Uploaded image for project: 'Thrift'
  1. Thrift
  2. THRIFT-3984

PHP7 extension causes segfault

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 0.10.0
    • Fix Version/s: 0.11.0
    • Component/s: PHP - Library
    • Labels:
      None

      Description

      I cant offer a script to reproduce segfault because it not happens everytime.

      PHP7 extension use ZVAL_STR to wrap zend_string to zval struct,and later use zval_dtor try to free it.

      https://github.com/apache/thrift/blob/master/lib/php/src/ext/thrift_protocol/php_thrift_protocol7.cpp#L825

      The method_name parameter is pass from PHP script, and zval_dtor decrement the gc reference count, thus would free the zend_string object but it is still referenced in the script.

      I changed ZVAL_STR to ZVAL_STR_COPY, which will add reference count by 1 to the zend_string object , apply this patch in our production environment and segfault never happen again

      Another place use ZVAL_STR is here. Both this two place need to be fixed

        Attachments

          Issue Links

          links to

          Web Link GitHub Pull Request #1152

            Activity

              People

              • Assignee:
                jking3 James E. King III
                Reporter:
                kdlan Fei Dong
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: