php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78715 Segmentation fault in zend_type_to_string_resolved
Submitted: 2019-10-22 06:40 UTC Modified: 2019-10-31 10:40 UTC
From: a dot dankovtsev at mail dot ru Assigned:
Status: Not a bug Package: Reflection related
PHP Version: master-Git-2019-10-22 (Git) OS: Mac OS
Private report: No CVE-ID: None
 [2019-10-22 06:40 UTC] a dot dankovtsev at mail dot ru
Description:
------------
Sorry, i can't izolate test stend for reproduce.
Segmentation fault while run unit-tests in some project
core dump:

lldb --core /cores/core.39217
(lldb) target create --core "/cores/core.39217"
btCore file '/cores/core.39217' (x86_64) was loaded.
(lldb) bt all
php was compiled with optimization - stepping may behave oddly; variables may not be available.
* thread #1, stop reason = signal SIGSTOP
  * frame #0: 0x000000010b1224c2 php`zend_type_to_string_resolved(type=29, scope=0x0000000000000000) at zend_compile.c:1099 [opt]
    frame #1: 0x000000010afe8658 php`zim_reflection_named_type_getName(execute_data=<unavailable>, return_value=0x000000010c221340) at php_reflection.c:2837 [opt]
    frame #2: 0x000000010b1c1d56 php`ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER(execute_data=0x000000010c2215c0) at zend_vm_execute.h:1673 [opt]
    frame #3: 0x000000010b1a3e08 php`execute_ex(ex=0x000000010c221050) at zend_vm_execute.h:52102 [opt]
    frame #4: 0x000000010b1a3fcc php`zend_execute(op_array=0x000000010c27a540, return_value=0x0000000000000000) at zend_vm_execute.h:56355 [opt]
    frame #5: 0x000000010b159761 php`zend_execute_scripts(type=8, retval=0x0000000000000000, file_count=3) at zend.c:1645 [opt]
    frame #6: 0x000000010b0e36f1 php`php_execute_script(primary_file=<unavailable>) at main.c:2586 [opt]
    frame #7: 0x000000010b1f378b php`do_cli(argc=<unavailable>, argv=<unavailable>) at php_cli.c:959 [opt]
    frame #8: 0x000000010b1f25f8 php`main(argc=3, argv=0x00007ffee4d9bad0) at php_cli.c:1350 [opt]
    frame #9: 0x00007fff73d35015 libdyld.dylib`start + 1



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-10-22 09:44 UTC] nikic@php.net
type=29 is corrupt, but I can't tell where it originates based on the trace.
 [2019-10-22 10:56 UTC] a dot dankovtsev at mail dot ru
reproduce in this code

php:
{code}
<?php

declare(strict_types = 1);

$refClass = new \ReflectionClass(\Redis::class);

$refMethod = $refClass->getMethod('zinterstore');
foreach ($refMethod->getParameters() as $param) {
    echo 'Parameter: ' . $param->getName() . PHP_EOL;
    $type = $param->getType();
    if ($type instanceof \ReflectionNamedType) {
        var_dump($type);
        $typeDeclaration = $type->getName() . ' '; // segfault this
    }
}

{code}

output:
{code}
php test.php
Parameter: key
Parameter: keys
object(ReflectionNamedType)#7 (0) {
}
Parameter: weights
object(ReflectionNamedType)#8 (0) {
}
[1]    55227 segmentation fault (core dumped)  php test.php
{code}
 [2019-10-22 12:59 UTC] a dot dankovtsev at mail dot ru
Hm... i rebuild again extension for redis with version 5.0.2 (https://github.com/phpredis/phpredis/tree/5.0.2)
Parameter with segfault was:
Type: array
Parameter: aggregate
Rebuild is resolve this segmentation fault...
Sorry for spent time...
 [2019-10-31 10:40 UTC] nikic@php.net
-Status: Open +Status: Not a bug
 [2019-10-31 10:40 UTC] nikic@php.net
Closing per above comment.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Fri Apr 10 10:01:24 2020 UTC