View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0001322XdebugUncategorizedpublic2016-06-26 00:562018-05-08 09:06
Reporternazar-pc Assigned Toderick  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionno change required 
PlatformLinuxOSUbuntu x64OS Version16.10 Yakkety
Product Version2.4.0 
Summary0001322: Xdebug causes PHP to segfault
Description

Conditions are really strange, I'm not sure how to describe it.
However, I've prepared 100% reproducible test case on GitHub: https://github.com/nazar-pc/xdebug-segfault

Steps To Reproduce

composer install
php index.php (when Xdebug enabled)

Additional Information

Copy of output from GitHub repository for historical reference:
~> sudo phpdismod xdebug
~> php index.php
<div>
<table>
<tr>
<td>Col 1</td>
<td></td>
</tr>
<tr class="class">
<td>Col 1</td>
<td></td>
</tr>
</table>
</div>
~> sudo phpenmod xdebug
~> php index.php
fish: “php index.php” terminated by signal SIGSEGV (Address boundary error)
~> php -v
PHP 7.0.7-4ubuntu2 (cli) ( NTS )
Copyright (c) 1997-2016 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies
with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies
with Xdebug v2.4.0, Copyright (c) 2002-2016, by Derick Rethans
with blackfire v1.10.6, https://blackfire.io, by Blackfireio Inc.
~> uname -a
Linux nazar-pc 4.7.0-rc4-haswell 0000002 SMP Wed Jun 22 04:05:10 EEST 2016 x86_64 x86_64 x86_64 GNU/Linux
~> lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu Yakkety Yak (development branch)
Release: 16.10
Codename: yakkety

TagsNo tags attached.
Operating System
PHP Version7.0.5-7.0.9

Activities

nazar-pc

2016-06-26 02:18

reporter   ~0003636

Found that it only crashes with xdebug.profiler_enable=1

incastrix

2016-06-28 18:33

reporter   ~0003637

In my case, crash with xdebug.profiler_aggregate = On

incastrix

2016-06-28 18:46

reporter   ~0003638

stace output:

5407 stat("/tmp/trace.2043925204.xt", {st_mode=S_IFREG|0644, st_size=114, ...}) = 0
5407 open("/tmp/trace.2043925204.xt", O_RDWR) = 17
5407 flock(17, LOCK_EX|LOCK_NB) = 0
5407 open("/tmp/trace.2043925204.xt", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 18
5407 dup3(18, 17, 0) = 17
5407 close(18) = 0
5407 flock(17, LOCK_EX|LOCK_NB) = 0
5407 fstat(17, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
5407 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff08f3b9000
5407 write(17, "TRACE START [2016-06-28 18:39:22"..., 34) = 34
5407 brk(0x99b000) = 0x99b000
5407 getcwd("/", 4095) = 2
5407 chdir("/var/www/netools.loc/tools/mysql") = 0
5407 setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={30, 0}}, NULL) = 0
5407 fcntl(14, F_SETLK, {l_type=F_RDLCK, l_whence=SEEK_SET, l_start=1, l_len=1}) = 0
5407 open("/tmp/cachegrind.out.5407", O_WRONLY|O_CREAT|O_APPEND, 0666) = 18
5407 lseek(18, 0, SEEK_END) = 0
5407 fstat(18, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
5407 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff08f3b8000
5407 write(18, "\n==== NEW PROFILING FILE ======="..., 203) = 203
5407 write(17, " 0.0447 354776 -> {main"..., 80) = 80
5407 --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30} ---

nazar-pc

2016-09-23 14:02

reporter   ~0003709

Still and issue in 2.4.1

derick

2016-12-12 00:05

administrator   ~0004023

Can you still reproduce this with PHP 7.0.14 and Xdebug 2.5.0?

nazar-pc

2016-12-12 01:00

reporter   ~0004032

Actually no, just updated to PHP 7.0.14 and Xdebug 2.5.0 from Ond?ej Surý ppa and I do not experience this issue anymore.

nazar-pc

2016-12-12 01:05

reporter   ~0004033

Travis CI with 7.0.13 and 2.5.0 is also fine, issue can be closed as fixed.

derick

2016-12-12 11:16

administrator   ~0004037

Okay - thanks for checking again.

jrunyon

2018-05-03 19:24

reporter   ~0004646

Not fixed here.

As soon as I turn profiler_aggregate on, it segfaults as soon as I make a request. If I turn it off, everything's fine and dandy.

tl;dr null pointer dereference in xdebug_add_stack_frame prev->aggr_entry

== versions ==
Description: Ubuntu 17.10
PHP 7.1.15-0ubuntu0.17.10.1 (cli) (built: Mar 14 2018 22:30:42) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.1.0, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.1.15-0ubuntu0.17.10.1, Copyright (c) 1999-2018, by Zend Technologies
with Xdebug v2.5.5, Copyright (c) 2002-2017, by Derick Rethans

== xdebug settings ==
xdebug.remote_enable=1

xdebug.profiler_enable=1
xdebug.profiler_aggregate=1
xdebug.profiler_enable_trigger=1
xdebug.profiler_output_dir=/var/www/xdebug
xdebug.profiler_output_name=cachegrind.out.%s.%r

xdebug.var_display_max_children=-1
xdebug.var_display_max_data=-1
xdebug.var_display_max_depth=-1

== trace ==
(gdb) bt
#0 0x00007f03eaf79825 in xdebug_add_stack_frame (zdata=<optimized out>, zdata@entry=0x7f03eb412030, op_array=op_array@entry=0x7f03eb482000, type=type@entry=2)
at ./build-7.1/xdebug_stack.c:1583
#1 0x00007f03eaf65f96 in xdebug_execute_ex (execute_data=0x7f03eb412390) at ./build-7.1/xdebug.c:1959
0000002 0x00007f03f27f4e24 in ?? () from /usr/lib/apache2/modules/libphp7.1.so
0000003 0x00007f03f279f4eb in execute_ex () from /usr/lib/apache2/modules/libphp7.1.so
0000004 0x00007f03eaf660e5 in xdebug_execute_ex (execute_data=0x7f03eb412030) at ./build-7.1/xdebug.c:2056
0000005 0x00007f03f27fa4d0 in zend_execute () from /usr/lib/apache2/modules/libphp7.1.so
0000006 0x00007f03f27557a2 in zend_execute_scripts () from /usr/lib/apache2/modules/libphp7.1.so
0000007 0x00007f03f26f2760 in php_execute_script () from /usr/lib/apache2/modules/libphp7.1.so
0000008 0x00007f03f27fc522 in ?? () from /usr/lib/apache2/modules/libphp7.1.so
0000009 0x000055b375c53a80 in ap_run_handler (r=r@entry=0x7f03f6f3f0a0) at config.c:170
0000010 0x000055b375c53ffd in ap_invoke_handler (r=r@entry=0x7f03f6f3f0a0) at config.c:434
0000011 0x000055b375c6b75b in ap_process_async_request (r=0x7f03f6f3f0a0) at http_request.c:436
0000012 0x000055b375c6b930 in ap_process_request (r=r@entry=0x7f03f6f3f0a0) at http_request.c:471
0000013 0x000055b375c67b8d in ap_process_http_sync_connection (c=0x7f03f6f45290) at http_core.c:210
0000014 ap_process_http_connection (c=0x7f03f6f45290) at http_core.c:251
0000015 0x000055b375c5d740 in ap_run_process_connection (c=c@entry=0x7f03f6f45290) at connection.c:42
0000016 0x000055b375c5dca0 in ap_process_connection (c=c@entry=0x7f03f6f45290, csd=<optimized out>) at connection.c:226
0000017 0x00007f03f36e1821 in child_main (child_num_arg=child_num_arg@entry=0, child_bucket=child_bucket@entry=0) at prefork.c:612
0000018 0x00007f03f36e1b25 in make_child (s=0x7f03f70814a0, slot=slot@entry=0, bucket=0) at prefork.c:706
0000019 0x00007f03f36e1b6f in startup_children (number_to_start=5) at prefork.c:725
0000020 0x00007f03f36e269f in prefork_run (_pconf=<optimized out>, plog=0x7f03f7076028, s=0x7f03f70814a0) at prefork.c:894
0000021 0x000055b375c3714e in ap_run_mpm (pconf=0x7f03f70a8028, plog=0x7f03f7076028, s=0x7f03f70814a0) at mpm_common.c:94
0000022 0x000055b375c2fa95 in main (argc=<optimized out>, argv=<optimized out>) at main.c:792

(gdb) frame 0
#0 0x00007f03eaf79825 in xdebug_add_stack_frame (zdata=<optimized out>, zdata@entry=0x7f03eb412030, op_array=op_array@entry=0x7f03eb482000, type=type@entry=2)
at ./build-7.1/xdebug_stack.c:1583
1583 if (prev->aggr_entry->call_list) {

(gdb) p prev
$1 = (function_stack_entry ) 0x55b377457d10
(gdb) p prev->aggr_entry
$2 = (xdebug_aggregate_entry ) 0x0

derick

2018-05-08 09:06

administrator   ~0004649

@jrunyon, please open a new ticket - preferably reproducible with the command line PHP web server ~ and a short reproducible script.

Issue History

Date Modified Username Field Change
2016-06-26 00:56 nazar-pc New Issue
2016-06-26 02:18 nazar-pc Note Added: 0003636
2016-06-28 18:33 incastrix Note Added: 0003637
2016-06-28 18:46 incastrix Note Added: 0003638
2016-07-31 12:35 derick Category Debug client (console) => debugclient (debugging tool)
2016-07-31 12:35 derick Category debugclient (debugging tool) => (No Category)
2016-09-23 14:02 nazar-pc Note Added: 0003709
2016-12-12 00:05 derick Note Added: 0004023
2016-12-12 00:06 derick Category (No Category) => Usage problems (Wrong Results)
2016-12-12 00:07 derick Assigned To => derick
2016-12-12 00:07 derick Status new => feedback
2016-12-12 01:00 nazar-pc Note Added: 0004032
2016-12-12 01:00 nazar-pc Status feedback => assigned
2016-12-12 01:05 nazar-pc Note Added: 0004033
2016-12-12 11:16 derick Note Added: 0004037
2016-12-12 11:16 derick Status assigned => resolved
2016-12-12 11:16 derick Resolution open => no change required
2018-05-03 19:24 jrunyon Note Added: 0004646
2018-05-08 09:06 derick Note Added: 0004649
2020-03-12 16:35 derick Category Usage problems (Wrong Results) => Variable Display
2020-03-12 16:38 derick Category Variable Display => Uncategorized