Debian Bug report logs - #751936
php5: Segfault in highlight_string()/highlight_file() when pgsql module loaded

[Message part 1 (text/plain, inline)]
Package: php5, php5-cli, libapache2-mod-php5, php5-pgsql
Version: 5.6.0~beta4+dfsg-3
Severity: important

Hi,

I encountered a segmentation fault that is triggered when syntax highlighting
php source containing '__CLASS__' using the highlight_file() or
highlight_string() functions while having the pgsql.so module loaded.

To reproduce, install and enable the pgsql.so module and run the
following script (also attached as 'test.php'):

---------- test.php ----------
<?php
$s = <<<EOT
<?php
__CLASS__;
EOT;
highlight_string($s);
?>
------------------------------

(Note that it doesn't have anything to do with the fact that the
__CLASS__ is used outside of any class scope here, I originally
encountered the bug with a much longer script that had the __CLASS__
properly within a class)

Even though highlight_string()/highlight_file() might be considered
minor PHP functionality, I'm setting the severity to "important" since
the problem seriously hampers development (or makes it outright
impossible) using for example the popular Symfony php framework. Symfony
uses highlight_*() extensively to provide for example more friendly
exception outputs during development, so having your apache child always
dying with a segfault when encountering an error instead of displaying
the error with backtrace etc. is a real problem.

Backtrace of the Segfault:

#0  _zend_mm_free_int (heap=0x7fee5d9ed048, p=0x7fee5d9ed058)
    at /tmp/buildd/php5-5.6.0~beta4+dfsg/Zend/zend_alloc.c:2104
#1  0x00000000006c68b8 in zend_highlight (
    syntax_highlighter_ini=syntax_highlighter_ini@entry=0x7fff5203eaa0)
    at /tmp/buildd/php5-5.6.0~beta4+dfsg/Zend/zend_highlight.c:153
#2  0x000000000069d865 in highlight_string (str=0x7fff5203e980, 
    syntax_highlighter_ini=syntax_highlighter_ini@entry=0x7fff5203eaa0, 
    str_name=str_name@entry=0x7fee5db28280 "/home/sunshine/php-bug/test.php(6) : highlighted code")
    at Zend/zend_language_scanner.l:818
#3  0x00000000005fafa9 in zif_highlight_string (ht=<optimized out>, return_value=0x7fee5db267b8, 
    return_value_ptr=<optimized out>, this_ptr=<optimized out>, return_value_used=<optimized out>)
    at /tmp/buildd/php5-5.6.0~beta4+dfsg/ext/standard/basic_functions.c:5268
#4  0x00000000006c2c4a in dtrace_execute_internal (execute_data_ptr=<optimized out>, 
    fci=<optimized out>, return_value_used=<optimized out>)
    at /tmp/buildd/php5-5.6.0~beta4+dfsg/Zend/zend_dtrace.c:97
#5  0x000000000077cdd8 in zend_do_fcall_common_helper_SPEC (execute_data=0x7fee5daf00f8)
    at /tmp/buildd/php5-5.6.0~beta4+dfsg/Zend/zend_vm_execute.h:560
#6  0x000000000070e410 in execute_ex (execute_data=0x7fee5daf00f8)
    at /tmp/buildd/php5-5.6.0~beta4+dfsg/Zend/zend_vm_execute.h:363
#7  0x00000000006c2b08 in dtrace_execute_ex (execute_data=0x7fee5daf00f8)
    at /tmp/buildd/php5-5.6.0~beta4+dfsg/Zend/zend_dtrace.c:73
#8  0x00000000006d4dc0 in zend_execute_scripts (type=1570689096, type@entry=8, 
    retval=0x7fee5d9ed058, retval@entry=0x0, file_count=1570796536, file_count@entry=3)
    at /tmp/buildd/php5-5.6.0~beta4+dfsg/Zend/zend.c:1330
#9  0x0000000000673fdb in php_execute_script (primary_file=0x7fff52041140)
    at /tmp/buildd/php5-5.6.0~beta4+dfsg/main/main.c:2584
#10 0x000000000077ed3d in do_cli (argc=1570689096, argv=0x7fee5d9ed058)
    at /tmp/buildd/php5-5.6.0~beta4+dfsg/sapi/cli/php_cli.c:994
#11 0x00000000004620ea in main (argc=1570689096, argv=0x7fee5d9ed058)
    at /tmp/buildd/php5-5.6.0~beta4+dfsg/sapi/cli/php_cli.c:1378

Please see the attached file for a "backtrace full". If necessary, I can
also provide a core dump.

Observations during investigating the problem:

 * The segfault only happens if the pgsql.so module is loaded. I tested
   different combinations of the PHP modules on my system, only the
   pgsql.so makes a difference. Whether any other modules are loaded or
   not doesn't affect the problem.

 * It happens with both the CLI and the Apache2 SAPI. I didn't test any
   other SAPIs, however they are probably affected as well.

 * The problem doesn't exist in package version 5.5.12+dfsg-2, however
   it is already present in 5.6.0~beta3+dfsg-2. No other versions
   tested.

 * The segfault happens right after outputting the '__CLASS__' token
   itself.

 * It is only triggered by '__CLASS__', other internal constants like
   '__FILE__' or '__LINE__' are fine.

Regards,
Andreas Ferber

-- Package-specific info:
==== Additional PHP 5 information ====

++++ PHP 5 SAPI (php5query -S): ++++
apache2
cgi
cli

++++ PHP 5 Extensions (php5query -M -v): ++++
pgsql (Enabled for apache2 by maintainer script)
pgsql (Enabled for cgi by maintainer script)
pgsql (Enabled for cli by maintainer script)

++++ Configuration files: ++++
[PHP]
engine = On
short_open_tag = Off
asp_tags = Off
precision = 14
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
unserialize_callback_func =
serialize_precision = 17
disable_functions =
disable_classes =
zend.enable_gc = On
expose_php = On
max_execution_time = 30
max_input_time = 60
memory_limit = -1
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors = Off
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
track_errors = Off
html_errors = On
variables_order = "GPCS"
request_order = "GP"
register_argc_argv = Off
auto_globals_jit = On
post_max_size = 8M
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
default_charset = "UTF-8"
doc_root =
user_dir =
enable_dl = Off
file_uploads = On
upload_max_filesize = 2M
max_file_uploads = 20
allow_url_fopen = On
allow_url_include = Off
default_socket_timeout = 60
[CLI Server]
cli_server.color = On
[Date]
[filter]
[iconv]
[intl]
[sqlite]
[sqlite3]
[Pcre]
[Pdo]
[Pdo_mysql]
pdo_mysql.cache_size = 2000
pdo_mysql.default_socket=
[Phar]
[mail function]
SMTP = localhost
smtp_port = 25
mail.add_x_header = On
[SQL]
sql.safe_mode = Off
[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
[Interbase]
ibase.allow_persistent = 1
ibase.max_persistent = -1
ibase.max_links = -1
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
ibase.dateformat = "%Y-%m-%d"
ibase.timeformat = "%H:%M:%S"
[MySQL]
mysql.allow_local_infile = On
mysql.allow_persistent = On
mysql.cache_size = 2000
mysql.max_persistent = -1
mysql.max_links = -1
mysql.default_port =
mysql.default_socket =
mysql.default_host =
mysql.default_user =
mysql.default_password =
mysql.connect_timeout = 60
mysql.trace_mode = Off
[MySQLi]
mysqli.max_persistent = -1
mysqli.allow_persistent = On
mysqli.max_links = -1
mysqli.cache_size = 2000
mysqli.default_port = 3306
mysqli.default_socket =
mysqli.default_host =
mysqli.default_user =
mysqli.default_pw =
mysqli.reconnect = Off
[mysqlnd]
mysqlnd.collect_statistics = On
mysqlnd.collect_memory_statistics = Off
[OCI8]
[PostgreSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0
[Sybase-CT]
sybct.allow_persistent = On
sybct.max_persistent = -1
sybct.max_links = -1
sybct.min_server_severity = 10
sybct.min_client_severity = 10
[bcmath]
bcmath.scale = 0
[browscap]
[Session]
session.save_handler = files
session.use_strict_mode = 0
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.serialize_handler = php
session.gc_probability = 0
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 5
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
[MSSQL]
mssql.allow_persistent = On
mssql.max_persistent = -1
mssql.max_links = -1
mssql.min_error_severity = 10
mssql.min_message_severity = 10
mssql.compatibility_mode = Off
mssql.secure_connection = Off
[Assertion]
[COM]
[mbstring]
[gd]
[exif]
[Tidy]
tidy.clean_output = Off
[soap]
soap.wsdl_cache_enabled=1
soap.wsdl_cache_dir="/tmp"
soap.wsdl_cache_ttl=86400
soap.wsdl_cache_limit = 5
[sysvshm]
[ldap]
ldap.max_links = -1
[mcrypt]
[dba]
[opcache]
[curl]
[openssl]

**** /etc/php5/cli/conf.d/20-pgsql.ini ****
extension=pgsql.so

-- System Information:
Debian Release: 7.5
  APT prefers stable
  APT policy: (550, 'stable'), (500, 'stable-updates'), (250, 'testing'), (180, 'unstable'), (110, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.14-1-amd64 (SMP w/3 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages php5-cli depends on:
ii  libbz2-1.0        1.0.6-4
ii  libc6             2.19-1
ii  libcomerr2        1.42.5-1.1
ii  libdb5.3          5.3.28-3
ii  libedit2          3.1-20140213-1
ii  libgssapi-krb5-2  1.10.1+dfsg-5+deb7u1
ii  libk5crypto3      1.10.1+dfsg-5+deb7u1
ii  libkrb5-3         1.10.1+dfsg-5+deb7u1
ii  libmagic1         5.11-2+deb7u3
ii  libonig2          5.9.5-2
ii  libpcre3          1:8.31-5
ii  libqdbm14         1.8.78-2
ii  libssl1.0.0       1.0.1e-2+deb7u11
ii  libxml2           2.9.1+dfsg1-3
ii  mime-support      3.52-1
ii  php5-common       5.6.0~beta4+dfsg-3
ii  php5-json         1.3.5-2
ii  tzdata            2014a-0wheezy1
ii  ucf               3.0025+nmu3
ii  zlib1g            1:1.2.7.dfsg-13

Versions of packages php5-cli recommends:
ii  php5-readline  5.6.0~beta4+dfsg-3

Versions of packages php5-cli suggests:
ii  php-pear  5.4.4-14+deb7u11

Versions of packages php5-pgsql depends on:
ii  dpkg                           1.17.10
ii  libc6                          2.19-1
ii  libpq5                         9.3.4-2
ii  php5-common [phpapi-20131226]  5.6.0~beta4+dfsg-3
ii  ucf                            3.0025+nmu3

php5-pgsql recommends no packages.

php5-pgsql suggests no packages.

Versions of packages php5-common depends on:
ii  libc6   2.19-1
ii  lsof    4.86+dfsg-1
ii  psmisc  22.19-1+deb7u1
ii  sed     4.2.1-10
ii  ucf     3.0025+nmu3

Versions of packages php5-common suggests:
ii  php5-apcu [php5-user-cache]  4.0.4-2

Versions of packages libapache2-mod-php5 depends on:
ii  apache2                             2.4.9-2
ii  apache2-bin [apache2-api-20120211]  2.4.9-2
ii  libbz2-1.0                          1.0.6-4
ii  libc6                               2.19-1
ii  libcomerr2                          1.42.5-1.1
ii  libdb5.3                            5.3.28-3
ii  libgssapi-krb5-2                    1.10.1+dfsg-5+deb7u1
ii  libk5crypto3                        1.10.1+dfsg-5+deb7u1
ii  libkrb5-3                           1.10.1+dfsg-5+deb7u1
ii  libmagic1                           5.11-2+deb7u3
ii  libonig2                            5.9.5-2
ii  libpcre3                            1:8.31-5
ii  libqdbm14                           1.8.78-2
ii  libssl1.0.0                         1.0.1e-2+deb7u11
ii  libstdc++6                          4.9.0-6
ii  libxml2                             2.9.1+dfsg1-3
ii  mime-support                        3.52-1
ii  php5-common                         5.6.0~beta4+dfsg-3
ii  php5-json                           1.3.5-2
ii  tzdata                              2014a-0wheezy1
ii  ucf                                 3.0025+nmu3
ii  zlib1g                              1:1.2.7.dfsg-13

Versions of packages libapache2-mod-php5 recommends:
ii  php5-cli  5.6.0~beta4+dfsg-3

Versions of packages libapache2-mod-php5 suggests:
ii  php-pear  5.4.4-14+deb7u11

-- no debconf information

-- debsums errors found:
sh: /usr/sbin/dpkg-divert: No such file or directory

[test.php (text/x-php, attachment)]
[backtrace-full.txt (text/plain, attachment)]
Hi Andreas,

could you please report this bug to upstream bugzilla? (And add the link
here?)

It would be easier if the upstream developers can communicate directly
with you.

