seg fault when i do several calls to zephir functions

[vital121]

Hi

Im getting seg fault core dump when i run several

The issue persists across various PHP versions and the latest Zephir version. Compiling with debug isn't an option because the ionCube loader doesn't support it, and other script functions rely on ionCube. The problem seems to be related to memory overwrites, as indicated by the issue being resolved when using USE_ZEND_ALLOC=0. Interestingly, reducing the code size or commenting out any single functions prevents the segmentation fault from occurring.

zend_mm_alloc_small (bin_num=5, heap=0x7ffff4400040) at /home/xui/bin/php-7.4.10/Zend/zend_alloc.c:1255 1255 heap->free_slot[bin_num] = p->next_free_slot; 1: x/i $pc => 0x555555a74ea8 <_emalloc+104>: mov (%rax),%rcx (gdb) list 1250 } while (0); 1251 #endif 1252 1253 if (EXPECTED(heap->free_slot[bin_num] != NULL)) { 1254 zend_mm_free_slot p = heap->free_slot[bin_num]; 1255 heap->free_slot[bin_num] = p->next_free_slot; 1256 return (void)p; 1257 } else { 1258 return zend_mm_alloc_small_slow(heap, bin_num ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); 1259 } (gdb) bt #0 zend_mm_alloc_small (bin_num=5, heap=0x7ffff4400040) at /home/xui/bin/php-7.4.10/Zend/zend_alloc.c:1255 #1 zend_mm_alloc_heap (size=, heap=0x7ffff4400040) at /home/xui/bin/php-7.4.10/Zend/zend_alloc.c:1326 #2 _emalloc (size=) at /home/xui/bin/php-7.4.10/Zend/zend_alloc.c:2539 #3 0x00007ffff469b4a6 in zephir_concat_vv.constprop () from /home/xui/bin/php/lib/php/extensions/no-debug-non-zts-20190902/xui.so #4 0x00007ffff46af595 in zim_Xui_Functions_loggerrr4 () from /home/xui/bin/php/lib/php/extensions/no-debug-non-zts-20190902/xui.so #5 0x0000555555a8b5c7 in zend_call_function (fci=0x7fffffffa3c0, fci_cache=0x7fffffffa3a0) at /home/xui/bin/php-7.4.10/Zend/zend_execute_API.c:826 #6 0x00007ffff4691993 in zephir_call_user_function.constprop () from /home/xui/bin/php/lib/php/extensions/no-debug-non-zts-20190902/xui.so #7 0x00007ffff46a9cc2 in zephir_call_class_method_aparams () from /home/xui/bin/php/lib/php/extensions/no-debug-non-zts-20190902/xui.so #8 0x00007ffff469f8ba in zim_Xui_Functions_connect () from /home/xui/bin/php/lib/php/extensions/no-debug-non-zts-20190902/xui.so #9 0x0000555555b20c4e in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER () at /home/xui/bin/php-7.4.10/Zend/zend_vm_execute.h:1730 #10 execute_ex (ex=0x7ffff4400040) at /home/xui/bin/php-7.4.10/Zend/zend_vm_execute.h:53772 #11 0x0000555555b220ad in zend_execute (op_array=0x7ffff44722a0, return_value=0x0) at /home/xui/bin/php-7.4.10/Zend/zend_vm_execute.h:57864 #12 0x0000555555a9a05c in zend_execute_scripts (type=type@entry=8, retval=0x7fffd498ffc0, retval@entry=0x0, file_count=-197054432, file_count@entry=3) at /home/xui/bin/php-7.4.10/Zend/zend.c:1677 #13 0x0000555555a3b2b0 in php_execute_script (primary_file=) at /home/xui/bin/php-7.4.10/main/main.c:2621 #14 0x0000555555b241f2 in do_cli (argc=2, argv=0x55555677e910) at /home/xui/bin/php-7.4.10/sapi/cli/php_cli.c:964 #15 0x000055555579f2a8 in main (argc=2, argv=0x55555677e910) at /home/xui/bin/php-7.4.10/sapi/cli/php_cli.c:1359

heres another gdb --args /home/xui/bin/php/bin/php ../../www/getxui.php (gdb) display/i $pc (gdb) run Starting program: /home/xui/bin/php/bin/php ../../www/getxui.php [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7fffd33bb700 (LWP 1633712)] [Thread 0x7fffd33bb700 (LWP 1633712) exited] Thread 1 "php" received signal SIGSEGV, Segmentation fault. zend_mm_alloc_small (bin_num=5, heap=0x7ffff4400040) at /home/xui/bin/php-7.4.10/Zend/zend_alloc.c:1255 1255 heap->free_slot[bin_num] = p->next_free_slot; 1: x/i $pc => 0x555555a636a8 <_emalloc+104>: mov (%rax),%rcx (gdb) bt #0 zend_mm_alloc_small (bin_num=5, heap=0x7ffff4400040) at /home/xui/bin/php-7.4.10/Zend/zend_alloc.c:1255 #1 zend_mm_alloc_heap (size=, heap=0x7ffff4400040) at /home/xui/bin/php-7.4.10/Zend/zend_alloc.c:1326 #2 _emalloc (size=) at /home/xui/bin/php-7.4.10/Zend/zend_alloc.c:2539 #3 0x00007ffff46cd266 in zephir_concat_vv.constprop () from /home/xui/bin/php/lib/php/extensions/no-debug-non-zts-20190902/xui.so #4 0x00007ffff46df4d1 in zim_Xui_Functions_loggerrr4 () from /home/xui/bin/php/lib/php/extensions/no-debug-non-zts-20190902/xui.so #5 0x0000555555a79dc7 in zend_call_function (fci=0x7fffffffa3e0, fci_cache=0x7fffffffa3c0) at /home/xui/bin/php-7.4.10/Zend/zend_execute_API.c:826 #6 0x00007ffff46c3973 in zephir_call_user_function.constprop () from /home/xui/bin/php/lib/php/extensions/no-debug-non-zts-20190902/xui.so #7 0x00007ffff46d7002 in zephir_call_class_method_aparams () from /home/xui/bin/php/lib/php/extensions/no-debug-non-zts-20190902/xui.so #8 0x00007ffff46d00aa in zim_Xui_Functions_connect () from /home/xui/bin/php/lib/php/extensions/no-debug-non-zts-20190902/xui.so #9 0x0000555555b0f44e in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER () at /home/xui/bin/php-7.4.10/Zend/zend_vm_execute.h:1730 #10 execute_ex (ex=0x7ffff4400040) at /home/xui/bin/php-7.4.10/Zend/zend_vm_execute.h:53772 #11 0x0000555555b108ad in zend_execute (op_array=0x7ffff44732a0, return_value=0x0) at /home/xui/bin/php-7.4.10/Zend/zend_vm_execute.h:57864 #12 0x0000555555a8885c in zend_execute_scripts (type=type@entry=8, retval=0x7fffd49bf270, retval@entry=0x0, file_count=-197054432, file_count@entry=3) at /home/xui/bin/php-7.4.10/Zend/zend.c:1677 #13 0x0000555555a27fe0 in php_execute_script (primary_file=) at /home/xui/bin/php-7.4.10/main/main.c:2621 #14 0x0000555555b129f2 in do_cli (argc=2, argv=0x55555677ef30) at /home/xui/bin/php-7.4.10/sapi/cli/php_cli.c:964 #15 0x000055555579ca88 in main (argc=2, argv=0x55555677ef30) at /home/xui/bin/php-7.4.10/sapi/cli/php_cli.c:1359 (gdb) list 1250 } while (0); 1251 #endif 1252 1253 if (EXPECTED(heap->free_slot[bin_num] != NULL)) { 1254 zend_mm_free_slot p = heap->free_slot[bin_num]; 1255 heap->free_slot[bin_num] = p->next_free_slot; 1256 return (void)p; 1257 } else { 1258 return zend_mm_alloc_small_slow(heap, bin_num ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); 1259 } Current Memory Usage: 439296 bytesCurrent Memory Usage (with PHP's overhead): 2097152 bytesPeak Memory Usage: 580224 bytesPeak Memory Usage (with PHP's overhead): 2097152 bytesPHP Memory Limit: 512MAvailable System Memory: 114394400 kB

Segmentation fault (core dumped)