php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #81648 SIGSEGV on Symfony controller annotations
Submitted: 2021-11-22 11:06 UTC Modified: 2021-11-29 11:11 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: hhoechtl at 1drop dot de Assigned:
Status: Open Package: Reproducible crash
PHP Version: 8.0.13 OS: Debian 10
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: hhoechtl at 1drop dot de
New email:
PHP Version: OS:

 

 [2021-11-22 11:06 UTC] hhoechtl at 1drop dot de
Description:
------------
We try to run a Symfony based project and have some controllers with PHP8 annotations. But it crashes with a segmentation fault.



(gdb) run bin/console ca:c
Starting program: /usr/local/bin/php bin/console ca:c
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

 // Clearing the cache for the prod environment with debug false                                                        

Program received signal SIGSEGV, Segmentation fault.
0x00005555559a120b in zend_observer_fcall_end ()
(gdb) bt
#0  0x00005555559a120b in zend_observer_fcall_end ()
#1  0x0000555555974eca in execute_ex ()
#2  0x00005555559076ba in zend_call_function ()
#3  0x0000555555907af5 in zend_call_known_function ()
#4  0x00005555557d0010 in ?? ()
#5  0x00005555556343e5 in ?? ()
#6  0x000055555597ceed in execute_ex ()
#7  0x0000555555990a02 in zend_generator_resume ()
#8  0x0000555555991449 in ?? ()
#9  0x000055555593bd72 in ?? ()
#10 0x0000555555944773 in ?? ()
#11 0x00005555559752b7 in execute_ex ()
#12 0x000055555597d0fe in zend_execute ()
#13 0x0000555555914e5d in zend_execute_scripts ()
#14 0x00005555558b22ae in php_execute_script ()
#15 0x00005555559a2aae in ?? ()
#16 0x000055555563dbcb in ?? ()
#17 0x00007ffff700709b in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
#18 0x000055555563e30a in _start ()

I traced it down and the root case is this line:

https://github.com/symfony/symfony/blob/5.4/src/Symfony/Component/Routing/Loader/AnnotationClassLoader.php#L376

The constructor of https://github.com/symfony/symfony/blob/5.4/src/Symfony/Component/Routing/Route.php#L53 is called with 

array(8) {
  [0]=>
  array(7) {
    ["path"]=>
    string(25) "/api/customer-prices/sync"
    ["name"]=>
    string(26) "api.onedrop.customerprices"
    ["requirements"]=>
    array(0) {
    }
    ["options"]=>
    array(0) {
    }
    ["defaults"]=>
    array(0) {
    }
    ["methods"]=>
    array(1) {
      [0]=>
      string(4) "POST"
    }
    ["schemes"]=>
    array(0) {
    }
  }
  [1]=>
  string(25) "/api/customer-prices/sync"
  [2]=>
  string(26) "api.onedrop.customerprices"
  [3]=>
  array(0) {
  }
  [4]=>
  array(0) {
  }
  [5]=>
  array(0) {
  }
  [6]=>
  NULL
  [7]=>
  array(1) {
    [0]=>
    string(4) "POST"
  }
}

and finishes execution and then the segmentation fault happens. So maybe it's the yield at that point.





Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-11-24 14:23 UTC] nikic@php.net
Maybe related to bug #81430 (does disabling whichever APM extension you're using fix this?)
 [2021-11-24 15:10 UTC] hhoechtl at 1drop dot de
You are right. It was caused by the tideways module. I'll inform the author.
 [2021-11-24 16:45 UTC] cmb@php.net
-Status: Open +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2021-11-24 16:45 UTC] cmb@php.net
Thanks!  Closing as not a bug (in PHP) then.
 [2021-11-29 09:49 UTC] beberlei@php.net
@cmb Just to clarify, this is a PHP bug caused by the interaction of a zend_observer and Attributes. Tideways extension (and others) are just the trigger.
 [2021-11-29 11:11 UTC] cmb@php.net
-Status: Not a bug +Status: Open -Assigned To: cmb +Assigned To:
 [2021-11-29 11:11 UTC] cmb@php.net
Ah!  Re-opening then.
 [2022-01-10 17:44 UTC] emiel at crisp dot nl
Presumably same issue here on 8.1.1, using tideways

Simple test case:

# cat x.php
<?php

#[Attribute(Attribute::TARGET_METHOD)]
class X {
        public function __construct(int $i) {
        }
}

class Y {
        #[X(123)]
        public static function x() {
        }
}

$refClass = new ReflectionClass('Y');
$refMethod = $refClass->getMethod('x');
$refAttributes = $refMethod->getAttributes();
foreach ($refAttributes as $refAttribute) {
        $attribute = $refAttribute->newInstance();
}

# php x.php
fish: Job 2, 'php x.php' terminated by signal SIGSEGV (Address boundary error)

(gdb) run x.php
Starting program: /usr/bin/php x.php
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x00005555558c94b3 in zend_observer_fcall_end ()
(gdb) bt
#0  0x00005555558c94b3 in zend_observer_fcall_end ()
#1  0x0000555555897ab7 in execute_ex ()
#2  0x000055555582333c in zend_call_function ()
#3  0x000055555582370d in zend_call_known_function ()
#4  0x000055555570e362 in ?? ()
#5  0x00005555556691fb in ?? ()
#6  0x000055555566a159 in ?? ()
#7  0x00005555558a0bad in zend_execute ()
#8  0x0000555555831ab5 in zend_execute_scripts ()
#9  0x00005555557ced7a in php_execute_script ()
#10 0x000055555591a56e in ?? ()
#11 0x0000555555674098 in ?? ()
#12 0x00007ffff76480b3 in __libc_start_main (main=0x555555673c90, argc=2, argv=0x7fffffffe418, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>,
    stack_end=0x7fffffffe408) at ../csu/libc-start.c:308
#13 0x000055555567423e in _start ()


Indeed running without tideways extension does not trigger it
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Oct 08 22:01:27 2024 UTC