Ondrej

On Wed, Jun 18, 2014, at 1:33, Andreas Ferber wrote:
> Package: php5, php5-cli, libapache2-mod-php5, php5-pgsql
> Version: 5.6.0~beta4+dfsg-3
> Severity: important
> 
> Hi,
> 
> I encountered a segmentation fault that is triggered when syntax
> highlighting
> php source containing '__CLASS__' using the highlight_file() or
> highlight_string() functions while having the pgsql.so module loaded.
> 
> To reproduce, install and enable the pgsql.so module and run the
> following script (also attached as 'test.php'):
> 
> ---------- test.php ----------
> <?php
> $s = <<<EOT
> <?php
> __CLASS__;
> EOT;
> highlight_string($s);
> ?>
> ------------------------------
> 
> (Note that it doesn't have anything to do with the fact that the
> __CLASS__ is used outside of any class scope here, I originally
> encountered the bug with a much longer script that had the __CLASS__
> properly within a class)
> 
> Even though highlight_string()/highlight_file() might be considered
> minor PHP functionality, I'm setting the severity to "important" since
> the problem seriously hampers development (or makes it outright
> impossible) using for example the popular Symfony php framework. Symfony
> uses highlight_*() extensively to provide for example more friendly
> exception outputs during development, so having your apache child always
> dying with a segfault when encountering an error instead of displaying
> the error with backtrace etc. is a real problem.
> 
> 
> Backtrace of the Segfault:
> 
> #0  _zend_mm_free_int (heap=0x7fee5d9ed048, p=0x7fee5d9ed058)
>     at /tmp/buildd/php5-5.6.0~beta4+dfsg/Zend/zend_alloc.c:2104
> #1  0x00000000006c68b8 in zend_highlight (
>     syntax_highlighter_ini=syntax_highlighter_ini@entry=0x7fff5203eaa0)
>     at /tmp/buildd/php5-5.6.0~beta4+dfsg/Zend/zend_highlight.c:153
> #2  0x000000000069d865 in highlight_string (str=0x7fff5203e980, 
>     syntax_highlighter_ini=syntax_highlighter_ini@entry=0x7fff5203eaa0, 
>     str_name=str_name@entry=0x7fee5db28280
>     "/home/sunshine/php-bug/test.php(6) : highlighted code")
>     at Zend/zend_language_scanner.l:818
> #3  0x00000000005fafa9 in zif_highlight_string (ht=<optimized out>,
> return_value=0x7fee5db267b8, 
>     return_value_ptr=<optimized out>, this_ptr=<optimized out>,
>     return_value_used=<optimized out>)
>     at
>     /tmp/buildd/php5-5.6.0~beta4+dfsg/ext/standard/basic_functions.c:5268
> #4  0x00000000006c2c4a in dtrace_execute_internal
> (execute_data_ptr=<optimized out>, 
>     fci=<optimized out>, return_value_used=<optimized out>)
>     at /tmp/buildd/php5-5.6.0~beta4+dfsg/Zend/zend_dtrace.c:97
> #5  0x000000000077cdd8 in zend_do_fcall_common_helper_SPEC
> (execute_data=0x7fee5daf00f8)
>     at /tmp/buildd/php5-5.6.0~beta4+dfsg/Zend/zend_vm_execute.h:560
> #6  0x000000000070e410 in execute_ex (execute_data=0x7fee5daf00f8)
>     at /tmp/buildd/php5-5.6.0~beta4+dfsg/Zend/zend_vm_execute.h:363
> #7  0x00000000006c2b08 in dtrace_execute_ex (execute_data=0x7fee5daf00f8)
>     at /tmp/buildd/php5-5.6.0~beta4+dfsg/Zend/zend_dtrace.c:73
> #8  0x00000000006d4dc0 in zend_execute_scripts (type=1570689096,
> type@entry=8, 
>     retval=0x7fee5d9ed058, retval@entry=0x0, file_count=1570796536,
>     file_count@entry=3)
>     at /tmp/buildd/php5-5.6.0~beta4+dfsg/Zend/zend.c:1330
> #9  0x0000000000673fdb in php_execute_script
> (primary_file=0x7fff52041140)
>     at /tmp/buildd/php5-5.6.0~beta4+dfsg/main/main.c:2584
> #10 0x000000000077ed3d in do_cli (argc=1570689096, argv=0x7fee5d9ed058)
>     at /tmp/buildd/php5-5.6.0~beta4+dfsg/sapi/cli/php_cli.c:994
> #11 0x00000000004620ea in main (argc=1570689096, argv=0x7fee5d9ed058)
>     at /tmp/buildd/php5-5.6.0~beta4+dfsg/sapi/cli/php_cli.c:1378
> 
> Please see the attached file for a "backtrace full". If necessary, I can
> also provide a core dump.
> 
> 
> Observations during investigating the problem:
> 
>  * The segfault only happens if the pgsql.so module is loaded. I tested
>    different combinations of the PHP modules on my system, only the
>    pgsql.so makes a difference. Whether any other modules are loaded or
>    not doesn't affect the problem.
> 
>  * It happens with both the CLI and the Apache2 SAPI. I didn't test any
>    other SAPIs, however they are probably affected as well.
> 
>  * The problem doesn't exist in package version 5.5.12+dfsg-2, however
>    it is already present in 5.6.0~beta3+dfsg-2. No other versions
>    tested.
> 
>  * The segfault happens right after outputting the '__CLASS__' token
>    itself.
> 
>  * It is only triggered by '__CLASS__', other internal constants like
>    '__FILE__' or '__LINE__' are fine.
> 
> Regards,
> Andreas Ferber
> 
> -- Package-specific info:
> ==== Additional PHP 5 information ====
> 
> ++++ PHP 5 SAPI (php5query -S): ++++
> apache2
> cgi
> cli
> 
> ++++ PHP 5 Extensions (php5query -M -v): ++++
> pgsql (Enabled for apache2 by maintainer script)
> pgsql (Enabled for cgi by maintainer script)
> pgsql (Enabled for cli by maintainer script)
> 
> ++++ Configuration files: ++++
> [PHP]
> engine = On
> short_open_tag = Off
> asp_tags = Off
> precision = 14
> output_buffering = 4096
> zlib.output_compression = Off
> implicit_flush = Off
> unserialize_callback_func =
> serialize_precision = 17
> disable_functions =
> disable_classes =
> zend.enable_gc = On
> expose_php = On
> max_execution_time = 30
> max_input_time = 60
> memory_limit = -1
> error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
> display_errors = Off
> display_startup_errors = Off
> log_errors = On
> log_errors_max_len = 1024
> ignore_repeated_errors = Off
> ignore_repeated_source = Off
> report_memleaks = On
> track_errors = Off
> html_errors = On
> variables_order = "GPCS"
> request_order = "GP"
> register_argc_argv = Off
> auto_globals_jit = On
> post_max_size = 8M
> auto_prepend_file =
> auto_append_file =
> default_mimetype = "text/html"
> default_charset = "UTF-8"
> doc_root =
> user_dir =
> enable_dl = Off
> file_uploads = On
> upload_max_filesize = 2M
> max_file_uploads = 20
> allow_url_fopen = On
> allow_url_include = Off
> default_socket_timeout = 60
> [CLI Server]
> cli_server.color = On
> [Date]
> [filter]
> [iconv]
> [intl]
> [sqlite]
> [sqlite3]
> [Pcre]
> [Pdo]
> [Pdo_mysql]
> pdo_mysql.cache_size = 2000
> pdo_mysql.default_socket=
> [Phar]
> [mail function]
> SMTP = localhost
> smtp_port = 25
> mail.add_x_header = On
> [SQL]
> sql.safe_mode = Off
> [ODBC]
> odbc.allow_persistent = On
> odbc.check_persistent = On
> odbc.max_persistent = -1
> odbc.max_links = -1
> odbc.defaultlrl = 4096
> odbc.defaultbinmode = 1
> [Interbase]
> ibase.allow_persistent = 1
> ibase.max_persistent = -1
> ibase.max_links = -1
> ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
> ibase.dateformat = "%Y-%m-%d"
> ibase.timeformat = "%H:%M:%S"
> [MySQL]
> mysql.allow_local_infile = On
> mysql.allow_persistent = On
> mysql.cache_size = 2000
> mysql.max_persistent = -1
> mysql.max_links = -1
> mysql.default_port =
> mysql.default_socket =
> mysql.default_host =
> mysql.default_user =
> mysql.default_password =
> mysql.connect_timeout = 60
> mysql.trace_mode = Off
> [MySQLi]
> mysqli.max_persistent = -1
> mysqli.allow_persistent = On
> mysqli.max_links = -1
> mysqli.cache_size = 2000
> mysqli.default_port = 3306
> mysqli.default_socket =
> mysqli.default_host =
> mysqli.default_user =
> mysqli.default_pw =
> mysqli.reconnect = Off
> [mysqlnd]
> mysqlnd.collect_statistics = On
> mysqlnd.collect_memory_statistics = Off
> [OCI8]
> [PostgreSQL]
> pgsql.allow_persistent = On
> pgsql.auto_reset_persistent = Off
> pgsql.max_persistent = -1
> pgsql.max_links = -1
> pgsql.ignore_notice = 0
> pgsql.log_notice = 0
> [Sybase-CT]
> sybct.allow_persistent = On
> sybct.max_persistent = -1
> sybct.max_links = -1
> sybct.min_server_severity = 10
> sybct.min_client_severity = 10
> [bcmath]
> bcmath.scale = 0
> [browscap]
> [Session]
> session.save_handler = files
> session.use_strict_mode = 0
> session.use_cookies = 1
> session.use_only_cookies = 1
> session.name = PHPSESSID
> session.auto_start = 0
> session.cookie_lifetime = 0
> session.cookie_path = /
> session.cookie_domain =
> session.cookie_httponly =
> session.serialize_handler = php
> session.gc_probability = 0
> session.gc_divisor = 1000
> session.gc_maxlifetime = 1440
> session.referer_check =
> session.cache_limiter = nocache
> session.cache_expire = 180
> session.use_trans_sid = 0
> session.hash_function = 0
> session.hash_bits_per_character = 5
> url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
