View Issue Details

IDProjectCategoryView StatusLast Update
0001651XdebugProfilingpublic2019-04-03 15:53
ReporterstanthemanAssigned Toderick 
PrioritynormalSeveritycrashReproducibilityhave not tried
Status feedbackResolutionopen 
Product Version2.7.0 
Target VersionFixed in Version 
Summary0001651: segfault in xdebug_var_export with collect_params set to 3 or 4
DescriptionIn xdebug_var.c, the xdebug_var_export function calls xdebug_objdebug_pp, which can return NULL. If it's NULL, the following call to xdebug_zend_hash_is_recursive causes a segfault:

https://github.com/xdebug/xdebug/blob/xdebug_2_7/xdebug_var.c#L1049

This happens in v2.6.1 as well as a fresh build from master.
Steps To ReproduceI don't have a minimal repro. It happens when tracing a CLI script and selling xdebug.collect_params to a value of '3' or '4'. I collect the values on the CLI with:

php -d 'zend_extension=/usr/lib64/php/modules7/xdebug.so' -d 'xdebug.trace_format=1' -d 'xdebug.auto_trace=1' -d 'xdebug.trace_output_dir=/tmp/xdebug' -d 'xdebug.profiler_enable=1' -d 'xdebug.profiler_enable=On' -d 'xdebug.collect_params=4' bigtable.php
Additional Informationgdb from the segfault:

(gdb) zbacktrace
[0x7fffeb614730] Google\ApiCore\Serializer->decodeMessage(object[0x7fffeb614780], array(2)[0x7fffeb614790]) /home/sschwertly/development/test/vendor/google/gax/src/Serializer.php:120
[0x7fffeb614670] Google\Cloud\Bigtable\Table->Google\Cloud\Bigtable\{closure}(reference, object[0x7fffeb6146d0]) /home/sschwertly/development/test/vendor/google/cloud-bigtable/src/Table.php:272
[0x7fffeb614600] array_walk(reference, object[0x7fffeb614660]) [internal function]
[0x7fffeb6142f0] Google\Cloud\Bigtable\Table->readRows(reference) /home/sschwertly/development/test/vendor/google/cloud-bigtable/src/Table.php:274
[0x7fffeb613030] (main) /home/sschwertly/development/test/bigtable.php

(gdb) bt
#0 0x00007fffe4a40111 in xdebug_zend_hash_is_recursive (ht=ht@entry=0x0) at /home/sschwertly/development/xdebug/xdebug_compat.c:417
#1 0x00007fffe4a54688 in xdebug_var_export (struc=struc@entry=0x7fffffff9558, str=str@entry=0x15d8f30, level=level@entry=1, debug_zval=debug_zval@entry=0, options=options@entry=0x163b110) at /home/sschwertly/development/xdebug/xdebug_var.c:1049
0000002 0x00007fffe4a550ef in xdebug_get_zval_value (val=0x1626eb0, debug_zval=debug_zval@entry=0, options=0x163b110, options@entry=0x0) at /home/sschwertly/development/xdebug/xdebug_var.c:1112
0000003 0x00007fffe4a51791 in add_single_value (str=0x7fffffff95e0, zv=<optimized out>, collection_level=<optimized out>) at /home/sschwertly/development/xdebug/xdebug_trace_computerized.c:104
0000004 0x00007fffe4a519b4 in xdebug_trace_computerized_function_entry (ctxt=0x15a3480, fse=0x15d6510, function_nr=<optimized out>) at /home/sschwertly/development/xdebug/xdebug_trace_computerized.c:177
0000005 0x00007fffe4a38557 in xdebug_execute_ex (execute_data=0x7fffeb614730) at /home/sschwertly/development/xdebug/xdebug.c:1860
0000006 0x00000000008abb85 in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER () at /usr/src/debug/php-src-php-7.1.18/Zend/zend_vm_execute.h:1076
0000007 0x000000000085a40b in execute_ex (ex=<optimized out>) at /usr/src/debug/php-src-php-7.1.18/Zend/zend_vm_execute.h:429
0000008 0x00007fffe4a382c5 in xdebug_execute_ex (execute_data=0x7fffeb614670) at /home/sschwertly/development/xdebug/xdebug.c:1928
0000009 0x0000000000802ac1 in zend_call_function (fci=fci@entry=0x11a6140 <basic_globals+416>, fci_cache=fci_cache@entry=0x11a6178 <basic_globals+472>) at /usr/src/debug/php-src-php-7.1.18/Zend/zend_execute_API.c:855
0000010 0x00000000006eb4e9 in php_array_walk (array=array@entry=0x7fffcae12fb0, userdata=0x0, recursive=recursive@entry=0) at /usr/src/debug/php-src-php-7.1.18/ext/standard/array.c:1448
0000011 0x00000000006efd75 in zif_array_walk (execute_data=0x7fffeb614600, return_value=0x7fffffff9b30) at /usr/src/debug/php-src-php-7.1.18/ext/standard/array.c:1510
0000012 0x00007fffe4a389be in xdebug_execute_internal (current_execute_data=0x7fffeb614600, return_value=0x7fffffff9b30) at /home/sschwertly/development/xdebug/xdebug.c:2048
0000013 0x00000000008ac17c in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER () at /usr/src/debug/php-src-php-7.1.18/Zend/zend_vm_execute.h:972
0000014 0x000000000085a40b in execute_ex (ex=<optimized out>) at /usr/src/debug/php-src-php-7.1.18/Zend/zend_vm_execute.h:429
0000015 0x00007fffe4a382c5 in xdebug_execute_ex (execute_data=0x7fffeb6142f0) at /home/sschwertly/development/xdebug/xdebug.c:1928
0000016 0x00000000008abb85 in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER () at /usr/src/debug/php-src-php-7.1.18/Zend/zend_vm_execute.h:1076
0000017 0x000000000085a40b in execute_ex (ex=<optimized out>) at /usr/src/debug/php-src-php-7.1.18/Zend/zend_vm_execute.h:429
0000018 0x00007fffe4a382c5 in xdebug_execute_ex (execute_data=0x7fffeb613030) at /home/sschwertly/development/xdebug/xdebug.c:1928
0000019 0x00000000008ae074 in zend_execute (op_array=op_array@entry=0x7fffeb6721c0, return_value=return_value@entry=0x0) at /usr/src/debug/php-src-php-7.1.18/Zend/zend_vm_execute.h:474
0000020 0x00000000008126a3 in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3) at /usr/src/debug/php-src-php-7.1.18/Zend/zend.c:1482
0000021 0x00000000007afee8 in php_execute_script (primary_file=primary_file@entry=0x7fffffffc140) at /usr/src/debug/php-src-php-7.1.18/main/main.c:2577
0000022 0x00000000008b0328 in do_cli (argc=24, argv=0x11b11b0) at /usr/src/debug/php-src-php-7.1.18/sapi/cli/php_cli.c:993
0000023 0x00000000004539ef in main (argc=24, argv=0x11b11b0) at /usr/src/debug/php-src-php-7.1.18/sapi/cli/php_cli.c:1381

I have a patch to submit on github but need this reference number to make the PR
TagsNo tags attached.
Operating System
PHP Version7.1.15-7.1.19

Activities

stantheman

2019-03-26 19:34

reporter   ~0004978

Pull request is here: https://github.com/xdebug/xdebug/pull/461

derick

2019-04-03 15:53

administrator   ~0004982

Hi,

thanks for the ticket and pull request. I would need to have a minimal test case before I can merge that though. Can you produce one? I wouldn't want to merge this PR as it might just fix a symptom, and not the real cause. And I would also not want to reintroduce the bug in the future, so a test case is really needed.

cheers,
Derick

Issue History

Date Modified Username Field Change
2019-03-26 19:25 stantheman New Issue
2019-03-26 19:34 stantheman Note Added: 0004978
2019-04-03 15:53 derick Assigned To => derick
2019-04-03 15:53 derick Status new => feedback
2019-04-03 15:53 derick Note Added: 0004982