View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0002327XdebugUncategorizedpublic2025-03-05 10:212025-03-09 16:08
ReporterNiroDev Assigned Toderick  
PriorityhighSeveritycrashReproducibilityalways
Status closedResolutionfixed 
Platformx64OSalpine in Docker for WindowsOS Version11
Product Version3.4.1 
Fixed in Version3.4.2 
Summary0002327: Segmentation Fault 139 if exception thrown in callback since PHP 8.4
Description

Since my upgrade from PHP 8.3 to 8.4 (8.4.1 up to 8.4.4) the php process crashes with exit code 139.
I can only reproduce this with laravel, if a callback throws a exception like this:

$collection = new Collection([fn() => throw new RuntimeException()]);
new HigherOrderCollectionProxy($collection, 'each')->__invoke();

I also created this php issue: https://github.com/php/php-src/issues/17968

Steps To Reproduce

Clone https://github.com/NiroDeveloper/php-issue-17968

  1. Start docker-compose.yaml
  2. Open shell in the php container
  3. Run 'php bug.php'
  4. See output 'Segmentation fault'
Additional Information

The problem only occurs if xdebug is installed but not used.
If xdebug is used or not installed it is ok.

Tagscrash, php8.4, segfault
Operating SystemDocker php:8.4-cli-alpine
PHP Version8.4-dev

Activities

derick

2025-03-05 10:47

administrator   ~0007193

The reproduce steps for me, without docker:

export USE_ZEND_ALLOC=0
cd laravel
valgrind php bug.php

Produces no crash, but:

==2553417== Conditional jump or move depends on uninitialised value(s)
==2553417==    at 0x9B80218: fetch_zval_from_symbol_table (var.c:434)
==2553417==    by 0x9B81844: xdebug_get_php_symbol (var.c:858)
==2553417==    by 0x9BAD7AD: zval_from_stack_add_frame_variables (stack.c:432)
==2553417==    by 0x9BADAEE: zval_from_stack_add_frame (stack.c:467)
==2553417==    by 0x9BADC09: zval_from_stack (stack.c:495)
==2553417==    by 0x9BB02B8: xdebug_develop_throw_exception_hook (stack.c:1252)
==2553417==    by 0x9B70F11: xdebug_throw_exception_hook (base.c:1564)
==2553417==    by 0xB88E43: zend_throw_exception_internal (zend_exceptions.c:223)
==2553417==    by 0xB8C1A9: zend_throw_exception_object (zend_exceptions.c:1005)
==2553417==    by 0xBC74C4: ZEND_THROW_SPEC_TMPVAR_HANDLER (zend_vm_execute.h:15197)
==2553417==    by 0xC24405: execute_ex (zend_vm_execute.h:60683)
==2553417==    by 0x9B6F960: xdebug_execute_ex (base.c:886)
==2553417==    by 0xB90242: zend_call_function (zend_execute_API.c:996)
==2553417==    by 0xB8F673: _call_user_function_impl (zend_execute_API.c:792)
==2553417==    by 0xB5C05C: zim_Closure___invoke (zend_closures.c:54)
==2553417==    by 0xBA8026: ZEND_DO_FCALL_SPEC_OBSERVER_HANDLER (zend_vm_execute.h:2144)
==2553417==    by 0xC229C2: execute_ex (zend_vm_execute.h:58859)
==2553417==    by 0x9B6F960: xdebug_execute_ex (base.c:886)
==2553417==    by 0xBA7F57: ZEND_DO_FCALL_SPEC_OBSERVER_HANDLER (zend_vm_execute.h:2123)
==2553417==    by 0xC229C2: execute_ex (zend_vm_execute.h:58859)
==2553417==    by 0x9B6F960: xdebug_execute_ex (base.c:886)
==2553417==    by 0xBA7F57: ZEND_DO_FCALL_SPEC_OBSERVER_HANDLER (zend_vm_execute.h:2123)
==2553417==    by 0xC229C2: execute_ex (zend_vm_execute.h:58859)
==2553417==    by 0x9B6F960: xdebug_execute_ex (base.c:886)
==2553417==    by 0xBADC7F: ZEND_CALL_TRAMPOLINE_SPEC_OBSERVER_HANDLER (zend_vm_execute.h:3643)
==2553417==    by 0xC22B42: execute_ex (zend_vm_execute.h:58979)
==2553417==    by 0x9B6F960: xdebug_execute_ex (base.c:886)
==2553417==    by 0xBA7F57: ZEND_DO_FCALL_SPEC_OBSERVER_HANDLER (zend_vm_execute.h:2123)
==2553417==    by 0xC229C2: execute_ex (zend_vm_execute.h:58859)
==2553417==    by 0x9B6F960: xdebug_execute_ex (base.c:886)
==2553417==    by 0xC27254: zend_execute (zend_vm_execute.h:64236)
==2553417==    by 0xCBDF93: zend_execute_script (zend.c:1934)

derick

2025-03-05 11:01

administrator   ~0007194

https://github.com/xdebug/xdebug/pull/1000 should fix it, but I don't have a good short test case yet.

derick

2025-03-07 12:10

administrator   ~0007201

This is now fixed in GIT for 3.4.2, of which I'll make a release soon.

Issue History

Date Modified Username Field Change
2025-03-05 10:21 NiroDev New Issue
2025-03-05 10:21 NiroDev Tag Attached: crash
2025-03-05 10:21 NiroDev Tag Attached: php8.4
2025-03-05 10:21 NiroDev Tag Attached: segfault
2025-03-05 10:47 derick Assigned To => derick
2025-03-05 10:47 derick Status new => confirmed
2025-03-05 10:47 derick Note Added: 0007193
2025-03-05 11:01 derick Note Added: 0007194
2025-03-07 12:10 derick Status confirmed => closed
2025-03-07 12:10 derick Resolution open => fixed
2025-03-07 12:10 derick Note Added: 0007201
2025-03-09 16:00 derick Fixed in Version => 3.4dev
2025-03-09 16:08 derick Fixed in Version 3.4dev => 3.4.2