View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0000415Xdebugpublic2008-10-14 17:462009-11-27 17:01
Reporterglen Assigned Toderick  
PrioritynormalSeveritycrashReproducibilityalways
Status resolvedResolutionwon't fix 
Summary0000415: xdebug crashes with runkit loaded
Description

running runkit_lint_file() several times in script causes crash. there doesn't seem to be relevant what the linted script contents is

Additional Information

i use this script to run lint:

<?
$errors = 0;
$argv = glob("*.php");
foreach ($argv as $file) {
echo "PHP Lint: $file\n";
if (!runkit_lint_file($file)) {
$errors++;
}
}
exit($errors ? 1 : 0);
?>

to reproduce a crash, i just put 10 copies of the same script to current dir

TagsNo tags attached.
Operating SystemPLD Linux
PHP Version5.2.6

Activities

glen

2008-10-14 17:48

reporter   ~0000887

i have installed runkit 0.9 (http://pecl.php.net/package/runkit) with this patch:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/php-pecl-runkit-php52.patch

my php is compiled with ZTS if that's relevant

glen

2008-10-14 17:56

reporter   ~0000888

glen@wintersunset ~/tmp/xdebug $ gdb --args php p.php
GNU gdb 6.5
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "amd64-pld-linux"...(no debugging symbols found)
Using host libthread_db library "/lib64/tls/libthread_db.so.1".

(gdb) run
Starting program: /usr/bin/php p.php
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread 47130666539776 (LWP 26518)]
[New Thread 1090767200 (LWP 26521)]
[Thread 1090767200 (zombie) exited]
PHP Lint: p.php
PHP Lint: t-1.php
PHP Lint: t-2.php
PHP Lint: t-3.php

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 47130666539776 (LWP 26518)]
0x00002add76dc1cd7 in xdebug_init_oparray (op_array=0xca5b48) at /home/glen/rpm/pld/BUILD/php-pecl-xdebug-2.0.3/xdebug.c:3134
3134 op_array->reserved[XG(reserved_offset)] = 0;
(gdb) bt
#0 0x00002add76dc1cd7 in xdebug_init_oparray (op_array=0xca5b48) at /home/glen/rpm/pld/BUILD/php-pecl-xdebug-2.0.3/xdebug.c:3134
#1 0x00002add7569ac17 in zend_llist_get_prev_ex () from /usr/lib64/libphp_common-5.2.6.so
0000002 0x00002add7569aa7d in zend_llist_apply_with_argument () from /usr/lib64/libphp_common-5.2.6.so
0000003 0x00002add7569adec in init_op_array () from /usr/lib64/libphp_common-5.2.6.so
0000004 0x00002add75682041 in compile_file () from /usr/lib64/libphp_common-5.2.6.so
0000005 0x00002add76dbf47a in xdebug_compile_file (file_handle=0x7fff356a8690, type=2, tsrm_ls=0xc14110)
at /home/glen/rpm/pld/BUILD/php-pecl-xdebug-2.0.3/xdebug.c:2379
0000006 0x00002add75682217 in compile_filename () from /usr/lib64/libphp_common-5.2.6.so
0000007 0x00002add7c26edff in php_runkit_shutdown_sandbox () from /usr/lib64/php/runkit.so
0000008 0x00002add7c26ef50 in zif_runkit_lint_file () from /usr/lib64/php/runkit.so
0000009 0x00002add756c1d3b in execute_internal () from /usr/lib64/libphp_common-5.2.6.so
0000010 0x00002add76dbc9b2 in xdebug_execute_internal (current_execute_data=0x7fff356a8b50, return_value_used=1, tsrm_ls=0x508090)
at /home/glen/rpm/pld/BUILD/php-pecl-xdebug-2.0.3/xdebug.c:1605
0000011 0x00002add756c27e6 in execute () from /usr/lib64/libphp_common-5.2.6.so
0000012 0x00002add756c1e9f in execute () from /usr/lib64/libphp_common-5.2.6.so
0000013 0x00002add76dbc3d9 in xdebug_execute (op_array=0x2aaaaacf73f0, tsrm_ls=0x508090) at /home/glen/rpm/pld/BUILD/php-pecl-xdebug-2.0.3/xdebug.c:1541
0000014 0x00002add756a45b9 in zend_execute_scripts () from /usr/lib64/libphp_common-5.2.6.so
0000015 0x00002add75660ee3 in php_execute_script () from /usr/lib64/libphp_common-5.2.6.so
0000016 0x0000000000404432 in main ()
(gdb) p op_array
$1 = (zend_op_array ) 0xca5b48
(gdb) p op_array
$2 = {type = 2 '\002', function_name = 0x0, scope = 0x0, fn_flags = 0, prototype = 0x0, num_args = 0, required_num_args = 0, arg_info = 0x0,
pass_rest_by_reference = 128 '\200', return_reference = 0 '\0', refcount = 0xca6000, opcodes = 0xca6020, last = 0, size = 64, vars = 0x0, last_var = 0,
size_var = 0, T = 0, brk_cont_array = 0x0, last_brk_cont = 0, current_brk_cont = 4294967295, try_catch_array = 0x0, last_try_catch = 0,
static_variables = 0x0, start_op = 0x0, backpatch_count = 0, done_pass_two = 0 '\0', uses_this = 0 '\0',
filename = 0xca5f58 "/home/glen/tmp/xdebug/t-3.php", line_start = 13264016, line_end = 0, doc_comment = 0x0, doc_comment_len = 0, reserved = {0x0, 0x0,
0x0, 0x0}}

here's my attempt to unexpand XG(reserved_offset) :

(gdb) p (((zend_xdebug_globals ) (((void ***) tsrm_ls))[(xdebug_globals_id)-1])->reserved_offset)
$6 = -317778743

as :
#define XG(v) TSRMG(xdebug_globals_id, zend_xdebug_globals , v)
#define TSRMG(id, type, element) (((type) (((void ***) tsrm_ls))[TSRM_UNSHUFFLE_RSRC_ID(id)])->element)
#define TSRM_UNSHUFFLE_RSRC_ID(rsrc_id) ((rsrc_id)-1)

derick

2009-11-27 17:01

administrator   ~0001181

runkit does very many evil things to PHP, and it's doubtful I can make it work 100% so I will just not support running both runkit and xdebug at the same time.

Issue History

Date Modified Username Field Change
2008-10-14 17:46 glen New Issue
2008-10-14 17:48 glen Note Added: 0000887
2008-10-14 17:56 glen Note Added: 0000888
2009-11-27 17:01 derick Note Added: 0001181
2009-11-27 17:01 derick Status new => resolved
2009-11-27 17:01 derick Resolution open => won't fix
2009-11-27 17:01 derick Assigned To => derick
2016-07-31 12:35 derick Category Debug client (console) => debugclient (debugging tool)
2016-07-31 12:35 derick Category debugclient (debugging tool) => (No Category)