php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78344 Segmentation fault on zend_check_protected
Submitted: 2019-07-29 07:33 UTC Modified: 2019-07-29 08:39 UTC
From: a dot dankovtsev at mail dot ru Assigned: nikic (profile)
Status: Closed Package: Reproducible crash
PHP Version: 7.4.0beta1 OS: Mac OS
Private report: No CVE-ID: None
 [2019-07-29 07:33 UTC] a dot dankovtsev at mail dot ru
Description:
------------
Something went wrong

lldb --core /cores/core.71210
(lldb) target create --core "/cores/core.71210"
Core file '/cores/core.71210' (x86_64) was loaded.
(lldb) bt all
php was compiled with optimization - stepping may behave oddly; variables may not be available.
* thread #1, stop reason = signal SIGSTOP
  * frame #0: 0x000000010d4d0c80 php`zend_check_protected(ce=0x000000010fb9b918, scope=0x0000000000000010) at zend_object_handlers.c:1207 [opt]
    frame #1: 0x000000010d47bd2d php`zend_try_ct_eval_class_const(zv=<unavailable>, class_name=<unavailable>, name=<unavailable>) at zend_compile.c:1436 [opt]
    frame #2: 0x000000010d47b063 php`zend_compile_class_const(result=0x00007ffee2a07da8, ast=0x0000000110646778) at zend_compile.c:7971 [opt]
    frame #3: 0x000000010d461761 php`zend_compile_args(ast=0x0000000110646718, fbc=0x0000000000000000) at zend_compile.c:2996 [opt]
    frame #4: 0x000000010d461bbf php`zend_compile_call_common(result=0x00007ffee2a07f10, args_ast=<unavailable>, fbc=0x0000000000000000) at zend_compile.c:3073 [opt]
    frame #5: 0x000000010d467e3d php`zend_compile_method_call(result=0x0000000000000000, ast=<unavailable>, type=<unavailable>) at zend_compile.c:3884 [opt]
    frame #6: 0x000000010d45f23a php`zend_compile_var(result=0x00007ffee2a07f10, ast=<unavailable>, type=0, by_ref=0) at zend_compile.c:8644 [opt]
    frame #7: 0x000000010d46bc67 php`zend_compile_stmt(ast=0x0000000110646790) at zend_compile.c:8480 [opt]
    frame #8: 0x000000010d46bbda php`zend_compile_stmt [inlined] zend_compile_stmt_list(ast=<unavailable>) at zend_compile.c:5201 [opt]
    frame #9: 0x000000010d46bbbc php`zend_compile_stmt(ast=0x0000000110646690) at zend_compile.c:8392 [opt]
    frame #10: 0x000000010d46d41c php`zend_compile_if(ast=0x0000000110646880) at zend_compile.c:4672 [opt]
    frame #11: 0x000000010d46bbf4 php`zend_compile_stmt(ast=0x0000000110646880) at zend_compile.c:8435 [opt]
    frame #12: 0x000000010d46bbda php`zend_compile_stmt [inlined] zend_compile_stmt_list(ast=<unavailable>) at zend_compile.c:5201 [opt]
    frame #13: 0x000000010d46bbbc php`zend_compile_stmt(ast=0x0000000110646540) at zend_compile.c:8392 [opt]
    frame #14: 0x000000010d47138b php`zend_compile_func_decl(result=0x0000000000000000, ast=0x00000001106470b8, toplevel='\0') at zend_compile.c:5978 [opt]
    frame #15: 0x000000010d46b7e9 php`zend_compile_stmt(ast=0x00000001106470b8) at zend_compile.c:8448 [opt]
    frame #16: 0x000000010d46bbda php`zend_compile_stmt [inlined] zend_compile_stmt_list(ast=<unavailable>) at zend_compile.c:5201 [opt]
    frame #17: 0x000000010d46bbbc php`zend_compile_stmt(ast=0x0000000110646458) at zend_compile.c:8392 [opt]
    frame #18: 0x000000010d46873f php`zend_compile_class_decl(ast=0x0000000110647ab8, toplevel='\x01') at zend_compile.c:6391 [opt]
    frame #19: 0x000000010d473bf3 php`zend_compile_top_stmt(ast=0x0000000110647ab8) at zend_compile.c:8367 [opt]
    frame #20: 0x000000010d473bca php`zend_compile_top_stmt(ast=0x0000000110647b00) at zend_compile.c:8356 [opt]
    frame #21: 0x000000010d441830 php`zend_compile(type=2) at zend_language_scanner.l:610 [opt]
    frame #22: 0x000000010d4416fd php`compile_file(file_handle=0x00007ffee2a086c0, type=2) at zend_language_scanner.l:644 [opt]
    frame #23: 0x000000010d33c6db php`phar_compile_file(file_handle=0x00007ffee2a086c0, type=2) at phar.c:3298 [opt]
    frame #24: 0x000000010d441926 php`compile_filename(type=2, filename=0x0000000000000000) at zend_language_scanner.l:665 [opt]
    frame #25: 0x000000010d52969d php`zend_include_or_eval(inc_filename=0x000000010de1ccb0, type=2) at zend_execute.c:4223 [opt]
    frame #26: 0x000000010d4fe942 php`ZEND_INCLUDE_OR_EVAL_SPEC_CV_HANDLER(execute_data=0x000000010de1c490) at zend_vm_execute.h:37502 [opt]
    frame #27: 0x000000010d4db668 php`execute_ex(ex=0x000000010de1c490) at zend_vm_execute.h:53288 [opt]
    frame #28: 0x000000010d47f72c php`zend_call_function(fci=<unavailable>, fci_cache=<unavailable>) at zend_execute_API.c:819 [opt]
    frame #29: 0x000000010d36cd2e php`zif_spl_autoload_call(execute_data=<unavailable>, return_value=<unavailable>) at php_spl.c:448 [opt]
    frame #30: 0x000000010d47f78e php`zend_call_function(fci=<unavailable>, fci_cache=<unavailable>) at zend_execute_API.c:832 [opt]
    frame #31: 0x000000010d47ff18 php`zend_lookup_class_ex(name=<unavailable>, key=0x0000000000000000, flags=<unavailable>) at zend_execute_API.c:993 [opt]
    frame #32: 0x000000010d4abcd4 php`class_exists_impl(execute_data=<unavailable>, return_value=0x000000010de1c1e0, flags=0, skip_flags=3) at zend_builtin_functions.c:1469 [opt]
    frame #33: 0x000000010d513307 php`ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_USED_HANDLER(execute_data=0x000000010de1c330) at zend_vm_execute.h:1517 [opt]
    frame #34: 0x000000010d4db668 php`execute_ex(ex=0x000000010de1bf70) at zend_vm_execute.h:53288 [opt]
    frame #35: 0x000000010d4db82c php`zend_execute(op_array=0x000000010de7a540, return_value=0x0000000000000000) at zend_vm_execute.h:57577 [opt]
    frame #36: 0x000000010d490391 php`zend_execute_scripts(type=8, retval=0x0000000000000000, file_count=3) at zend.c:1663 [opt]
    frame #37: 0x000000010d41a141 php`php_execute_script(primary_file=<unavailable>) at main.c:2606 [opt]
    frame #38: 0x000000010d52f6cb php`do_cli(argc=<unavailable>, argv=<unavailable>) at php_cli.c:962 [opt]
    frame #39: 0x000000010d52e538 php`main(argc=4, argv=0x00007ffee2a09aa0) at php_cli.c:1352 [opt]
    frame #40: 0x00007fff76922015 libdyld.dylib`start + 1


