segmentation fault when hook contains fatal error on runtime

sebbu2 commented 6 years ago

test code :

<?php
function hello()
{
    print("Hello World!<br/>\n");
}
$cl = new StdClass();
$c = function() { global $cl; hello(); var_dump(is_class($cl)); };
uopz_set_hook('hello', $c);
hello(); // segfault
?>

output:

Hello World!<br/>
Segmentation fault

expected output:

Hello World!<br/>
Fatal error: Uncaught Error: Call to undefined function is_class() in test_error.php(6) : eval()'d code:1

Environment details:

PHP 7.2.9 (cli) (built: Aug 15 2018 23:10:01) ( ZTS MSVC15 (Visual C++ 2017) x64 )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies

uopz

uopz support => enabled
Version => 5.0.2

krakjoe commented 5 years ago

I'm not able to reproduce this ... if you could open a PR with a failing test that would be helpful ...

cmb69 commented 5 years ago

I can reproduce the crash with current PHP-7.3 and current uopz master on Windows. Backtrace:

php7_debug.dll!zend_gc_delref(_zend_refcounted_h * p) Line 996 (c:\Users\cmb\php-sdk\phpdev\vc15\x64\php-src-7.3\Zend\zend_types.h:996)
php7_debug.dll!zend_vm_stack_free_args(_zend_execute_data * call) Line 258 (c:\Users\cmb\php-sdk\phpdev\vc15\x64\php-src-7.3\Zend\zend_execute.h:258)
php7_debug.dll!cleanup_unfinished_calls(_zend_execute_data * execute_data, unsigned int op_num) Line 2804 (c:\Users\cmb\php-sdk\phpdev\vc15\x64\php-src-7.3\Zend\zend_execute.c:2804)
php7_debug.dll!ZEND_HANDLE_EXCEPTION_SPEC_HANDLER(_zend_execute_data * execute_data) Line 1773 (c:\Users\cmb\php-sdk\phpdev\vc15\x64\php-src-7.3\Zend\zend_vm_execute.h:1773)
php7_debug.dll!ZEND_USER_OPCODE_SPEC_HANDLER(_zend_execute_data * execute_data) Line 1829 (c:\Users\cmb\php-sdk\phpdev\vc15\x64\php-src-7.3\Zend\zend_vm_execute.h:1829)
php7_debug.dll!execute_ex(_zend_execute_data * ex) Line 55287 (c:\Users\cmb\php-sdk\phpdev\vc15\x64\php-src-7.3\Zend\zend_vm_execute.h:55287)
php7_debug.dll!php_uopz_execute(_zend_execute_data * execute_data) Line 61 (c:\Users\cmb\php-sdk\phpdev\vc15\x64\pecl\uopz\src\executors.c:61)
php7_debug.dll!zend_execute(_zend_op_array * op_array, _zval_struct * return_value) Line 60835 (c:\Users\cmb\php-sdk\phpdev\vc15\x64\php-src-7.3\Zend\zend_vm_execute.h:60835)
php7_debug.dll!zend_execute_scripts(int type, _zval_struct * retval, int file_count, ...) Line 1569 (c:\Users\cmb\php-sdk\phpdev\vc15\x64\php-src-7.3\Zend\zend.c:1569)
php7_debug.dll!php_execute_script(_zend_file_handle * primary_file) Line 2630 (c:\Users\cmb\php-sdk\phpdev\vc15\x64\php-src-7.3\main\main.c:2630)
php.exe!do_cli(int argc, char * * argv) Line 998 (c:\Users\cmb\php-sdk\phpdev\vc15\x64\php-src-7.3\sapi\cli\php_cli.c:998)
php.exe!main(int argc, char * * argv) Line 1389 (c:\Users\cmb\php-sdk\phpdev\vc15\x64\php-src-7.3\sapi\cli\php_cli.c:1389)
php.exe!invoke_main() Line 79 (d:\agent\_work\2\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:79)
php.exe!__scrt_common_main_seh() Line 288 (d:\agent\_work\2\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288)
php.exe!__scrt_common_main() Line 331 (d:\agent\_work\2\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:331)
php.exe!mainCRTStartup() Line 17 (d:\agent\_work\2\s\src\vctools\crt\vcstartup\src\startup\exe_main.cpp:17)
kernel32.dll!00007ffea2de3034() (Unbekannte Quelle:0)
ntdll.dll!00007ffea5783691() (Unbekannte Quelle:0)

krakjoe commented 5 years ago

I've managed to reproduce it by disabling zend mm ...

I can see what is happening ... need thinking time ...

krakjoe commented 5 years ago

Fixed in edfca8d1cfc301c3213bc724183bbd6b483f95a4

krakjoe / uopz

segmentation fault when hook contains fatal error on runtime #87