Uploaded image for project: 'Couchbase PHP client library'
  1. Couchbase PHP client library
  2. PCBC-538

SIGSEGV in php-fpm 7.2.4

    XMLWordPrintable

    Details

      Description

      # php -v
      [cb,WARN] (pcbc/ext L:425) igbinary serializer is not found
      PHP 7.2.4-1+ubuntu16.04.1+deb.sury.org+1 (cli) (built: Apr  5 2018 08:53:57) ( NTS )
      Copyright (c) 1997-2018 The PHP Group
      Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
          with Zend OPcache v7.2.4-1+ubuntu16.04.1+deb.sury.org+1, Copyright (c) 1999-2018, by Zend Technologies
       
      ===========
      couchbase support => enabled
      extension version => 2.4.5
      libcouchbase runtime version => 2.8.6 (git: eac059bc29f7ee60721de86a3b0e0fcec74b021b)
      libcouchbase headers version => 2.8.5 (git: e9c46be209881f7a8c583523a7a58a2dbd88c110)
      igbinary transcoder => disabled (install pecl/igbinary and rebuild pecl/couchbase)
      zlib compressor => enabled
       
      Directive => Local Value => Master Value
      couchbase.decoder.json_arrays => 0 => 0
      couchbase.encoder.compression => off => off
      couchbase.encoder.compression_factor => 0.0 => 0.0
      couchbase.encoder.compression_threshold => 0 => 0
      couchbase.encoder.format => json => json
      couchbase.log_level => WARN => WARN
      couchbase.pool.max_idle_time_sec => 60 => 60
       
      ===================
      # gdb /usr/sbin/php-fpm7.2 /tmp/core-php-fpm7.2.51646
      GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.5) 7.11.1
      Copyright (C) 2016 Free Software Foundation, Inc.
      License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
      and "show warranty" for details.
      This GDB was configured as "x86_64-linux-gnu".
      Type "show configuration" for configuration details.
      For bug reporting instructions, please see:
      <http://www.gnu.org/software/gdb/bugs/>.
      Find the GDB manual and other documentation resources online at:
      <http://www.gnu.org/software/gdb/documentation/>.
      For help, type "help".
      Type "apropos word" to search for commands related to "word"...
      Reading symbols from /usr/sbin/php-fpm7.2...Reading symbols from /usr/lib/debug/.build-id/0f/23263e3254185c7819e503b20e7e8f134c73f5.debug...done.
      done.
      [New LWP 51646]
      [Thread debugging using libthread_db enabled]
      Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
      Core was generated by `php-fpm: pool mobile.bitterstrawberry.org                                    '.
      Program terminated with signal SIGSEGV, Segmentation fault.
      #0  0x00007ff52e48d70d in basic_encoder_v1 (value=<optimized out>, sertype=<optimized out>, cmprtype=0, cmprthresh=0, cmprfactor=0, return_value=return_value@entry=0x7ffc57a3d3c0) at /tmp/pear/temp/couchbase/couchbase.c:530
      530     /tmp/pear/temp/couchbase/couchbase.c: No such file or directory.
      (gdb) bt
      #0  0x00007ff52e48d70d in basic_encoder_v1 (value=<optimized out>, sertype=<optimized out>, cmprtype=0, cmprthresh=0, cmprfactor=0, return_value=return_value@entry=0x7ffc57a3d3c0) at /tmp/pear/temp/couchbase/couchbase.c:530
      #1  0x00007ff52e48db19 in zif_defaultEncoder (execute_data=<optimized out>, return_value=0x7ffc57a3d3c0) at /tmp/pear/temp/couchbase/couchbase.c:954
      #2  0x000055deceb90151 in zend_call_function (fci=fci@entry=0x7ffc57a3d360, fci_cache=0x7ffc57a3d290, fci_cache@entry=0x0) at /build/php7.2-I4OTpW/php7.2-7.2.4/Zend/zend_execute_API.c:833
      #3  0x000055deceb90695 in _call_user_function_ex (object=object@entry=0x0, function_name=function_name@entry=0x7ff53be7f3f8, retval_ptr=retval_ptr@entry=0x7ffc57a3d3c0, param_count=param_count@entry=1, params=<optimized out>,
          no_separation=no_separation@entry=1) at /build/php7.2-I4OTpW/php7.2-7.2.4/Zend/zend_execute_API.c:654
      #4  0x00007ff52e4bbe37 in pcbc_encode_value (bucket=bucket@entry=0x7ff53be7f3f0, value=<optimized out>, bytes=bytes@entry=0x7ffc57a3d488, nbytes=nbytes@entry=0x7ffc57a3d4a0, flags=flags@entry=0x7ffc57a3d508,
          datatype=datatype@entry=0x7ffc57a3d50c "") at /tmp/pear/temp/couchbase/transcoding.c:52
      #5  0x00007ff52e49a854 in zim_Bucket_upsert (execute_data=<optimized out>, return_value=0x7ff53be1c720) at /tmp/pear/temp/couchbase/src/couchbase/bucket/store.c:264
      #6  0x000055decec51e16 in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER () at /build/php7.2-I4OTpW/php7.2-7.2.4/Zend/zend_vm_execute.h:1032
      #7  execute_ex (ex=0x7ff53be00040) at /build/php7.2-I4OTpW/php7.2-7.2.4/Zend/zend_vm_execute.h:59752
      #8  0x000055decec520de in zend_execute (op_array=0x7ff53be701c0, op_array@entry=0x7ff5271fe878, return_value=0x0, return_value@entry=0x7ff53be1c680) at /build/php7.2-I4OTpW/php7.2-7.2.4/Zend/zend_vm_execute.h:63760
      #9  0x000055deceba0973 in zend_execute_scripts (type=type@entry=8, retval=0x7ff53be1c680, retval@entry=0x0, file_count=file_count@entry=3) at /build/php7.2-I4OTpW/php7.2-7.2.4/Zend/zend.c:1496
      #10 0x000055deceb3bbc0 in php_execute_script (primary_file=0x7ffc57a3fd80) at /build/php7.2-I4OTpW/php7.2-7.2.4/main/main.c:2590
      #11 0x000055dece9f2dd9 in main (argc=<optimized out>, argv=<optimized out>) at /build/php7.2-I4OTpW/php7.2-7.2.4/sapi/fpm/fpm/fpm_main.c:1966
      

        Attachments

        For Gerrit Dashboard: PCBC-538
        # Subject Branch Project Status CR V

          Activity

          Hide
          avsej Sergey Avseyev added a comment -

          This is an interesting observation, is it possible to see actual value which is being encoded?

          Show
          avsej Sergey Avseyev added a comment - This is an interesting observation, is it possible to see actual value which is being encoded?
          Hide
          murzick Dumitru added a comment -

          Sergey, apparently the string to be encoded contains an url with query string containing "&currency=USD", which was converted by the browser into "¤cy=USD" and was written to the mysql db this way.

          FYI, this problem is not reproducible in php 5.5.38 with couchbase extension 2.2.4.

          Show
          murzick Dumitru added a comment - Sergey, apparently the string to be encoded contains an url with query string containing "&currency=USD", which was converted by the browser into "¤cy=USD" and was written to the mysql db this way. FYI, this problem is not reproducible in php 5.5.38 with couchbase extension 2.2.4.
          Hide
          avsej Sergey Avseyev added a comment - - edited

          Dumitru, just to clarify, did you call something like that?

          $doc = '&currency=USD';
          $bucket->upsert("mykey", $doc);
          

          Show
          avsej Sergey Avseyev added a comment - - edited Dumitru , just to clarify, did you call something like that? $doc = '&currency=USD'; $bucket->upsert("mykey", $doc);
          Hide
          murzick Dumitru added a comment -

          Sergey, like this:

          $doc = ['http://abcd.xyz?offer_id=33session={transaction_id}&cost={amount}&payout_type=pps¤cy=USD&sub={hash}'];
          $bucket->upsert("mykey", $doc);
          

          Show
          murzick Dumitru added a comment - Sergey, like this: $doc = ['http://abcd.xyz?offer_id=33session={transaction_id}&cost={amount}&payout_type=pps¤cy=USD&sub={hash}']; $bucket->upsert("mykey", $doc);
          Hide
          avsej Sergey Avseyev added a comment -

          Thanks for report. Just to add: the issue is reproducing when the input is not in UTF-8 encoding. For example, if literal is forced to some 8-bit encoding, then json module returns JSON_ERROR_UTF8. I belive the issue might be workarounded if the input is forced/converted to be UTF-8 string. Anyway, the patch fixes crash (while invalid input will be still rejected by json.so module, which comes with PHP), and resulting document will be NULL.

          Show
          avsej Sergey Avseyev added a comment - Thanks for report. Just to add: the issue is reproducing when the input is not in UTF-8 encoding. For example, if literal is forced to some 8-bit encoding, then json module returns JSON_ERROR_UTF8. I belive the issue might be workarounded if the input is forced/converted to be UTF-8 string. Anyway, the patch fixes crash (while invalid input will be still rejected by json.so module, which comes with PHP), and resulting document will be NULL.

            People

            • Assignee:
              avsej Sergey Avseyev
              Reporter:
              murzick Dumitru
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Gerrit Reviews

                There are no open Gerrit changes

                  PagerDuty

                  Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.