View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0002020||Xdebug||Uncategorized||public||2021-09-21 16:15||2021-10-04 09:29|
|Fixed in Version||3.1.0|
|Summary||0002020: segfault if xdebug.dump.GET=* and integer key without value in URL|
|Description||xdebug / the php process will segfault if all of the following conditions are met:|
* The request is a web-request with a GET parameter comprised of an integer key (e.g. `index.php?1`)
* xdebug.dump.GET=* is set
* An exception is thrown (It doesn't matter if the exception is caught, throwing the exception triggers the segfault)
|Steps To Reproduce||I attached a minimal httpd + php-fpm docker-compose setup to this issue.|
You will have to run `docker-compose build` before `docker-compose up` in order to start it.
The apache config is the default apache config from the httpd container with an additional proxy-pass
statement to pass files to php-fpm.
After starting the reproduction containers, you can call the example script at `localhost:8800/index.php`.
It first throws & catches an exception, then calls `xdebug_info()`. If everything works well, you should see
a `var_dump` saying `caught` followed by the xdebug-info output. At this point you can start changing the
query parameters in the request (such as calling it as `localhost:8800/index.php?1`) which may cause it to segfault.
The reproduction setup uses PHP7.4, I will however try other PHP versions and report back with my findings.
|Additional Information||* I couldn't find 7.4.23 in the PHP version list, so I selected the range closest to it|
* I set the severity to major since segfaults shouldn't happen IMO. Feel free to change though
* I left the priority as normal since time management / scheduling is not for me to decide.
|Tags||crash, exception, SIGSEGV|
xdebug-3-segfault-repro.tar.gz (9,998 bytes)
I tested some more versions. Interestingly, this does not seem to be exclusive to xdebug 3.x (which I initially thought). This means that this could potentially be the same issue as the following: https://bugs.xdebug.org/view.php?id=1770.
The following versions also show this behaviour: (can be tested quite easily, by adjusting `php.Dockerfile` and running `docker-compose build` + `docker-compose up` again)
* php 8.0.10 + xdebug 3.0.4, 3.0.3, 3.0.2, 3.0.1, 3.0.0
* php 7.4.23 + xdebug 3.0.4, 2.9.8, 2.8.1
* php 7.3.30 + xdebug 3.0.4
* php 7.2.34 + xdebug 3.0.4, 2.7.2, 2.6.1
Any coupling of php 7.1.33 with xdebug (2.5.5., 2.6.1, 2.7.2, 2.8.1, 2.9.8) did not show this behaviour.
I have attached a simpler reproduction environment that uses the php:7.4.23-apache image instead of a httpd+php-fpm. Use `start.sh` to build a container based on php:7.4.23-apache with xdebug and start it.
I can also confirm that PHP8.0.10 + xdebug 3.1.0beta2 behaves the same way.
xdebug-segfault-repro-single-container.tar.gz (659 bytes)
Thanks for the detailed report. I managed to distill it to a much shorter case, and I have no also made a PR to address the issue: https://github.com/xdebug/xdebug/pull/788 — This will be part of Xdebug 3.1.0.
(I'll also update the version ranges in the issue tracker, thanks for that)
||Merged into Git now, for inclusion in Xdebug 3.1.0 and later.|
|2021-09-21 16:15||j6s||New Issue|
|2021-09-21 16:15||j6s||Tag Attached: crash|
|2021-09-21 16:15||j6s||Tag Attached: exception|
|2021-09-21 16:15||j6s||Tag Attached: SIGSEGV|
|2021-09-21 16:15||j6s||File Added: xdebug-3-segfault-repro.tar.gz|
|2021-09-21 16:37||j6s||Note Added: 0006023|
|2021-09-21 18:48||j6s||Note Added: 0006024|
|2021-09-21 18:48||j6s||File Added: xdebug-segfault-repro-single-container.tar.gz|
|2021-09-22 09:48||derick||Assigned To||=> derick|
|2021-09-22 09:48||derick||Status||new => confirmed|
|2021-09-22 09:48||derick||Note Added: 0006025|
|2021-09-22 10:08||derick||Status||confirmed => closed|
|2021-09-22 10:08||derick||Resolution||open => fixed|
|2021-09-22 10:08||derick||Fixed in Version||=> 3.1dev|
|2021-09-22 10:08||derick||Note Added: 0006027|
|2021-10-04 09:29||derick||Fixed in Version||3.1dev => 3.1.0|