Uploaded image for project: 'Thrift'
  1. Thrift
  2. THRIFT-3984

PHP7 extension causes segfault

VotersStop watchingWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • 0.10.0
    • 0.11.0
    • PHP - Library
    • None

    Description

      I cant offer a script to reproduce segfault because it not happens everytime.

      PHP7 extension use ZVAL_STR to wrap zend_string to zval struct,and later use zval_dtor try to free it.

      https://github.com/apache/thrift/blob/master/lib/php/src/ext/thrift_protocol/php_thrift_protocol7.cpp#L825

      The method_name parameter is pass from PHP script, and zval_dtor decrement the gc reference count, thus would free the zend_string object but it is still referenced in the script.

      I changed ZVAL_STR to ZVAL_STR_COPY, which will add reference count by 1 to the zend_string object , apply this patch in our production environment and segfault never happen again

      Another place use ZVAL_STR is here. Both this two place need to be fixed

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            jking3 James E. King III
            kdlan Fei Dong
            Votes:
            0 Vote for this issue
            Watchers:
            2 Stop watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment