Segmentation fault in ext/zend_test/observer.c:175

php / php-src

The PHP Interpreter

https://www.php.net

Other

38.1k stars 7.74k forks source link

Segmentation fault in ext/zend_test/observer.c:175 #16319

Open YuanchengJiang opened 1 week ago

YuanchengJiang commented 1 week ago

Description

The following code:

<?php
$fiber = new Fiber(function() {
});
$fiber->start();

Resulted in this output:

/php-src/ext/zend_test/observer.c:175:45: runtime error: member access within null pointer of type 'zend_string' (aka 'struct _zend_string')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /php-src/ext/zend_test/observer.c:175:45

To reproduce:

-d "zend_test.observer.enabled=1" -d "zend_test.observer.show_init_backtrace=1"

PHP Version

PHP 8.4.0-dev

Operating System

ubuntu 22.04

cmb69 commented 1 week ago

https://github.com/php/php-src/blob/e34eebb8541f8a77dafd2398b637118a5f78dd21/ext/zend_test/observer.c#L175

fbc->op_array.filename is NULL here. Maybe just

 ext/zend_test/observer.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/zend_test/observer.c b/ext/zend_test/observer.c
index 37bbdbbd3c..c7b6a81c4e 100644
--- a/ext/zend_test/observer.c
+++ b/ext/zend_test/observer.c
@@ -172,7 +172,7 @@ static void observer_show_init_backtrace(zend_execute_data *execute_data)
                php_printf("%*s%s()\n", indent, "", ZSTR_VAL(fbc->common.function_name));
            }
        } else {
-           php_printf("%*s{main} %s\n", indent, "", ZSTR_VAL(fbc->op_array.filename));
+           php_printf("%*s{main} %s\n", indent, "", fbc->op_array.filename ? ZSTR_VAL(fbc->op_array.filename) : "unknown");
        }
    } while ((ex = ex->prev_execute_data) != NULL);
    php_printf("%*s-->\n", 2 * ZT_G(observer_nesting_depth), "");

iluuu1994 commented 1 week ago

~~This looks like a duplicate of https://github.com/php/php-src/pull/16299.~~

Edit: Wrong link. https://github.com/php/php-src/pull/16301/files And also, I'm wrong.