View Issue Details

IDProjectCategoryView StatusLast Update
0002020XdebugUncategorizedpublic2021-10-04 09:29
Reporterj6s Assigned Toderick  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version3.0.4 
Fixed in Version3.1.0 
Summary0002020: segfault if xdebug.dump.GET=* and integer key without value in URL
Descriptionxdebug / the php process will segfault if all of the following conditions are met:

* The request is a web-request with a GET parameter comprised of an integer key (e.g. `index.php?1`)
* xdebug.dump.GET=* is set
* An exception is thrown (It doesn't matter if the exception is caught, throwing the exception triggers the segfault)

Steps To ReproduceI attached a minimal httpd + php-fpm docker-compose setup to this issue.
You will have to run `docker-compose build` before `docker-compose up` in order to start it.

The apache config is the default apache config from the httpd container with an additional proxy-pass
statement to pass files to php-fpm.

After starting the reproduction containers, you can call the example script at `localhost:8800/index.php`.
It first throws & catches an exception, then calls `xdebug_info()`. If everything works well, you should see
a `var_dump` saying `caught` followed by the xdebug-info output. At this point you can start changing the
query parameters in the request (such as calling it as `localhost:8800/index.php?1`) which may cause it to segfault.

The reproduction setup uses PHP7.4, I will however try other PHP versions and report back with my findings.
Additional Information* I couldn't find 7.4.23 in the PHP version list, so I selected the range closest to it
* I set the severity to major since segfaults shouldn't happen IMO. Feel free to change though
* I left the priority as normal since time management / scheduling is not for me to decide.
Tagscrash, exception, SIGSEGV
Operating SystemLinux
PHP Version7.4.10-7.4.19

Activities

j6s

2021-09-21 16:15

reporter  

j6s

2021-09-21 16:37

reporter   ~0006023

I tested some more versions. Interestingly, this does not seem to be exclusive to xdebug 3.x (which I initially thought). This means that this could potentially be the same issue as the following: https://bugs.xdebug.org/view.php?id=1770.

The following versions also show this behaviour: (can be tested quite easily, by adjusting `php.Dockerfile` and running `docker-compose build` + `docker-compose up` again)

* php 8.0.10 + xdebug 3.0.4, 3.0.3, 3.0.2, 3.0.1, 3.0.0
* php 7.4.23 + xdebug 3.0.4, 2.9.8, 2.8.1
* php 7.3.30 + xdebug 3.0.4
* php 7.2.34 + xdebug 3.0.4, 2.7.2, 2.6.1

Any coupling of php 7.1.33 with xdebug (2.5.5., 2.6.1, 2.7.2, 2.8.1, 2.9.8) did not show this behaviour.

j6s

2021-09-21 18:48

reporter   ~0006024

I have attached a simpler reproduction environment that uses the php:7.4.23-apache image instead of a httpd+php-fpm. Use `start.sh` to build a container based on php:7.4.23-apache with xdebug and start it.

I can also confirm that PHP8.0.10 + xdebug 3.1.0beta2 behaves the same way.

derick

2021-09-22 09:48

administrator   ~0006025

Thanks for the detailed report. I managed to distill it to a much shorter case, and I have no also made a PR to address the issue: https://github.com/xdebug/xdebug/pull/788 — This will be part of Xdebug 3.1.0.

(I'll also update the version ranges in the issue tracker, thanks for that)

derick

2021-09-22 10:08

administrator   ~0006027

Merged into Git now, for inclusion in Xdebug 3.1.0 and later.

Issue History

Date Modified Username Field Change
2021-09-21 16:15 j6s New Issue
2021-09-21 16:15 j6s Tag Attached: crash
2021-09-21 16:15 j6s Tag Attached: exception
2021-09-21 16:15 j6s Tag Attached: SIGSEGV
2021-09-21 16:15 j6s File Added: xdebug-3-segfault-repro.tar.gz
2021-09-21 16:37 j6s Note Added: 0006023
2021-09-21 18:48 j6s Note Added: 0006024
2021-09-21 18:48 j6s File Added: xdebug-segfault-repro-single-container.tar.gz
2021-09-22 09:48 derick Assigned To => derick
2021-09-22 09:48 derick Status new => confirmed
2021-09-22 09:48 derick Note Added: 0006025
2021-09-22 10:08 derick Status confirmed => closed
2021-09-22 10:08 derick Resolution open => fixed
2021-09-22 10:08 derick Fixed in Version => 3.1dev
2021-09-22 10:08 derick Note Added: 0006027
2021-10-04 09:29 derick Fixed in Version 3.1dev => 3.1.0