View Issue Details

IDProjectCategoryView StatusLast Update
0001072XdebugUncategorizedpublic2015-01-07 00:05
Reportersizeof Assigned Toderick  
PrioritylowSeveritycrashReproducibilityalways
Status resolvedResolutionfixed 
Platformamd64OSDebianOS Version7.5
Product Version2.2.5 
Fixed in Version2.2.6 
Summary0001072: Dereferencing NULL pointer opline to get a lineno
Description

xdebug-2.2.5 tested with php 5.5.9 and 5.5.16 segfaults here:

Program terminated with signal 11, Segmentation fault.
#0 0x00007fccf0d22dca in xdebug_build_fname (edata=0x7fff7c6eac80, tmp=0x3452930)
at /usr/src/xdebug-2.2.5/xdebug_stack.c:918
918 tmp->function = xdebug_sprintf(
(gdb) list
913 }
914
915 if (!fname) {
916 fname = "whoops";
917 }
918 tmp->function = xdebug_sprintf(
919 "%s:{%s:%d}",
920 edata->function_state.function->common.function_name,
921 fname,
922 edata->opline->lineno

(gdb) p edata
$10 = (zend_execute_data ) 0x7fff7c6eac80
(gdb) p edata->opline
$11 = (struct _zend_op
) 0x0
(gdb) p *edata
$12 = {opline = 0x0, function_state = {function = 0x27f7bd0, arguments = 0x7fccf12fb6c0}, op_array = 0x0,
object = 0x0, symbol_table = 0x0, prev_execute_data = 0x7fccf12fb5e0, old_error_reporting = 0x0,
nested = 0 '\000', original_return_value = 0x2bae650, current_scope = 0x29477c0,
current_called_scope = 0x7fccf12f9d68, current_this = 0x0, fast_ret = 0x7fccf12f9da8,
call_slots = 0x7fccf12fb670, call = 0x7fccf12fb670}

TagsNo tags attached.
Operating System
PHP Version5.5.5-5.5.9

Activities

derick

2014-08-22 14:35

administrator   ~0002877

Would you be able to produce a script that demonstrates this crash? That makes it a lot easier to fix the problem as this is most likely caused by a case that I haven't considered.

sizeof

2014-09-05 21:44

reporter   ~0002881

Nop, it seems hard for us to produce a reproductible script, as we don't have a stacktrace, and it happens in a very huge pile of PHP...

But you may at lest test for it instead of crashing, logging some debug information, as a temporary fix ? (I typically quick-fixed my version with a little ternary).

derick

2014-11-11 19:49

administrator   ~0002897

I am going to guess and I think this could be the same as 0001073 and 0001075, which
will be fixed in Xdebug 2.2.6 once I release it. In any case, as you have a
GDB stacktrace, you can reproduce this somehow. In case it happens again, can
you issue "backtrace full" to get the full stack?

derick

2014-12-13 20:35

administrator   ~0002933

2.2.6 is now released, can you please check whether that addressed the issue?

derick

2015-01-07 00:05

administrator   ~0002960

Suspected fixed in 2.2.6 - please reopen if it's still an issue.

Issue History

Date Modified Username Field Change
2014-08-22 14:30 sizeof New Issue
2014-08-22 14:35 derick Note Added: 0002877
2014-08-22 14:35 derick Assigned To => derick
2014-08-22 14:35 derick Status new => feedback
2014-09-05 21:44 sizeof Note Added: 0002881
2014-09-05 21:44 sizeof Status feedback => assigned
2014-11-11 19:49 derick Note Added: 0002897
2014-11-11 19:49 derick Status assigned => feedback
2014-12-13 20:35 derick Note Added: 0002933
2015-01-07 00:05 derick Note Added: 0002960
2015-01-07 00:05 derick Status feedback => resolved
2015-01-07 00:05 derick Fixed in Version => 2.2.6
2015-01-07 00:05 derick Resolution open => fixed
2016-07-31 12:36 derick Category Usage problems => Usage problems (Crashes)
2016-07-31 12:38 derick Category Usage problems (Crashes) => Usage problems (Wrong Results)
2020-03-12 16:35 derick Category Usage problems (Wrong Results) => Variable Display
2020-03-12 16:38 derick Category Variable Display => Uncategorized