Error: https://bugs.php.net/fix.php?id=63481&r=mysqlcfg
