fpm_get_status segfault

[aurimasniekis]

Description

The following code:

<?php
fpm_get_status();

Causes SegFault:

#0  0x00007f71b592ad04 in strlen (s=<optimized out>) at src/string/strlen.c:17
#1  0x000055c42448af96 in add_assoc_string_ex (arg=0x7fff1522fd90, key=0x55c4254b1a50 "state", key_len=5, str=0x0) at /usr/src/php/Zend/zend_API.c:1986
#2  0x000055c42464efc3 in add_assoc_string (arg=0x7fff1522fd90, key=0x55c4254b1a50 "state", str=0x0) at /usr/src/php/Zend/zend_API.h:581
#3  0x000055c42464f9d1 in fpm_status_export_to_zval (status=0x7f71b4817c70) at /usr/src/php/sapi/fpm/fpm/fpm_status.c:115
#4  0x000055c424647108 in zif_fpm_get_status (execute_data=0x7f71b4817cd0, return_value=0x7f71b4817c70) at /usr/src/php/sapi/fpm/fpm/fpm_main.c:1531
#5  0x000055c41eec8799 in ?? ()
#6  0x00007f71b49140f0 in ?? ()
#7  0x00007f7100000007 in ?? ()
#8  0x000000100000017a in ?? ()
#9  0x0000000000000308 in ?? ()
#10 0x00007f71b486b000 in ?? ()
#11 0x0000000000000080 in ?? ()
#12 0x0000000100000007 in ?? ()
#13 0x0000000100000308 in ?? ()
#14 0x0000000000000001 in ?? ()
#15 0x00007f71b4817f40 in ?? ()
#16 0x00007f71b4817e90 in ?? ()
#17 0x00007f71b4800040 in ?? ()
#18 0x00007f71b4817760 in ?? ()
#19 0x000055c42447d64e in zend_mm_set_next_free_slot (heap=0x1, bin_num=32767, slot=0x5302ffbcd5d100a9, next=0x7fff152300f0) at /usr/src/php/Zend/zend_alloc.c:1317
#20 0x000055c42458ab47 in zend_execute (op_array=0x7f71b486b000, return_value=0x0) at /usr/src/php/Zend/zend_vm_execute.h:64245
#21 0x000055c424633af8 in zend_execute_script (type=8, retval=0x0, file_handle=0x7fff15231560) at /usr/src/php/Zend/zend.c:1934
#22 0x000055c4243d32a5 in php_execute_script_ex (primary_file=0x7fff15231560, retval=0x0) at /usr/src/php/main/main.c:2575
#23 0x000055c4243d3454 in php_execute_script (primary_file=0x7fff15231560) at /usr/src/php/main/main.c:2615
#24 0x000055c424647eb6 in main (argc=1, argv=0x7fff15231938) at /usr/src/php/sapi/fpm/fpm/fpm_main.c:1932

From the source it looks like this method wasn't updated for long time and I don't really have a clue why it fails.

https://github.com/php/php-src/blame/PHP-8.4.7/sapi/fpm/fpm/fpm_status.c#L115

PHP Version

PHP 8.4.7 (cli) (built: May 19 2025 07:06:15) (NTS DEBUG)
Copyright (c) The PHP Group
Built by https://github.com/docker-library/php
Zend Engine v4.4.7, Copyright (c) Zend Technologies
    with Zend OPcache v8.4.7, Copyright (c), by Zend Technologies

---

PHP 8.4.7 (fpm-fcgi) (built: May 19 2025 07:06:15) (NTS DEBUG)
Copyright (c) The PHP Group
Built by https://github.com/docker-library/php
Zend Engine v4.4.7, Copyright (c) Zend Technologies
    with Zend OPcache v8.4.7, Copyright (c), by Zend Technologies

Operating System

Alpine 3.21

[iluuu1994]

Seems this happens on line:

php-src/sapi/fpm/fpm/fpm_status.c

Line 115 in ecdb771

add_assoc_string(&fpm_proc_stat, "state", fpm_request_get_stage_name(procs[i].request_stage));

Potentially, procs[i].request_stage may not be valid? /cc @bukka