> [MSSQL]
> mssql.allow_persistent = On
> mssql.max_persistent = -1
> mssql.max_links = -1
> mssql.min_error_severity = 10
> mssql.min_message_severity = 10
> mssql.compatibility_mode = Off
> mssql.secure_connection = Off
> [Assertion]
> [COM]
> [mbstring]
> [gd]
> [exif]
> [Tidy]
> tidy.clean_output = Off
> [soap]
> soap.wsdl_cache_enabled=1
> soap.wsdl_cache_dir="/tmp"
> soap.wsdl_cache_ttl=86400
> soap.wsdl_cache_limit = 5
> [sysvshm]
> [ldap]
> ldap.max_links = -1
> [mcrypt]
> [dba]
> [opcache]
> [curl]
> [openssl]
> 
> **** /etc/php5/cli/conf.d/20-pgsql.ini ****
> extension=pgsql.so
> 
> 
> -- System Information:
> Debian Release: 7.5
>   APT prefers stable
>   APT policy: (550, 'stable'), (500, 'stable-updates'), (250, 'testing'),
>   (180, 'unstable'), (110, 'experimental')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
> 
> Kernel: Linux 3.14-1-amd64 (SMP w/3 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/bash
> 
> Versions of packages php5-cli depends on:
> ii  libbz2-1.0        1.0.6-4
> ii  libc6             2.19-1
> ii  libcomerr2        1.42.5-1.1
> ii  libdb5.3          5.3.28-3
> ii  libedit2          3.1-20140213-1
> ii  libgssapi-krb5-2  1.10.1+dfsg-5+deb7u1
> ii  libk5crypto3      1.10.1+dfsg-5+deb7u1
> ii  libkrb5-3         1.10.1+dfsg-5+deb7u1
> ii  libmagic1         5.11-2+deb7u3
> ii  libonig2          5.9.5-2
> ii  libpcre3          1:8.31-5
> ii  libqdbm14         1.8.78-2
> ii  libssl1.0.0       1.0.1e-2+deb7u11
> ii  libxml2           2.9.1+dfsg1-3
> ii  mime-support      3.52-1
> ii  php5-common       5.6.0~beta4+dfsg-3
> ii  php5-json         1.3.5-2
> ii  tzdata            2014a-0wheezy1
> ii  ucf               3.0025+nmu3
> ii  zlib1g            1:1.2.7.dfsg-13
> 
> Versions of packages php5-cli recommends:
> ii  php5-readline  5.6.0~beta4+dfsg-3
> 
> Versions of packages php5-cli suggests:
> ii  php-pear  5.4.4-14+deb7u11
> 
> Versions of packages php5-pgsql depends on:
> ii  dpkg                           1.17.10
> ii  libc6                          2.19-1
> ii  libpq5                         9.3.4-2
> ii  php5-common [phpapi-20131226]  5.6.0~beta4+dfsg-3
> ii  ucf                            3.0025+nmu3
> 
> php5-pgsql recommends no packages.
> 
> php5-pgsql suggests no packages.
> 
> Versions of packages php5-common depends on:
> ii  libc6   2.19-1
> ii  lsof    4.86+dfsg-1
> ii  psmisc  22.19-1+deb7u1
> ii  sed     4.2.1-10
> ii  ucf     3.0025+nmu3
> 
> Versions of packages php5-common suggests:
> ii  php5-apcu [php5-user-cache]  4.0.4-2
> 
> Versions of packages libapache2-mod-php5 depends on:
> ii  apache2                             2.4.9-2
> ii  apache2-bin [apache2-api-20120211]  2.4.9-2
> ii  libbz2-1.0                          1.0.6-4
> ii  libc6                               2.19-1
> ii  libcomerr2                          1.42.5-1.1
> ii  libdb5.3                            5.3.28-3
> ii  libgssapi-krb5-2                    1.10.1+dfsg-5+deb7u1
> ii  libk5crypto3                        1.10.1+dfsg-5+deb7u1
> ii  libkrb5-3                           1.10.1+dfsg-5+deb7u1
> ii  libmagic1                           5.11-2+deb7u3
> ii  libonig2                            5.9.5-2
> ii  libpcre3                            1:8.31-5
> ii  libqdbm14                           1.8.78-2
> ii  libssl1.0.0                         1.0.1e-2+deb7u11
> ii  libstdc++6                          4.9.0-6
> ii  libxml2                             2.9.1+dfsg1-3
> ii  mime-support                        3.52-1
> ii  php5-common                         5.6.0~beta4+dfsg-3
> ii  php5-json                           1.3.5-2
> ii  tzdata                              2014a-0wheezy1
> ii  ucf                                 3.0025+nmu3
> ii  zlib1g                              1:1.2.7.dfsg-13
> 
> Versions of packages libapache2-mod-php5 recommends:
> ii  php5-cli  5.6.0~beta4+dfsg-3
> 
> Versions of packages libapache2-mod-php5 suggests:
> ii  php-pear  5.4.4-14+deb7u11
> 
> -- no debconf information
> 
> -- debsums errors found:
> sh: /usr/sbin/dpkg-divert: No such file or directory
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint
> Email had 2 attachments:
> + test.php
>   1k (text/x-php)
> + backtrace-full.txt
>   8k (text/plain)

-- 
Ondřej Surý <ondrej@sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server

On Wed, Jun 18, 2014 at 11:56:29AM +0200, Ondřej Surý wrote:
> could you please report this bug to upstream bugzilla? (And add the link
> here?)

Yes, I have done so.

Today I also had the time to reproduce the bug successfully using a
build of the current upstream snapshot, so it is definitely an
upstream problem.

The link to the upstream bug report:

https://bugs.php.net/bug.php?id=67468

Regards,
Andreas Ferber

Hi,

just a heads up, the fix I made for this bug has been accepted
upstream, see http://git.php.net/?p=php-src.git;a=commit;h=c5e6c2a5f58be770603b490d23384b5fc66a38f6

It didn't make it in time for the PHP 5.6.0RC1 release, however it
should be in RC2.

Regards,
Andreas Ferber

Hi Andreas,

thanks for the heads up, I have just uploaded 5.6.0~rc1-1
to Debian with new SAPI so it might take some time to
process it throug NEW queue, but if it will be processed
before 3rd July I will do 5.6.0~rc1-2 to fix your issue.

Cheers,
Ondrej

On Mon, Jun 23, 2014, at 20:17, Andreas Ferber wrote:
> Hi,
> 
> just a heads up, the fix I made for this bug has been accepted
> upstream, see
> http://git.php.net/?p=php-src.git;a=commit;h=c5e6c2a5f58be770603b490d23384b5fc66a38f6
> 
> It didn't make it in time for the PHP 5.6.0RC1 release, however it
> should be in RC2.
> 
> Regards,
> Andreas Ferber
> 
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint

-- 
Ondřej Surý <ondrej@sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server

Version: 5.6.0~rc2+dfsg-1

03 Jul 2014, PHP 5.6.0 Release Candidate 2

- Core:
  . Fixed bug #67368 (Memory leak with immediately dereferenced array in
  class
    constant). (Laruence)
  . *Fixed bug #67468 (Segfault in
  highlight_file()/highlight_string()).*
    (Andreas Ferber)
  . Fixed bug #67091 (make install fails to install libphp5.so on
  FreeBSD 10.0).
    (Ferenc)
  . Fixed bug #67498 (phpinfo() Type Confusion Information Leak
  Vulnerability).
    (Stefan Esser)

-- 
Ondřej Surý <ondrej@sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server

Debian Bug report logs - #751936 php5: Segfault in highlight_string()/highlight_file() when pgsql module loaded

Debian Bug report logs - #751936
php5: Segfault in highlight_string()/highlight_file() when pgsql module loaded