Test script:
---------------
some build script with building symfony dependency injection


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-07-29 07:37 UTC] nikic@php.net
-Package: PHP Language Specification +Package: Scripting Engine problem
 [2019-07-29 07:37 UTC] requinix@php.net
-Package: Scripting Engine problem +Package: Reproducible crash
 [2019-07-29 07:37 UTC] requinix@php.net
Can you tell what file it was compiling at the time? You might need to use a debug build.
 [2019-07-29 07:48 UTC] krakjoe@php.net
-Status: Open +Status: Feedback
 [2019-07-29 07:48 UTC] krakjoe@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves.

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external
resources such as databases, etc. If the script requires a
database to demonstrate the issue, please make sure it creates
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.

We can see roughly what's going on from the trace, we know that active class entry has a bogus address for some reason, and we can see roughly what leads up too it, but it's too hard to guess the exact code that will reproduce the fault.

Please provide a minimal reproducing test case.
 [2019-07-29 08:28 UTC] nikic@php.net
My suspicion here is that this is caused by the parent class being in string form during the visibility check, but I haven't been able to come up with a reproducer...
 [2019-07-29 08:39 UTC] nikic@php.net
-Status: Feedback +Status: Assigned -Assigned To: +Assigned To: nikic
 [2019-07-29 08:39 UTC] nikic@php.net
Got one:

class A {
    protected const FOO = 1;
}
class B {}
class C extends B {
    public function method() {
        var_dump(A::FOO);
    }
}
 [2019-07-29 09:13 UTC] nikic@php.net
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=4ae807e84e102db9e0e97411cac90909f75f63f4
Log: Fixed bug #78344
 [2019-07-29 09:13 UTC] nikic@php.net
-Status: Assigned +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 30 17:01:29 2024 UTC