end of script before headers = error 500

Bug #66474 end of script before headers = error 500
Submitted: 2014-01-12 22:42 UTC Modified: 2015-04-07 22:42 UTC
From: phpdev at ehrhardt dot nl Assigned:
Status: Closed Package: opcache
PHP Version: 5.5.8 OS: Any
Private report: No CVE-ID: None

 [2014-01-12 22:42 UTC] phpdev at ehrhardt dot nl

Description:
------------
Enable superfish 7.x-1.9 in any Drupal 7 site and run it with php-cgi.exe from PHP NTS 5.4.24 or PHP 5.5.7+ (x86 or x64) and php_opcache.dll with the recommended settings. You will get an internal server error 500, due to 'End of script output before headers: php-cgi.exe'.

Culprit are the changes in block_pass.c in this patch:
https://github.com/zendtech/ZendOptimizerPlus/commit/b73b6a5559d6ca4925a09ed284a4e93be06726ed

Reverting those changes resolves this issue, but might undo the fix for bug #66176.

Expected result:
----------------
No end of script output before headers

Actual result:
--------------
End of script output before headers

Patches

zo_revert_op1_const_block_pass.patch (last revision 2014-01-12 22:43 UTC by phpdev at ehrhardt dot nl)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

 [2014-01-13 04:42 UTC] phpdev at ehrhardt dot nl

I reproduced the bug on a CentOS 5 server, with PHP 5.4 NTS loaded as mod_fcgid and opcache.so compiled with the currect GIT head sources. So this bug is not Windows specific!

The Superfish 7.x-1.9 can be found here:
https://drupal.org/project/superfish

 [2014-01-13 04:44 UTC] phpdev at ehrhardt dot nl

-Operating System: Windows +Operating System: Any

 [2014-01-13 04:44 UTC] phpdev at ehrhardt dot nl

Changed OS into 'Any'

 [2014-01-13 06:41 UTC] dmitry@php.net

The minimal script that triggers the problem:

<?php
function foo() {
	$speed = 'slow' || 'fast';
}
foo();
?>

It doesn't crash, but valgrind shows the source of the error

==12278== Invalid read of size 1
==12278==    at 0x4C1E335: accel_new_interned_string (zend_hash.h:282)
==12278==    by 0x4C252AD: zend_persist_zval_calc (zend_persist_calc.c:107)
==12278==    by 0x4C258F9: zend_persist_op_array_calc.part.2 (zend_persist_calc.c:148)
==12278==    by 0x4C250D2: zend_hash_persist_calc (zend_persist_calc.c:79)
==12278==    by 0x4C25971: zend_accel_script_persist_calc (zend_persist_calc.c:337)
==12278==    by 0x4C1F78B: compile_and_cache_file.constprop.19 (ZendAccelerator.c:1167)
==12278==    by 0x4C20291: persistent_compile_file (ZendAccelerator.c:1634)
==12278==    by 0x838B57C: zend_execute_scripts (zend.c:1308)
==12278==    by 0x832CAAA: php_execute_script (main.c:2506)
==12278==    by 0x8434E46: do_cli (php_cli.c:994)
==12278==    by 0x806F91C: main (php_cli.c:1378)
==12278==  Address 0x4d04c30 is 0 bytes inside a block of size 5 free'd
==12278==    at 0x4007B21: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==12278==    by 0x8381407: convert_to_boolean (zend_operators.c:543)
==12278==    by 0x4C2B252: zend_optimize_block (block_pass.c:1059)
==12278==    by 0x4C2F5EC: zend_optimizer (block_pass.c:2060)
==12278==    by 0x837F033: zend_llist_apply_with_argument (zend_llist.c:234)
==12278==    by 0x8380307: pass_two (zend_opcode.c:670)
==12278==    by 0x8373FEA: zend_do_end_function_declaration (zend_compile.c:1811)
==12278==    by 0x83550C5: zendparse (zend_language_parser.y:382)
==12278==    by 0x8356149: compile_file (zend_language_scanner.l:588)
==12278==    by 0x82347BC: phar_compile_file (phar.c:3383)
==12278==    by 0x4C1F5A4: compile_and_cache_file.constprop.19 (ZendAccelerator.c:1388)
==12278==    by 0x4C20291: persistent_compile_file (ZendAccelerator.c:1634)

 [2014-01-13 07:22 UTC] phpdev at ehrhardt dot nl

It is quite incomprehensible for me, but I see some code like that in superfish.module and apparently you found out that that code triggers this issue.

Let me know when you have a patch and I will test it.

 [2014-01-15 22:01 UTC] spam2 at rhsoft dot net

https://github.com/zendtech/ZendOptimizerPlus/archive/master.zip solves *nothing*
the same segfaults as https://bugs.php.net/bug.php?id=66460

the only solution currently is take the "opcache" folder from 5.5.6
and replace the one from 5.5.7/5.5.8, i tried the master above
a few minutes ago

[Wed Jan 15 22:57:48.019059 2014] [core:notice] [pid 28817] AH00052: child pid 28820 exit signal Segmentation fault (11)
[Wed Jan 15 22:57:49.020977 2014] [core:notice] [pid 28817] AH00052: child pid 28841 exit signal Segmentation fault (11)

 [2014-01-15 22:13 UTC] phpdev at ehrhardt dot nl

@rhsoft: did you try the block_pass.c from the 5.5.6 tarball and the other files from the 5.5.8 tarball?

 [2015-04-07 22:07 UTC] accounts at 75thtrombone dot com

As the first comment says, this bug applies to PHP 5.4 as well as 5.5+. I just had to upgrade a site to 5.5 to fix it. I know 5.4 is in security-fix-only mode now, so I doubt this will ever get backported, but given that it was brought up during the Active Support period, I thought I'd mention it just in case.