php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #80765 yaml_parse_file() crash with yaml/PHP build target mismatch
Submitted: 2021-02-17 21:53 UTC Modified: 2021-02-18 11:32 UTC
From: dktapps at pmmp dot io Assigned: cmb (profile)
Status: Not a bug Package: yaml (PECL)
PHP Version: 8.0Git-2021-02-17 (Git) OS: Windows 10
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2021-02-17 21:53 UTC] dktapps at pmmp dot io 
Description:
------------
Using
- libyaml v0.2.5 built with CMake target RelWithDebInfo
- PHP built with --enable-debug and --with-yaml

When libyaml was built in release mode and PHP in debug mode (or vice versa, in theory), yaml_parse_file() will crash here: https://github.com/yaml/libyaml/blob/master/src/api.c#L280

I believe this is caused by incompatible ABI of FILE on Windows when built for different targets (debug vs non-debug).




Test script:
---------------
rcon.yml:
---
ip: 0.0.0.0
port: 19132
max-connections: 50
password: gFSeNH4PrfY=
...


test.php:
<?php

declare(strict_types=1);

var_dump(yaml_parse_file(__DIR__ . '/rcon.yml'));


Expected result:
----------------
array(4) {
  ["ip"]=>
  string(7) "0.0.0.0"
  ["port"]=>
  int(19132)
  ["max-connections"]=>
  int(50)
  ["password"]=>
  string(12) "gFSeNH4PrfY="
}

Actual result:
--------------
PHP crashes. Launching Visual Studio debugger yields the following error:

Unhandled exception at 0x00007FFE85251208 (ucrtbase.dll) in php.exe: An invalid parameter was passed to a function that considers invalid parameters fatal.

Call stack:

 	ucrtbase.dll!00007ffe85251208()	Unknown
 	ucrtbase.dll!00007ffe852024b1()	Unknown
 	ucrtbase.dll!00007ffe85202379()	Unknown
 	ucrtbase.dll!00007ffe85233c64()	Unknown
 	ucrtbase.dll!00007ffe85233918()	Unknown
 	ucrtbase.dll!00007ffe851f7f5e()	Unknown
 	ucrtbase.dll!00007ffe851f7ee8()	Unknown
>	yaml.dll!yaml_file_read_handler(void * data, unsigned char * buffer, unsigned __int64 size, unsigned __int64 * size_read) Line 280	C
 	yaml.dll!yaml_parser_update_raw_buffer(yaml_parser_s * parser) Line 121	C
 	yaml.dll!yaml_parser_determine_encoding(yaml_parser_s * parser) Line 57	C
 	yaml.dll!yaml_parser_update_buffer(yaml_parser_s * parser, unsigned __int64 length) Line 161	C
 	yaml.dll!yaml_parser_fetch_next_token(yaml_parser_s * parser) Line 865	C
 	yaml.dll!yaml_parser_fetch_more_tokens(yaml_parser_s * parser) Line 847	C
 	yaml.dll!yaml_parser_parse_stream_start(yaml_parser_s * parser, yaml_event_s * event) Line 317	C
 	yaml.dll!yaml_parser_state_machine(yaml_parser_s * parser, yaml_event_s * event) Line 231	C
 	yaml.dll!yaml_parser_parse(yaml_parser_s * parser, yaml_event_s * event) Line 189	C
 	php8ts_debug.dll!yaml_next_event(parser_state_s * state) Line 283	C
 	php8ts_debug.dll!php_yaml_read_partial(parser_state_s * state, __int64 pos, __int64 * ndocs, _zval_struct * retval) Line 170	C
 	php8ts_debug.dll!zif_yaml_parse_file(_zend_execute_data * execute_data, _zval_struct * return_value) Line 449	C
 	[External Code]	
 	php8ts_debug.dll!i_init_code_execute_data(_zend_execute_data * execute_data, _zend_op_array * op_array, _zval_struct * return_value) Line 3641	C
 	php8ts_debug.dll!zend_execute(_zend_op_array * op_array, _zval_struct * return_value) Line 58877	C
 	php8ts_debug.dll!zend_execute_scripts(int type, _zval_struct * retval, int file_count, ...) Line 1681	C
 	php8ts_debug.dll!php_execute_script(_zend_file_handle * primary_file) Line 2488	C
 	php.exe!do_cli(int argc, char * * argv) Line 951	C
 	php.exe!main(int argc, char * * argv) Line 1336	C

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-02-18 11:32 UTC] cmb@php.net
-Status: Open +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2021-02-18 11:32 UTC] cmb@php.net 
> I believe this is caused by incompatible ABI of FILE on Windows
> when built for different targets (debug vs non-debug).

That is possible, although I never met this error, and cannot
reproduce it with the PHP for Windows libyaml[1] (which is also a
RelWithDebInfo build).

Anyhow, there is not much we can do regarding these
incompatibilities, and there is already a provision in the build
system[2] which allows to have both debug and release libraries,
so this issue can be avoided.

[1] <https://windows.php.net/downloads/pecl/deps/>
[2] <https://github.com/php/php-src/blob/php-7.4.15/win32/build/confutils.js#L779>
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 25 12:01:31 2024 UTC