Segmentation fault uploading a csv using ZF1.12.1

Thank you for taking the time to report this bug and helping to make Ubuntu better.

It'll help if you can try the relevant latest upstream versions of PHP directly (without packaging) to see if the bug affects upstream also, and report it upstream if it is present and not fixed there. If you can locate an upstream fix, we can look into getting it fixed in Ubuntu also.

Others may also be able to help you better if you can provide a minimal failure case and steps to reproduce the problem.

hello,

I have a system ubuntu 12.04, and I install the php v5.5.27 from the sources (also apache2 from sources) and I test it there with no problem. Then I installed php 5.5.9 (the version with the problem in ubuntu) and it works.

My system:
# lsb_release -rd
Description: Ubuntu 12.04.5 LTS
Release: 12.04

# /usr/local/apache2/bin/apachectl -v
Server version: Apache/2.2.29 (Unix)
Server built: Jul 11 2015 01:04:44

# php -v
PHP 5.5.9 (cli) (built: Jul 12 2015 15:35:23)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2014 Zend Technologies

Some php info:
PHP Version 5.5.9
System : Linux ubuntu 3.13.0-53-generic #89~precise1-Ubuntu SMP Wed May 20 17:42:16 UTC 2015 x86_64
Build Date: Jul 12 2015 15:34:14
Configure Command: './configure' '--with-apxs2=/usr/local/apache2/bin/apxs' '--with-mysql' '--with-pdo-mysql' '--enable-mbstring'

If you need more details, please tell me.

Hello again,

I set up a clean ubuntu 14.04, I installed the same version of apache and php from sources and I got the same error, changing to PHP 5.5.10 fix the problem.

Looks like is a problem with Fileinfo, and it was fixed on this new version.

when you will update the package to PHP 5.5.10?

Please see https://wiki.ubuntu.com/StableReleaseUpdates

We do not update stable releases in updates recommended to all users due to regression risk to existing users. I understand that PHP upstream do not maintain stability in their stable branches in the way that Ubuntu users expect, so we currently have no plans to update this.

If you can identify a specific upstream commit that fixes this issue then we can cherry-pick it in an SRU. See the linked page for details on the procedure to follow for this.

Since you say that this bug is fixed in 5.5.10 and Wily has 5.6.9, I'm marking this Fix Released in the development release and opening a task for Trusty to continue tracking this issue.

@armand1, to clarify:

"I have a system ubuntu 12.04, and I install the php v5.5.27 from the sources (also apache2 from sources) and I test it there with no problem. Then I installed php 5.5.9 (the version with the problem in ubuntu) and it works."

Does PHP 5.5.9 work or not work? Or do you mean the built-from-source version worked but the Ubuntu one does not? Would it be possible to re-test with the latest php5 (5.5.9+dfsg-1ubuntu4.14) from trusty-updates?

hello!

ubuntu 12.04 + php 5.5.9 (from sources) => works
ubuntu 14.04 + php 5.5.9 (from sources) => got error
ubuntu 14.04 + php 5.5.10 (from sources) => works

In the server (ubuntu 14.04), I have the 5.5.9-1ubuntu4.11 version (the one with the problem) and then I compile php from sources (php 5.5.27) and linked with apache (2.4.7-1ubuntu4.4) and is working fine since then.

I did the update and I instaled PHP 5.5.9-1ubuntu4.14 (cli) (built: Oct 28 2015 01:34:46), then linked with apache and try the form for upload a csv file, I got the problem again.

> ubuntu 12.04 + php 5.5.9 (from sources) => works
> ubuntu 14.04 + php 5.5.9 (from sources) => got error
> ubuntu 14.04 + php 5.5.10 (from sources) => works

This would imply that the fix is not in php itself, if 5.5.9 on 12.04 worked? Perhaps there is some interaction with an external library?

> In the server (ubuntu 14.04), I have the 5.5.9-1ubuntu4.11 version (the one
> with the problem) and then I compile php from sources (php 5.5.27) and
> linked with apache (2.4.7-1ubuntu4.4) and is working fine since then.

> I did the update and I instaled PHP 5.5.9-1ubuntu4.14 (cli) (built: Oct
> 28 2015 01:34:46), then linked with apache and try the form for upload
> a csv file, I got the problem again.

Looking at the upstream changelog for 5.5.10, there are only two mentioned changes to fileinfo: https://secure.php.net/ChangeLog-5.php#5.5.10.

bug #66731's fix was backported to 5.5.9+dfsg-1ubuntu2.
bug #66820's fix was backported to 5.5.9+dfsg-1ubuntu3.

I am going to verify that those backports are correct, but I feel like we do not have a root cause yet in this bug.

In contrast, I think the exact issue you are hitting is: https://bugs.php.net/bug.php?id=66987. Can you take a look? The stacktrace looks identical to me?

I will prepare a test build of Ubuntu's PHP5 for trusty shortly with the above patch applied. It seems like you should be able to test easily?

Test build submitted at: https://launchpad.net/~nacc/+archive/ubuntu/lp1472407, should be published shortly.

hello again,

yes, I think it looks like the same (sorry, i don't have too much experience with this)
I will wait your build for testing in my server.

thanks a lot!

On 12.04.2016 [12:18:29 -0000], armandfp wrote:
> hello again,
>
> yes, I think it looks like the same (sorry, i don't have too much
> experience with this) I will wait your build for testing in my server.

The build should be available at the aforementioned PPA now, sorry for
not responding with that info sooner.

Hello again,
I didn't have the chance to install the 5.5.9+dfsg-1ubuntu4.15, I installed the 5.5.9+dfsg-1ubuntu4.16 today, and I got the same error:

#0 zend_mm_remove_from_free_list (heap=0x7ff52bdbab80, mm_block=0x7ff51c8d3118)
    at /build/php5-sR4fhr/php5-5.5.9+dfsg/Zend/zend_alloc.c:837
#1 0x00007ff524aa0fec in _zend_mm_free_int (heap=0x7ff52bdbab80, p=0x7ff51c8d3128)
    at /build/php5-sR4fhr/php5-5.5.9+dfsg/Zend/zend_alloc.c:2105
#2 0x00007ff5248b4983 in apprentice_unmap (map=0x7ff52c0bd3d0)
    at /build/php5-sR4fhr/php5-5.5.9+dfsg/ext/fileinfo/libmagic/apprentice.c:499
#3 0x00007ff5248b49f5 in mlist_free (mlist=0x7ff51cb57af8) at /build/php5-sR4fhr/php5-5.5.9+dfsg/ext/fileinfo/libmagic/apprentice.c:530
#4 0x00007ff5248b57e1 in file_ms_free (ms=0x7ff52c172218) at /build/php5-sR4fhr/php5-5.5.9+dfsg/ext/fileinfo/libmagic/apprentice.c:444
#5 0x00007ff5248bdfba in magic_close (ms=<optimized out>) at /build/php5-sR4fhr/php5-5.5.9+dfsg/ext/fileinfo/libmagic/magic.c:256
#6 0x00007ff5248b3af5 in finfo_resource_destructor (rsrc=0x7ff52c1176c8) at /build/php5-sR4fhr/php5-5.5.9+dfsg/ext/fileinfo/fileinfo.c:194
#7 0x00007ff524ad8040 in list_entry_destructor (ptr=0x7ff52c1176c8) at /build/php5-sR4fhr/php5-5.5.9+dfsg/Zend/zend_list.c:183
#8 0x00007ff524ad5e81 in zend_hash_del_key_or_index (ht=ht@entry=0x7ff52528c7b0 <executor_globals+624>, arKey=arKey@entry=0x0,
    nKeyLength=nKeyLength@entry=0, h=h@entry=193, flag=flag@entry=1) at /build/php5-sR4fhr/php5-5.5.9+dfsg/Zend/zend_hash.c:532
#9 0x00007ff524ad8221 in _zend_list_delete (id=<optimized out>) at /build/php5-sR4fhr/php5-5.5.9+dfsg/Zend/zend_list.c:57
#10 0x00007ff524ab84d0 in _zval_dtor (zvalue=0x7ff52c113df0) at /build/php5-sR4fhr/php5-5.5.9+dfsg/Zend/zend_variables.h:35
#11 i_zval_ptr_dtor (zval_ptr=0x7ff52c113df0) at /build/php5-sR4fhr/php5-5.5.9+dfsg/Zend/zend_execute.h:81
#12 _zval_ptr_dtor (zval_ptr=<optimized out>) at /build/php5-sR4fhr/php5-5.5.9+dfsg/Zend/zend_execute_API.c:426
#13 0x00007ff524aea587 in zend_object_std_dtor (object=0x7ff52c117940) at /build/php5-sR4fhr/php5-5.5.9+dfsg/Zend/zend_objects.c:54
#14 0x00007ff524aea5b9 in zend_objects_free_object_storage (object=0x7ff52c117940)
    at /build/php5-sR4fhr/php5-5.5.9+dfsg/Zend/zend_objects.c:137
#15 0x00007ff524af044c in zend_objects_store_del_ref_by_handle_ex (handle=296, handlers=<optimized out>)
    at /build/php5-sR4fhr/php5-5.5.9+dfsg/Zend/zend_objects_API.c:226
#16 0x00007ff524af0473 in zend_objects_store_del_ref (zobject=0x7ff52c117898)
    at /build/php5-sR4fhr/php5-5.5.9+dfsg/Zend/zend_objects_API.c:178
#17 0x00007ff524ab84d0 in _zval_dtor (zvalue=0x7ff52c117898) at /build/php5-sR4fhr/php5-5.5.9+dfsg/Zend/zend_variables.h:35
#18 i_zval_ptr_dtor (zval_ptr=0x7ff52c117898) at /build/php5-sR4fhr/php5-5.5.9+dfsg/Zend/zend_execute.h:81
#19 _zval_ptr_dtor (zval_ptr=<optimized out>) at /build/php5-sR4fhr/php5-5.5.9+dfsg/Zend/zend_execute_API.c:426
#20 0x00007ff524ad5f88 in zend_hash_destroy (ht=0x7ff51cb65b00) at /build/php5-sR4fhr/php5-5.5.9+dfsg/Zend/zend_hash.c:560
#21 0x00007ff524ac73fb in _zval_dtor_func (zvalue=0x7ff51cbae778) at /build/php5-sR4fhr/php5-5.5.9+dfsg/Zend/zend_variables.c:45
#22 0x00007ff524ab...

On 28.04.2016 [11:47:18 -0000], armandfp wrote:
> Hello again,
> I didn't have the chance to install the 5.5.9+dfsg-1ubuntu4.15, I
> installed the 5.5.9+dfsg-1ubuntu4.16 today, and I got the same error:

Yes, because they are unrelated -- I apologize for not using better
versioning in my PPA. The 5.5.9+dfsg-1ubuntu4.15 I referred to earlier,
had only the bugfix in question. The 5.5.9+dfsg-1ubuntu4.16 is a
parallel trusty-security release that does not include the bugfix. I
will build a new version in the PPA based off the latest Trusty release
and please test that.

On 28.04.2016 [08:21:34 -0700], Nish Aravamudan wrote:
> On 28.04.2016 [11:47:18 -0000], armandfp wrote:
> > Hello again,
> > I didn't have the chance to install the 5.5.9+dfsg-1ubuntu4.15, I
> > installed the 5.5.9+dfsg-1ubuntu4.16 today, and I got the same error:
>
> Yes, because they are unrelated -- I apologize for not using better
> versioning in my PPA. The 5.5.9+dfsg-1ubuntu4.15 I referred to earlier,
> had only the bugfix in question. The 5.5.9+dfsg-1ubuntu4.16 is a
> parallel trusty-security release that does not include the bugfix. I
> will build a new version in the PPA based off the latest Trusty release
> and please test that.

Please test 5.5.9+dfsg-1ubuntu4.17~ppa1 once it is available in the same
PPA.

Unassigning myself while we wait for testing results.