SSL segmentation fault

Issue #35 closed
Anonymous created an issue

Steps:

php 7.0.12
Extension version => 2.2.1
libevent2 headers version => 2.0.21-stable
  1. create socket via $socket = stream_socket_client();
  2. create SSL connection $ssl = EventBufferEvent::sslSocket($base, $socket, $ctx, EventBufferEvent::SSL_CONNECTING);
  3. close connection in on of read events: $ssl = null; fclose($socket);

sometimes when closing connection I get seg. fault:

#0  0x00007fdb562cc5f7 in raise () from /lib64/libc.so.6
#1  0x00007fdb562cdce8 in abort () from /lib64/libc.so.6
#2  0x00007fdb5630c327 in __libc_message () from /lib64/libc.so.6
#3  0x00007fdb56314053 in _int_free () from /lib64/libc.so.6
#4  0x00007fdb566c24ed in CRYPTO_free () from /lib64/libcrypto.so.10
#5  0x00007fdb5675e838 in asn1_item_combine_free () from /lib64/libcrypto.so.10
#6  0x00007fdb5675ea05 in ASN1_item_free () from /lib64/libcrypto.so.10
#7  0x00007fdb5675a7ff in x509_cb () from /lib64/libcrypto.so.10
#8  0x00007fdb5675e82a in asn1_item_combine_free () from /lib64/libcrypto.so.10
#9  0x00007fdb5675ea05 in ASN1_item_free () from /lib64/libcrypto.so.10
#10 0x00007fdb56a883b8 in SSL_SESSION_free () from /lib64/libssl.so.10
#11 0x00007fdb56a8673d in SSL_free () from /lib64/libssl.so.10
#12 0x00007fdb4e0bef7d in php_event_bevent_free_obj (object=0x7fdb549b6510) at /tmp/pear/temp/event/php7/php_event.c:265
#13 0x000000000073e431 in zend_objects_store_del (object=0x7fdb549b6510) at /root/tmp/php-7.0.12/Zend/zend_objects_API.c:178
#14 0x0000000000766c23 in zend_assign_to_variable (value_type=1 '\001', value=<optimized out>, variable_ptr=<optimized out>) at /root/tmp/php-7.0.12/Zend/zend_execute.h:103
#15 zend_assign_to_object (cache_slot=<optimized out>, execute_data=<optimized out>, value_op=..., value_type=1, property_op_type=1, property_name=<optimized out>, object_op_type=8, object=<optimized out>, retval=<optimized out>)
    at /root/tmp/php-7.0.12/Zend/zend_execute.c:1141
#16 ZEND_ASSIGN_OBJ_SPEC_UNUSED_CONST_HANDLER () at /root/tmp/php-7.0.12/Zend/zend_vm_execute.h:23802
#17 0x00000000007421bb in execute_ex (ex=<optimized out>) at /root/tmp/php-7.0.12/Zend/zend_vm_execute.h:414
#18 0x00000000006f7ecb in zend_call_function (fci=fci@entry=0x7ffe7f4da280, fci_cache=0x7fdb548df000, fci_cache@entry=0x7ffe7f4da250) at /root/tmp/php-7.0.12/Zend/zend_execute_API.c:856
#19 0x00000000006442ea in zif_call_user_func (execute_data=<optimized out>, return_value=0x7fdb54814c00) at /root/tmp/php-7.0.12/ext/standard/basic_functions.c:4780
#20 0x000000000077f43c in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER () at /root/tmp/php-7.0.12/Zend/zend_vm_execute.h:714
#21 0x00000000007421bb in execute_ex (ex=<optimized out>) at /root/tmp/php-7.0.12/Zend/zend_vm_execute.h:414
#22 0x00000000006f7ecb in zend_call_function (fci=fci@entry=0x7ffe7f4da4e0, fci_cache=0x7fdb548a18e0, fci_cache@entry=0x7ffe7f4da4b0) at /root/tmp/php-7.0.12/Zend/zend_execute_API.c:856
#23 0x00000000006442ea in zif_call_user_func (execute_data=<optimized out>, return_value=0x7fdb54814a80) at /root/tmp/php-7.0.12/ext/standard/basic_functions.c:4780
#24 0x000000000077f43c in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER () at /root/tmp/php-7.0.12/Zend/zend_vm_execute.h:714
#25 0x00000000007421bb in execute_ex (ex=<optimized out>) at /root/tmp/php-7.0.12/Zend/zend_vm_execute.h:414
#26 0x00000000006f7ecb in zend_call_function (fci=fci@entry=0x7ffe7f4da750, fci_cache=0x7fdb548af580, fci_cache@entry=0x7fdb5489aee0) at /root/tmp/php-7.0.12/Zend/zend_execute_API.c:856
#27 0x00007fdb4e0c5b25 in bevent_event_cb (bevent=<optimized out>, events=<optimized out>, ptr=0x7fdb5489ae00) at /tmp/pear/temp/event/php7/classes/buffer_event.c:197
#28 0x00007fdb4dead0af in do_read () from /lib64/libevent_openssl-2.0.so.5
#29 0x00007fdb4dead37a in consider_reading () from /lib64/libevent_openssl-2.0.so.5
#30 0x00007fdb4dead451 in be_openssl_readeventcb () from /lib64/libevent_openssl-2.0.so.5
#31 0x00007fdb4da6b3a4 in event_base_loop () from /lib64/libevent_core-2.0.so.5
#32 0x00007fdb4e0c4e95 in zim_EventBase_loop (execute_data=0x7fdb54814430, return_value=0x7fdb54814420) at /tmp/pear/temp/event/php7/classes/base.c:140
#33 0x000000000077fdbb in ZEND_DO_FCALL_SPEC_HANDLER () at /root/tmp/php-7.0.12/Zend/zend_vm_execute.h:842
#34 0x00000000007421bb in execute_ex (ex=<optimized out>) at /root/tmp/php-7.0.12/Zend/zend_vm_execute.h:414
#35 0x000000000078b677 in zend_execute (op_array=0x7fdb5487f000, op_array@entry=0x7fdb54872c60, return_value=return_value@entry=0x7fdb548143a0) at /root/tmp/php-7.0.12/Zend/zend_vm_execute.h:458
#36 0x0000000000705ac4 in zend_execute_scripts (type=type@entry=8, retval=0x7fdb548143a0, retval@entry=0x0, file_count=file_count@entry=3) at /root/tmp/php-7.0.12/Zend/zend.c:1427
#37 0x00000000006a9ef0 in php_execute_script (primary_file=primary_file@entry=0x7ffe7f4dcdf0) at /root/tmp/php-7.0.12/main/main.c:2494
#38 0x000000000078d1ff in do_cli (argc=4, argv=0x282fb70) at /root/tmp/php-7.0.12/sapi/cli/php_cli.c:974
#39 0x00000000004364cf in main (argc=4, argv=0x282fb70) at /root/tmp/php-7.0.12/sapi/cli/php_cli.c:1344

Comments (3)

  1. Ruslan Osmanov repo owner

    Generally you shouldn't free the buffer event objects in the read handlers. I would like to see a preferably minimal, complete and verifiable example in order to reproduce the issue.

  2. Log in to comment