php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #81648 SIGSEGV on Symfony controller annotations
Submitted: 2021-11-22 11:06 UTC Modified: 2021-11-29 11:11 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: hhoechtl at 1drop dot de Assigned:
Status: Open Package: Reproducible crash
PHP Version: 8.0.13 OS: Debian 10
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2021-11-22 11:06 UTC] hhoechtl at 1drop dot de
Description:
------------
We try to run a Symfony based project and have some controllers with PHP8 annotations. But it crashes with a segmentation fault.



(gdb) run bin/console ca:c
Starting program: /usr/local/bin/php bin/console ca:c
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

 // Clearing the cache for the prod environment with debug false                                                        

Program received signal SIGSEGV, Segmentation fault.
0x00005555559a120b in zend_observer_fcall_end ()
(gdb) bt
#0  0x00005555559a120b in zend_observer_fcall_end ()
#1  0x0000555555974eca in execute_ex ()
#2  0x00005555559076ba in zend_call_function ()
#3  0x0000555555907af5 in zend_call_known_function ()
#4  0x00005555557d0010 in ?? ()
#5  0x00005555556343e5 in ?? ()
#6  0x000055555597ceed in execute_ex ()
#7  0x0000555555990a02 in zend_generator_resume ()
#8  0x0000555555991449 in ?? ()
#9  0x000055555593bd72 in ?? ()
#10 0x0000555555944773 in ?? ()
#11 0x00005555559752b7 in execute_ex ()
#12 0x000055555597d0fe in zend_execute ()
#13 0x0000555555914e5d in zend_execute_scripts ()
#14 0x00005555558b22ae in php_execute_script ()
#15 0x00005555559a2aae in ?? ()
#16 0x000055555563dbcb in ?? ()
#17 0x00007ffff700709b in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
#18 0x000055555563e30a in _start ()

I traced it down and the root case is this line:

https://github.com/symfony/symfony/blob/5.4/src/Symfony/Component/Routing/Loader/AnnotationClassLoader.php#L376

The constructor of https://github.com/symfony/symfony/blob/5.4/src/Symfony/Component/Routing/Route.php#L53 is called with 

array(8) {
  [0]=>
  array(7) {
    ["path"]=>
    string(25) "/api/customer-prices/sync"
    ["name"]=>
    string(26) "api.onedrop.customerprices"
    ["requirements"]=>
    array(0) {
    }
    ["options"]=>
    array(0) {
    }
    ["defaults"]=>
    array(0) {
    }
    ["methods"]=>
    array(1) {
      [0]=>
      string(4) "POST"
    }
    ["schemes"]=>
    array(0) {
    }
  }
  [1]=>
  string(25) "/api/customer-prices/sync"
  [2]=>
  string(26) "api.onedrop.customerprices"
  [3]=>
  array(0) {
  }
  [4]=>
  array(0) {
  }
  [5]=>
  array(0) {
  }
  [6]=>
  NULL
  [7]=>
  array(1) {
    [0]=>
    string(4) "POST"
  }
}

and finishes execution and then the segmentation fault happens. So maybe it's the yield at that point.





Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-11-24 14:23 UTC] nikic@php.net
Maybe related to bug #81430 (does disabling whichever APM extension you're using fix this?)
 [2021-11-24 15:10 UTC] hhoechtl at 1drop dot de
You are right. It was caused by the tideways module. I'll inform the author.
 [2021-11-24 16:45 UTC] cmb@php.net
-Status: Open +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2021-11-24 16:45 UTC] cmb@php.net
Thanks!  Closing as not a bug (in PHP) then.
 [2021-11-29 09:49 UTC] beberlei@php.net
@cmb Just to clarify, this is a PHP bug caused by the interaction of a zend_observer and Attributes. Tideways extension (and others) are just the trigger.
 [2021-11-29 11:11 UTC] cmb@php.net
-Status: Not a bug +Status: Open -Assigned To: cmb +Assigned To:
 [2021-11-29 11:11 UTC] cmb@php.net
Ah!  Re-opening then.
 [2022-01-10 17:44 UTC] emiel at crisp dot nl
Presumably same issue here on 8.1.1, using tideways

Simple test case:

# cat x.php
<?php

#[Attribute(Attribute::TARGET_METHOD)]
class X {
        public function __construct(int $i) {
        }
}

class Y {
        #[X(123)]
        public static function x() {
        }
}

$refClass = new ReflectionClass('Y');
$refMethod = $refClass->getMethod('x');
$refAttributes = $refMethod->getAttributes();
foreach ($refAttributes as $refAttribute) {
        $attribute = $refAttribute->newInstance();
}

# php x.php
fish: Job 2, 'php x.php' terminated by signal SIGSEGV (Address boundary error)

(gdb) run x.php
Starting program: /usr/bin/php x.php
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x00005555558c94b3 in zend_observer_fcall_end ()
(gdb) bt
#0  0x00005555558c94b3 in zend_observer_fcall_end ()
#1  0x0000555555897ab7 in execute_ex ()
#2  0x000055555582333c in zend_call_function ()
#3  0x000055555582370d in zend_call_known_function ()
#4  0x000055555570e362 in ?? ()
#5  0x00005555556691fb in ?? ()
#6  0x000055555566a159 in ?? ()
#7  0x00005555558a0bad in zend_execute ()
#8  0x0000555555831ab5 in zend_execute_scripts ()
#9  0x00005555557ced7a in php_execute_script ()
#10 0x000055555591a56e in ?? ()
#11 0x0000555555674098 in ?? ()
#12 0x00007ffff76480b3 in __libc_start_main (main=0x555555673c90, argc=2, argv=0x7fffffffe418, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>,
    stack_end=0x7fffffffe408) at ../csu/libc-start.c:308
#13 0x000055555567423e in _start ()


Indeed running without tideways extension does not trigger it
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Thu Oct 06 15:05:53 2022 UTC