MantisBT

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001471XdebugUsage problems (Wrong Results)public2017-09-16 05:082017-10-07 10:57
Reporteryangrokety 
Assigned Toderick 
PriorityhighSeveritycrashReproducibilityalways
StatusclosedResolutionfixed 
PlatformlinuxOSubuntu 17.04OS Version
Product Version2.5.5 
Target Version2.5.6Fixed in Version2.5.6 
Summary0001471: Tracing crashes with return_assignments and ternairy operator
DescriptionIf I use function trace to trace this code :

$ff = "bb";
$c= "aa" == $ff ? 1 : 0;

I will always encounter core dump.

My ini config:
zend_extension=xdebug.so
xdebug.auto_trace=1
xdebug.trace_format=0
xdebug.collect_params=4
xdebug.collect_return=1
xdebug.collect_assignments=1
xdebug.trace_output_name= %t.trace
xdebug.trace_output_dir=/tmp/xdebug
Additional InformationIn xdebug_find_var_name:
if (cur_opcode->opcode == ZEND_QM_ASSIGN) {
#if PHP_VERSION_ID >= 70000
        xdebug_str_add(&name, xdebug_sprintf("$%s", zend_get_compiled_variable_name(op_array, cur_opcode->result.var)->val), 1);
#else
        xdebug_str_add(&name, xdebug_sprintf("$%s", zend_get_compiled_variable_name(op_array, cur_opcode->result.var, &cv_len)), 1);
#endif
    }

When opcode is ZEND_QM_ASSIGN('?:'handler), there doesn't has variable name.

The core dump:

Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x0000561196440ac2 in zend_get_compiled_variable_name (op_array=0x7fca708ef0c8, var=4294967200, name_len=0x7ffc2a600c1c) at /home/rokety/Downloads/php-5.6.31/Zend/zend_compile.c:7040
7040 *name_len = op_array->vars[var].name_len;
 
TagsNo tags attached.
Operating System
PHP Version5.6.30-5.6.35
Attached Files

- Relationships

-  Notes
(0004417)
derick (administrator)
2017-09-21 11:16

This also crashes for PHP 7.0 and 7.1.
(0004430)
yangrokety (reporter)
2017-09-27 10:39

Hi, derick
I try to fix this bug.
First I found you add ZEND_QM_ASSIGN overloaded by this issue fix: https://bugs.xdebug.org/view.php?id=1414. [^]

I try to reproduce 0001414, but I found normal variable assignment always use ZEND_ASSIGN(both php7.0.22 and php7.1.9 with opcache enable).

In php7.1.9 with opcache, there are not ZEND_QM_ASSIGN:
/home/rokety/Github/xdebug/test.php:2 ZEND_EXT_STMT
/home/rokety/Github/xdebug/test.php:2 ZEND_EXT_FCALL_BEGIN
/home/rokety/t.php:2 ZEND_EXT_STMT
/home/rokety/t.php:2 ZEND_ASSIGN
/home/rokety/t.php:3 ZEND_EXT_STMT
/home/rokety/t.php:3 ZEND_PRE_INC
/home/rokety/t.php:4 ZEND_EXT_STMT
/home/rokety/t.php:4 ZEND_ASSIGN
/home/rokety/t.php:5 ZEND_RETURN
/home/rokety/Github/xdebug/test.php:2 ZEND_EXT_FCALL_END
/home/rokety/Github/xdebug/test.php:3 ZEND_EXT_STMT
/home/rokety/Github/xdebug/test.php:3 ZEND_ASSIGN
/home/rokety/Github/xdebug/test.php:4 ZEND_EXT_STMT
/home/rokety/Github/xdebug/test.php:4 ZEND_EXT_FCALL_BEGIN
/home/rokety/t.php:2 ZEND_EXT_STMT
/home/rokety/t.php:2 ZEND_ASSIGN
/home/rokety/t.php:3 ZEND_EXT_STMT
/home/rokety/t.php:3 ZEND_PRE_INC
/home/rokety/t.php:4 ZEND_EXT_STMT
/home/rokety/t.php:4 ZEND_ASSIGN
/home/rokety/t.php:5 ZEND_RETURN
/home/rokety/Github/xdebug/test.php:4 ZEND_EXT_FCALL_END
/home/rokety/Github/xdebug/test.php:5 ZEND_EXT_STMT
/home/rokety/Github/xdebug/test.php:5 ZEND_ASSIGN
/home/rokety/Github/xdebug/test.php:6 ZEND_EXT_STMT
/home/rokety/Github/xdebug/test.php:6 ZEND_EXT_FCALL_BEGIN
/home/rokety/t.php:2 ZEND_EXT_STMT
/home/rokety/t.php:2 ZEND_ASSIGN
/home/rokety/t.php:3 ZEND_EXT_STMT
/home/rokety/t.php:3 ZEND_PRE_INC
/home/rokety/t.php:4 ZEND_EXT_STMT
/home/rokety/t.php:4 ZEND_ASSIGN
/home/rokety/t.php:5 ZEND_RETURN
/home/rokety/Github/xdebug/test.php:6 ZEND_EXT_FCALL_END
/home/rokety/Github/xdebug/test.php:7 ZEND_RETURN

and the opcache log:
Wed Sep 27 17:32:35 2017 (24236): Message Cached script '/home/rokety/Github/xdebug/test.php'
Wed Sep 27 17:32:35 2017 (24236): Message Cached script '/home/rokety/t.php'

In php7.0.22 with opcache:
/home/rokety/Github/xdebug/test.php:2 ZEND_EXT_STMT
/home/rokety/Github/xdebug/test.php:2 ZEND_EXT_FCALL_BEGIN
/home/rokety/t.php:2 ZEND_EXT_STMT
/home/rokety/t.php:2 ZEND_ASSIGN
/home/rokety/t.php:3 ZEND_EXT_STMT
/home/rokety/t.php:3 ZEND_PRE_INC
/home/rokety/t.php:4 ZEND_EXT_STMT
/home/rokety/t.php:4 ZEND_QM_ASSIGN
/home/rokety/t.php:4 ZEND_ASSIGN
/home/rokety/t.php:5 ZEND_RETURN
/home/rokety/Github/xdebug/test.php:2 ZEND_EXT_FCALL_END
/home/rokety/Github/xdebug/test.php:3 ZEND_EXT_STMT
/home/rokety/Github/xdebug/test.php:3 ZEND_ASSIGN
/home/rokety/Github/xdebug/test.php:4 ZEND_EXT_STMT
/home/rokety/Github/xdebug/test.php:4 ZEND_EXT_FCALL_BEGIN
/home/rokety/t.php:2 ZEND_EXT_STMT
/home/rokety/t.php:2 ZEND_ASSIGN
/home/rokety/t.php:3 ZEND_EXT_STMT
/home/rokety/t.php:3 ZEND_PRE_INC
/home/rokety/t.php:4 ZEND_EXT_STMT
/home/rokety/t.php:4 ZEND_QM_ASSIGN
/home/rokety/t.php:4 ZEND_ASSIGN
/home/rokety/t.php:5 ZEND_RETURN
/home/rokety/Github/xdebug/test.php:4 ZEND_EXT_FCALL_END
/home/rokety/Github/xdebug/test.php:5 ZEND_EXT_STMT
/home/rokety/Github/xdebug/test.php:5 ZEND_ASSIGN
/home/rokety/Github/xdebug/test.php:6 ZEND_EXT_STMT
/home/rokety/Github/xdebug/test.php:6 ZEND_EXT_FCALL_BEGIN
/home/rokety/t.php:2 ZEND_EXT_STMT
/home/rokety/t.php:2 ZEND_ASSIGN
/home/rokety/t.php:3 ZEND_EXT_STMT
/home/rokety/t.php:3 ZEND_PRE_INC
/home/rokety/t.php:4 ZEND_EXT_STMT
/home/rokety/t.php:4 ZEND_QM_ASSIGN
/home/rokety/t.php:4 ZEND_ASSIGN
/home/rokety/t.php:5 ZEND_RETURN
/home/rokety/Github/xdebug/test.php:6 ZEND_EXT_FCALL_END
/home/rokety/Github/xdebug/test.php:7 ZEND_RETURN

and the opcache log:
Wed Sep 27 17:38:30 2017 (27745): Message Cached script '/home/rokety/Github/xdebug/test.php'
Wed Sep 27 17:38:30 2017 (27745): Message Added key 'test.php:170192:170248'
Wed Sep 27 17:38:30 2017 (27745): Message Cached script '/home/rokety/t.php'
(0004431)
yangrokety (reporter)
2017-09-27 10:40

test.php

<?php
include '/home/rokety/t.php';
$a = 1;
include '/home/rokety/t.php';
$a = 2;
include '/home/rokety/t.php';

t.php

<?php
$i = 0;
$i++;
$i = 1==2?1:2;
(0004437)
derick (administrator)
2017-10-07 10:57

Fixed for 2.5.6, and 2.6.0dev.

- Issue History
Date Modified Username Field Change
2017-09-16 05:08 yangrokety New Issue
2017-09-21 11:16 derick Note Added: 0004417
2017-09-21 11:16 derick Assigned To => derick
2017-09-21 11:16 derick Status new => confirmed
2017-09-21 11:17 derick Target Version => 2.5.6
2017-09-27 10:39 yangrokety Note Added: 0004430
2017-09-27 10:40 yangrokety Note Added: 0004431
2017-10-07 10:44 derick Summary core dump when use function trace => Tracing crashes with return_assignments and ternairy operator
2017-10-07 10:57 derick Note Added: 0004437
2017-10-07 10:57 derick Status confirmed => closed
2017-10-07 10:57 derick Resolution open => fixed
2017-10-07 10:57 derick Fixed in Version => 2.5.6


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker