0001471: Tracing crashes with return_assignments and ternairy operator - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0001471	Xdebug	Uncategorized	public	2017-09-16 04:08	2017-12-02 18:36

Reporter	yangrokety	Assigned To	derick
Priority	high	Severity	crash	Reproducibility	always
Status	closed	Resolution	fixed
Platform	linux	OS	ubuntu 17.04
Product Version	2.5.5
Target Version	2.6.0	Fixed in Version	2.6.0alpha1

Summary	0001471: Tracing crashes with return_assignments and ternairy operator
Description	If I use function trace to trace this code : $ff = "bb"; $c= "aa" == $ff ? 1 : 0; I will always encounter core dump. My ini config: zend_extension=xdebug.so xdebug.auto_trace=1 xdebug.trace_format=0 xdebug.collect_params=4 xdebug.collect_return=1 xdebug.collect_assignments=1 xdebug.trace_output_name= %t.trace xdebug.trace_output_dir=/tmp/xdebug
Additional Information	In xdebug_find_var_name: if (cur_opcode->opcode == ZEND_QM_ASSIGN) { #if PHP_VERSION_ID >= 70000 xdebug_str_add(&name, xdebug_sprintf("$%s", zend_get_compiled_variable_name(op_array, cur_opcode->result.var)->val), 1); #else xdebug_str_add(&name, xdebug_sprintf("$%s", zend_get_compiled_variable_name(op_array, cur_opcode->result.var, &cv_len)), 1); #endif } When opcode is ZEND_QM_ASSIGN('?:'handler), there doesn't has variable name. The core dump: Program terminated with signal SIGSEGV, Segmentation fault. #0 0x0000561196440ac2 in zend_get_compiled_variable_name (op_array=0x7fca708ef0c8, var=4294967200, name_len=0x7ffc2a600c1c) at /home/rokety/Downloads/php-5.6.31/Zend/zend_compile.c:7040 7040 *name_len = op_array->vars[var].name_len;
Tags	No tags attached.

Operating System
PHP Version	5.6.30-5.6.35

derick 2017-09-21 10:16 administrator ~0004417	This also crashes for PHP 7.0 and 7.1.

yangrokety 2017-09-27 09:39 reporter ~0004430	Hi, derick I try to fix this bug. First I found you add ZEND_QM_ASSIGN overloaded by this issue fix: https://bugs.xdebug.org/view.php?id=1414. I try to reproduce 0001414, but I found normal variable assignment always use ZEND_ASSIGN(both php7.0.22 and php7.1.9 with opcache enable). In php7.1.9 with opcache, there are not ZEND_QM_ASSIGN: /home/rokety/Github/xdebug/test.php:2 ZEND_EXT_STMT /home/rokety/Github/xdebug/test.php:2 ZEND_EXT_FCALL_BEGIN /home/rokety/t.php:2 ZEND_EXT_STMT /home/rokety/t.php:2 ZEND_ASSIGN /home/rokety/t.php:3 ZEND_EXT_STMT /home/rokety/t.php:3 ZEND_PRE_INC /home/rokety/t.php:4 ZEND_EXT_STMT /home/rokety/t.php:4 ZEND_ASSIGN /home/rokety/t.php:5 ZEND_RETURN /home/rokety/Github/xdebug/test.php:2 ZEND_EXT_FCALL_END /home/rokety/Github/xdebug/test.php:3 ZEND_EXT_STMT /home/rokety/Github/xdebug/test.php:3 ZEND_ASSIGN /home/rokety/Github/xdebug/test.php:4 ZEND_EXT_STMT /home/rokety/Github/xdebug/test.php:4 ZEND_EXT_FCALL_BEGIN /home/rokety/t.php:2 ZEND_EXT_STMT /home/rokety/t.php:2 ZEND_ASSIGN /home/rokety/t.php:3 ZEND_EXT_STMT /home/rokety/t.php:3 ZEND_PRE_INC /home/rokety/t.php:4 ZEND_EXT_STMT /home/rokety/t.php:4 ZEND_ASSIGN /home/rokety/t.php:5 ZEND_RETURN /home/rokety/Github/xdebug/test.php:4 ZEND_EXT_FCALL_END /home/rokety/Github/xdebug/test.php:5 ZEND_EXT_STMT /home/rokety/Github/xdebug/test.php:5 ZEND_ASSIGN /home/rokety/Github/xdebug/test.php:6 ZEND_EXT_STMT /home/rokety/Github/xdebug/test.php:6 ZEND_EXT_FCALL_BEGIN /home/rokety/t.php:2 ZEND_EXT_STMT /home/rokety/t.php:2 ZEND_ASSIGN /home/rokety/t.php:3 ZEND_EXT_STMT /home/rokety/t.php:3 ZEND_PRE_INC /home/rokety/t.php:4 ZEND_EXT_STMT /home/rokety/t.php:4 ZEND_ASSIGN /home/rokety/t.php:5 ZEND_RETURN /home/rokety/Github/xdebug/test.php:6 ZEND_EXT_FCALL_END /home/rokety/Github/xdebug/test.php:7 ZEND_RETURN and the opcache log: Wed Sep 27 17:32:35 2017 (24236): Message Cached script '/home/rokety/Github/xdebug/test.php' Wed Sep 27 17:32:35 2017 (24236): Message Cached script '/home/rokety/t.php' In php7.0.22 with opcache: /home/rokety/Github/xdebug/test.php:2 ZEND_EXT_STMT /home/rokety/Github/xdebug/test.php:2 ZEND_EXT_FCALL_BEGIN /home/rokety/t.php:2 ZEND_EXT_STMT /home/rokety/t.php:2 ZEND_ASSIGN /home/rokety/t.php:3 ZEND_EXT_STMT /home/rokety/t.php:3 ZEND_PRE_INC /home/rokety/t.php:4 ZEND_EXT_STMT /home/rokety/t.php:4 ZEND_QM_ASSIGN /home/rokety/t.php:4 ZEND_ASSIGN /home/rokety/t.php:5 ZEND_RETURN /home/rokety/Github/xdebug/test.php:2 ZEND_EXT_FCALL_END /home/rokety/Github/xdebug/test.php:3 ZEND_EXT_STMT /home/rokety/Github/xdebug/test.php:3 ZEND_ASSIGN /home/rokety/Github/xdebug/test.php:4 ZEND_EXT_STMT /home/rokety/Github/xdebug/test.php:4 ZEND_EXT_FCALL_BEGIN /home/rokety/t.php:2 ZEND_EXT_STMT /home/rokety/t.php:2 ZEND_ASSIGN /home/rokety/t.php:3 ZEND_EXT_STMT /home/rokety/t.php:3 ZEND_PRE_INC /home/rokety/t.php:4 ZEND_EXT_STMT /home/rokety/t.php:4 ZEND_QM_ASSIGN /home/rokety/t.php:4 ZEND_ASSIGN /home/rokety/t.php:5 ZEND_RETURN /home/rokety/Github/xdebug/test.php:4 ZEND_EXT_FCALL_END /home/rokety/Github/xdebug/test.php:5 ZEND_EXT_STMT /home/rokety/Github/xdebug/test.php:5 ZEND_ASSIGN /home/rokety/Github/xdebug/test.php:6 ZEND_EXT_STMT /home/rokety/Github/xdebug/test.php:6 ZEND_EXT_FCALL_BEGIN /home/rokety/t.php:2 ZEND_EXT_STMT /home/rokety/t.php:2 ZEND_ASSIGN /home/rokety/t.php:3 ZEND_EXT_STMT /home/rokety/t.php:3 ZEND_PRE_INC /home/rokety/t.php:4 ZEND_EXT_STMT /home/rokety/t.php:4 ZEND_QM_ASSIGN /home/rokety/t.php:4 ZEND_ASSIGN /home/rokety/t.php:5 ZEND_RETURN /home/rokety/Github/xdebug/test.php:6 ZEND_EXT_FCALL_END /home/rokety/Github/xdebug/test.php:7 ZEND_RETURN and the opcache log: Wed Sep 27 17:38:30 2017 (27745): Message Cached script '/home/rokety/Github/xdebug/test.php' Wed Sep 27 17:38:30 2017 (27745): Message Added key 'test.php:170192:170248' Wed Sep 27 17:38:30 2017 (27745): Message Cached script '/home/rokety/t.php'

yangrokety 2017-09-27 09:40 reporter ~0004431	test.php <?php include '/home/rokety/t.php'; $a = 1; include '/home/rokety/t.php'; $a = 2; include '/home/rokety/t.php'; t.php <?php $i = 0; $i++; $i = 1==2?1:2;

derick 2017-10-07 09:57 administrator ~0004437	Fixed for 2.5.6, and 2.6.0dev.

Date Modified	Username	Field	Change
2017-09-16 04:08	yangrokety	New Issue
2017-09-21 10:16	derick	Note Added: 0004417
2017-09-21 10:16	derick	Assigned To	=> derick
2017-09-21 10:16	derick	Status	new => confirmed
2017-09-21 10:17	derick	Target Version	=> 2.5.6
2017-09-27 09:39	yangrokety	Note Added: 0004430
2017-09-27 09:40	yangrokety	Note Added: 0004431
2017-10-07 09:44	derick	Summary	core dump when use function trace => Tracing crashes with return_assignments and ternairy operator
2017-10-07 09:57	derick	Note Added: 0004437
2017-10-07 09:57	derick	Status	confirmed => closed
2017-10-07 09:57	derick	Resolution	open => fixed
2017-10-07 09:57	derick	Fixed in Version	=> 2.5.6
2017-11-05 14:11	derick	Fixed in Version	2.5.6 => 2.6.0dev
2017-11-05 14:12	derick	Target Version	2.5.6 => 2.6.0dev
2017-12-02 15:57	derick	Fixed in Version	2.6.0dev => 2.6.0alpha1
2017-12-02 18:34	derick	Target Version	2.6.0dev => 2.6.0alpha1
2017-12-02 18:36	derick	Target Version	2.6.0alpha1 => 2.6.0
2020-03-12 16:35	derick	Category	Usage problems (Wrong Results) => Variable Display
2020-03-12 16:38	derick	Category	Variable Display => Uncategorized