-
-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
3.4.3 segfaults with PHP 7.3.6 (but not 7.3.5) and OPcache #14160
Comments
@dreamsxin could you check it? Im guessing that any extension on zephir can cause this since Also adding a core dump would help @dzuelke |
Alright, core dump:
|
Also submitted to bugs.php.net for good measure: https://bugs.php.net/bug.php?id=78121, but no idea if the cause is on the phalcon or the PHP side... |
|
@sergeyklay or @Jurigag, is there any chance you could roll a 3.4.4 bugfix release with those Zephir updates soon? We've got Phalcon customers getting segfaults with the latest PHP 7.3.6 release on Heroku, and 7.3.5 has open CVEs. |
This will require to backport this fix to zephir 0.10.x as well because phalcon 3.4 is not compatible with zephir 0.11.x. What i could suggest is that you could maybe cherry pick this fix to 0.10.x zephir branch compile extension yourself and provide them to customers, though not sure if it's possible for you. |
Of course that's possible, but the issue isn't specific to Heroku. Any user of Phalcon will run into this once they upgrade to PHP 7.3.6 or 7.2.19, which both contain security fixes. And given how a stable release of Phalcon 4 is probably still quite some time away, a 3.4 bugfix release makes sense, no? |
May I suggest re-opening this issue until a release is cut, so that other people find it more easily? Right now it's fixed, but not really - the fix has been merged into Zephir, but no release has been cut for that or for Phalcon... |
Thanks for the reopen @Jurigag. What are the steps for updating Zephir by hand, regenerating the extension, and regenerating the build? There are a few instructions somewhere for how to regenerate the build when working on Is all the code just copied over into this repo? Or is there a process? I couldn't find anything about that. |
Got it; for those interested:
Then install as usual, from |
It crashes with PHP 7.3.6: phalcon/cphalcon#14160 No ETA on a new release from upstream, so we rebuild by hand with the Zephir fixes before compiling.
+1 for 3.4.4 with this fix |
I'll regenerate the build for 3.4.x in next days. Could someone ping me if I forget to do this |
Will follow up as needed ... thanks @sergeyklay |
Ping @sergeyklay -- Just ran into this myself not connecting the dots (See above issue reference) (Thought the issue was on Fedora side). When you get chance to make 3.4.4 would be awesome to confirm this is resolved. |
I apologize @dzuelke for completely overlooking this. Just regenerated C-code for Phalcon's 3.4.x branch:
You can try new Phalcon using command as follows: $ git clone --depth=1 --branch=3.4.x https://github.com/phalcon/cphalcon.git
$ cd cphalcon/build
$ sudo ./install
# If you have specific php versions running
$ sudo ./install --phpize /usr/bin/phpize5.6 --php-config /usr/bin/php-config5.6 Thanks for catching this bug, and I am sorry about the delay. I hope it fixed now. I'm closing this issue but if I have made an oversight, please do get back in touch. |
I would appreciate if somebody could please provide a windows recompiled x64 dll, if I missed an official dl link. |
@sergeyklay Can we create 3.4.4 release + builds? |
The |
That doesn't make any sense. If it's supported long term .. we need this fix. Currently 3.4.3 is broken with latest PHP .. LTS can make point builds all the time ... just cut a new release. and rebuild so packagecloud is updated and then ondrej's PPAs will update and same with Remi's. |
Don't forget the windows builds, please. I personally cannot compile in windows myself, because I cannot install visual studio (restricted corporate firewall policy, as well as the decision to use windows at all) .. I just can't do anything about it) and I just need to use phalcon without the build process. That would mean we are stuck on 7.3.5. Try to explain this to our customers security officer... |
How is it possible ? |
And until 4.0 is any kind of proven stable final (no alpha, no beta) there is no other official running and supported version than 3.4.3 at the moment which people (at least serious managers) will approve for usage in a production environment. |
We will sort this out this weekend - try to build DLLs also. It was our mistake that we did not add the LTS note and duration in the documentation in its own page so that all can refer to that. Our announcement was 3 years LTS for the v3 which is en par or more than the average LTS of packages. Having written that, 3 years have passed, Just because something is LTS does not mean that it is maintained forever. For the argument well there is no v4 to upgrade, that is evident. My point is just because a new version has not been released yet, does not necessarily mean that the LTS time defined will be extended indefinitely or otherwise. Just a few thoughts. |
Thanks Niden ... all we need is just a 3.4.4 release - it's super easy and just allows for downstream maintainers to properly build packages. Code, I believe, is already merged. So just tag/release and run appropriate release stuff. |
Agreed. Just a heads up team - Based on the complete lack of features and the massive amount of code churn in 4.x, we have absolutely no intentions on upgrading. |
Same @david-duncan |
If the timeline for 4.x has shifted since the LTS announcement was made, then maybe the LTS timeline should also be adjusted accordingly. I understand the desire to not have too much code to maintain in parallel, but the fact is that right now, the latest stable release does not work on the latest stable PHP version, which contains security fixes. And IMHO, even if 4.x had been released recently, a 3.4.4 would still be necessary. Users can't simply upgrade to a major new framework version overnight. This sort of predictability and reliability is important for a framework; otherwise, people can't rely on it, if they have to risk the foundation of their projects to become abandonware without a suitable replacement. For 4.x, I propose the LTS strategy to be something like "bug fixes for six months after 5.0.0 is released, security fixes for another six months after that", or similar. And of course, I can simply rebuild Phalcon/Zephir from source (already did that two weeks ago and rolled it out on Heroku; https://devcenter.heroku.com/changelog-items/1651), but as a downstream maintainer, I want to provide standard package releases to users, not custom builds with a bunch of patches on top. |
Phalcon v3.4.4 was released. |
Having cphalcon 3.4.3 enabled in PHP 7.3.6 together with OPcache leads to a segmentation fault somewhere during engine or request shutdown - scripts etc run fine, but PHP segfaults before exiting:
Disabling phalcon, or disabling opache, fixes the issue.
The crash does not occur on 7.3.5, which makes me think it's related to OPcache changes in 7.3.6 the changelog describes as "fixed possible crashes, because of inconsistent PCRE cache and opcache SHM reset."
I can't rebuild everything as debug builds at the moment and provide core dumps etc, so I'm hoping y'all can reproduce and diagnose this more easily than me.
Details
The text was updated successfully, but these errors were encountered: