WordPress 4.1 causes segfault in php-ssh2

Bug #1407377 reported by Brian Teague on 2015-01-04
38
This bug affects 6 people
Affects Status Importance Assigned to Milestone
php-ssh2 (Ubuntu)
Undecided
Unassigned

Bug Description

Upstream php5 bug: https://bugs.php.net/bug.php?id=64535

Bug description:
 - I installed vanilla WordPress 4.1 (from wordpress.org, not the Ubuntu repos)
 - Several of the configuration pages, in particular wp-admin/options-general.php, would give NO RESPONSE errors when I browsed to them.
 - The apache error log showed that apache2 was SEGFAULTing
 - The log also showed that a coredump was being dropped in /etc/apache2
 - I started gdb with /usr/sbin/apache2 and loaded the core file. The backtrace is below; the core file is also attached.
 - The backtrace showed that the last non-library frame was php_ssh2_fopen_wraper_parse_path () in /usr/lib/php5/20121212/ssh2.so.
 - A quick Google search turned up the PHP5 bug above
 - I rebuilt php-ssh2 with the patch from the upstream bug (reproduced below) and it solves the problem.

Relevant package versions:
 - Up-to-date 14.04 install (as of 3 January 2015)
 - libssh-php 0.12-1
 - php5 5.5.9+dfsg-1ubuntu4
 - apache2 2.4.7-1ubuntu4
 - openssh 1:6.6p1-2ubuntu1

Brian Teague (bteague) wrote :
Download full text (3.3 KiB)

Backtrace and coredump

#0 strlen () at ../sysdeps/x86_64/strlen.S:106
#1 0x00007fcf8ea76f90 in _estrdup () from /usr/lib/apache2/modules/libphp5.so
#2 0x00007fcf839ab2e0 in php_ssh2_fopen_wraper_parse_path ()
   from /usr/lib/php5/20121212/ssh2.so
#3 0x00007fcf839af25c in ?? () from /usr/lib/php5/20121212/ssh2.so
#4 0x00007fcf8ea55457 in _php_stream_stat_path ()
   from /usr/lib/apache2/modules/libphp5.so
#5 0x00007fcf8e9d1ed5 in ?? () from /usr/lib/apache2/modules/libphp5.so
#6 0x00007fcf8e9d40db in zif_is_file () from /usr/lib/apache2/modules/libphp5.so
#7 0x00007fcf8e908681 in ?? () from /usr/lib/apache2/modules/libphp5.so
#8 0x00007fcf8ea8bc6b in dtrace_execute_internal ()
   from /usr/lib/apache2/modules/libphp5.so
#9 0x00007fcf8eb4bcc5 in ?? () from /usr/lib/apache2/modules/libphp5.so
#10 0x00007fcf8eac59f8 in execute_ex () from /usr/lib/apache2/modules/libphp5.so
#11 0x00007fcf8ea8bb69 in dtrace_execute_ex () from /usr/lib/apache2/modules/libphp5.so
#12 0x00007fcf8eb4c310 in ?? () from /usr/lib/apache2/modules/libphp5.so
#13 0x00007fcf8eac59f8 in execute_ex () from /usr/lib/apache2/modules/libphp5.so
#14 0x00007fcf8ea8bb69 in dtrace_execute_ex () from /usr/lib/apache2/modules/libphp5.so
#15 0x00007fcf8eb4c310 in ?? () from /usr/lib/apache2/modules/libphp5.so
#16 0x00007fcf8eac59f8 in execute_ex () from /usr/lib/apache2/modules/libphp5.so
#17 0x00007fcf8ea8bb69 in dtrace_execute_ex () from /usr/lib/apache2/modules/libphp5.so
#18 0x00007fcf8eb4c310 in ?? () from /usr/lib/apache2/modules/libphp5.so
#19 0x00007fcf8eac59f8 in execute_ex () from /usr/lib/apache2/modules/libphp5.so
#20 0x00007fcf8ea8bb69 in dtrace_execute_ex () from /usr/lib/apache2/modules/libphp5.so
#21 0x00007fcf8eb4c310 in ?? () from /usr/lib/apache2/modules/libphp5.so
#22 0x00007fcf8eac59f8 in execute_ex () from /usr/lib/apache2/modules/libphp5.so
#23 0x00007fcf8ea8bb69 in dtrace_execute_ex () from /usr/lib/apache2/modules/libphp5.so
#24 0x00007fcf8eb4c310 in ?? () from /usr/lib/apache2/modules/libphp5.so
---Type <return> to continue, or q <return> to quit---
#25 0x00007fcf8eac59f8 in execute_ex () from /usr/lib/apache2/modules/libphp5.so
#26 0x00007fcf8ea8bb69 in dtrace_execute_ex () from /usr/lib/apache2/modules/libphp5.so
#27 0x00007fcf8eb4c310 in ?? () from /usr/lib/apache2/modules/libphp5.so
#28 0x00007fcf8eac59f8 in execute_ex () from /usr/lib/apache2/modules/libphp5.so
#29 0x00007fcf8ea8bb69 in dtrace_execute_ex () from /usr/lib/apache2/modules/libphp5.so
#30 0x00007fcf8ea9d5f0 in zend_execute_scripts ()
   from /usr/lib/apache2/modules/libphp5.so
#31 0x00007fcf8ea3d4d5 in php_execute_script ()
   from /usr/lib/apache2/modules/libphp5.so
#32 0x00007fcf8eb4d94a in ?? () from /usr/lib/apache2/modules/libphp5.so
#33 0x00007fcf92c2c680 in ap_run_handler ()
#34 0x00007fcf92c2cbc9 in ap_invoke_handler ()
#35 0x00007fcf92c4216a in ap_process_async_request ()
#36 0x00007fcf92c42444 in ap_process_request ()
#37 0x00007fcf92c3ef02 in ?? ()
#38 0x00007fcf92c35cc0 in ap_run_process_connection ()
#39 0x00007fcf8f46d767 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#40 0x00007fcf8f46d9a6 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#41 0x0000...

Read more...

Brian Teague (bteague) wrote :

Patch from the upstream bug that fixes the segfault.

The attachment "fix-segfault.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in php-ssh2 (Ubuntu):
status: New → Confirmed
Stanley Laufer (stanley-laufer) wrote :

We've been impacted by this bug as well. We have confirmed this bug on two systems running Ubuntu 14.04.2 LTS with all packages updated.

Release: 14.04
Package: libssh2-php 0.12-1build1

Our trace was similar to Brian's and points to:

php_ssh2_fopen_wraper_parse_path () from /usr/lib/php5/20121212/ssh2.so

Note that the issue only occurs in Ubuntu 14.04 LTS. We have WordPress running on several Ubuntu 12.04.5 LTS systems and they are not impacted by this bug.

Is there any chance that the upstream patch referenced by Brian can be applied to libssh2?

Thanks for considering.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments