MantisBT

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001459XdebugUsage problems (Wrong Results)public2017-07-28 19:282017-08-20 17:38
Reporterkenorb 
Assigned To 
PrioritynormalSeveritycrashReproducibilityalways
StatusnewResolutionopen 
PlatformOSOS Version
Product Version2.5.5 
Target VersionFixed in Version 
Summary0001459: SIGSEGV in strx_printv/ap_php_vsnprintf/xdebug_sprintf
DescriptionI've added in xdebug_start_trace(); processValue method and the Drupal 8 CMS is crashing on certain page.
Steps To ReproduceDon't have minimum example, but it happens all the time on certain page after adding xdebug_start_trace();
Additional InformationProcess: httpd [10767]
Path: /usr/local/Cellar/httpd24/2.4.26/bin/httpd
Code Type: X86-64 (Native)
Parent Process: httpd [18204]
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000010
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libsystem_c.dylib 0x00007fffa7c1bb92 strlen + 18
1 libphp7.so 0x00000001029768d1 strx_printv + 846
2 libphp7.so 0x0000000102977a87 ap_php_vsnprintf + 33
3 xdebug.so 0x000000010369a047 xdebug_sprintf + 181
4 xdebug.so 0x000000010368a6cc xdebug_common_assign_dim_handler + 204
5 xdebug.so 0x000000010368ae43 xdebug_qm_assign_handler + 27
6 libphp7.so 0x0000000102a46478 ZEND_USER_OPCODE_SPEC_HANDLER + 26
7 libphp7.so 0x0000000102a0c361 execute_ex + 25
8 xdebug.so 0x0000000103687d1e xdebug_execute_ex + 1953
9 libphp7.so 0x0000000102a20a67 ZEND_DO_FCALL_SPEC_HANDLER + 570
10 libphp7.so 0x0000000102a0c361 execute_ex + 25
11 xdebug.so 0x0000000103687d1e xdebug_execute_ex + 1953
12 libphp7.so 0x00000001029c218b zend_call_function + 1981
13 libphp7.so 0x00000001029c19c8 call_user_function_ex + 86
14 libphp7.so 0x00000001029d19a1 zend_error_va_list + 1594
15 libphp7.so 0x00000001029d1349 zend_error + 132
16 xdebug.so 0x000000010369aa18 zif_xdebug_start_trace + 74
17 xdebug.so 0x00000001036880eb xdebug_execute_internal + 429
18 libphp7.so 0x0000000102a20a2f ZEND_DO_FCALL_SPEC_HANDLER + 514
19 libphp7.so 0x0000000102a0c361 execute_ex + 25
20 xdebug.so 0x0000000103687d1e xdebug_execute_ex + 1953
21 libphp7.so 0x0000000102a20a67 ZEND_DO_FCALL_SPEC_HANDLER + 570
22 libphp7.so 0x0000000102a0c361 execute_ex + 25
23 xdebug.so 0x0000000103687d1e xdebug_execute_ex + 1953
TagsNo tags attached.
Operating System
PHP Version7.0.20-7.0.24
Attached Files

- Relationships

-  Notes
(0004386)
kenorb (reporter)
2017-07-29 17:06

Similar reports here:
https://github.com/phalcon/cphalcon/issues/1969 [^]
https://gist.github.com/tony2001/3f08bfc9b1632ad630eb [^]
(0004388)
kenorb (reporter)
2017-08-01 21:06

Same with Xdebug v2.6.0-dev
(0004396)
kenorb (reporter)
2017-08-20 16:30

Backtrace from current master branch:

* thread #1, stop reason = signal SIGSTOP
  * frame #0: 0x00007fff8a2f8b92 libsystem_c.dylib`strlen + 18
    frame #1: 0x000000010d0b1111 php71`strx_printv + 878
    frame 0000002: 0x000000010d0b22d7 php71`ap_php_vsnprintf + 33
    frame 0000003: 0x000000010df0fbdd xdebug.so`xdebug_sprintf(fmt="$%s") at xdebug_str.c:97 [opt]
    frame 0000004: 0x000000010deff1aa xdebug.so`xdebug_common_assign_dim_handler [inlined] xdebug_find_var_name(execute_data=0x000000010e01c4e0) at xdebug_code_coverage.c:179 [opt]
    frame 0000005: 0x000000010deff16e xdebug.so`xdebug_common_assign_dim_handler(op=<unavailable>, do_cc=<unavailable>, execute_data=<unavailable>) at xdebug_code_coverage.c:343 [opt]
    frame 0000006: 0x000000010deff9ab xdebug.so`xdebug_qm_assign_handler(execute_data=<unavailable>) at xdebug_code_coverage.c:395 [opt]
    frame 0000007: 0x000000010d1858b3 php71`ZEND_USER_OPCODE_SPEC_HANDLER + 26
    frame 0000008: 0x000000010d142e9e php71`execute_ex + 56
(lldb) frame select 4
xdebug.so was compiled with optimization - stepping may behave oddly; variables may not be available.
frame 0000004: 0x000000010deff1aa xdebug.so`xdebug_common_assign_dim_handler [inlined] xdebug_find_var_name(execute_data=0x000000010e01c4e0) at xdebug_code_coverage.c:179 [opt]
   176
   177 if (cur_opcode->opcode == ZEND_QM_ASSIGN) {
   178 #if PHP_VERSION_ID >= 70000
-> 179 xdebug_str_add(&name, xdebug_sprintf("$%s", zend_get_compiled_variable_name(op_array, cur_opcode->result.var)->val), 1);
   180 #else
   181 xdebug_str_add(&name, xdebug_sprintf("$%s", zend_get_compiled_variable_name(op_array, cur_opcode->result.var, &cv_len)), 1);
   182 #endif
(lldb) frame select 5
frame 0000005: 0x000000010deff16e xdebug.so`xdebug_common_assign_dim_handler(op=<unavailable>, do_cc=<unavailable>, execute_data=<unavailable>) at xdebug_code_coverage.c:343 [opt]
   340 }
   341 }
   342 if (XG(do_trace) && XG(trace_context) && XG(collect_assignments)) {
-> 343 full_varname = xdebug_find_var_name(execute_data TSRMLS_CC);
(lldb) frame select 3
frame 0000003: 0x000000010df0fbdd xdebug.so`xdebug_sprintf(fmt="$%s") at xdebug_str.c:97 [opt]
   94 int n;
   95
   96 va_start(args, fmt);
-> 97 n = vsnprintf(new_str, size, fmt, args);
   98 va_end(args);
   99
   100 if (n > -1 && n < size) {
(lldb) frame select 2
frame 0000002: 0x000000010d0b22d7 php71`ap_php_vsnprintf + 33
php71`ap_php_vsnprintf:
    0x10d0b22d7 <+33>: movl (%rbx), %eax
    0x10d0b22d9 <+35>: addq $0x8, %rsp
    0x10d0b22dd <+39>: popq %rbx
    0x10d0b22de <+40>: popq %rbp
(0004397)
kenorb (reporter)
2017-08-20 17:38

This is regression introduced in 5d611dfaa1351aa38b6744f31bedd2f137c882a5 commit. See this PR for more details: https://github.com/xdebug/xdebug/pull/363 [^]

- Issue History
Date Modified Username Field Change
2017-07-28 19:28 kenorb New Issue
2017-07-29 17:06 kenorb Note Added: 0004386
2017-08-01 21:06 kenorb Note Added: 0004388
2017-08-20 16:30 kenorb Note Added: 0004396
2017-08-20 17:38 kenorb Note Added: 0004397


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker