archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'PHP-8.2' into PHP-8.3

Browse source 
* PHP-8.2:
  Fix GH-13827: Null pointer access of type 'zval' in phpdbg_frame
This commit is contained in:
Niels Dossche 2024-03-29 17:55:33 +01:00
commit 508ed9b474
3 changed files with 45 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
NEWS
View file

@ -14,6 +14,10 @@ PHP NEWS
. Fixed bug GH-10495 (feof on OpenSSL stream hangs indefinitely). . Fixed bug GH-10495 (feof on OpenSSL stream hangs indefinitely).
(Jakub Zelenka) (Jakub Zelenka)
- PHPDBG:
. Fixed bug GH-13827 (Null pointer access of type 'zval' in phpdbg_frame).
(nielsdos)
- Streams: - Streams:
. Fixed bug GH-13264 (Part 1 - Memory leak on stream filter failure). . Fixed bug GH-13264 (Part 1 - Memory leak on stream filter failure).
(Jakub Zelenka) (Jakub Zelenka)

11
sapi/phpdbg/phpdbg_frame.c
View file

@ -274,7 +274,8 @@ void phpdbg_dump_backtrace(size_t num) /* {{{ */
Z_STR(startfile) = zend_string_init(startfilename, strlen(startfilename), 0); Z_STR(startfile) = zend_string_init(startfilename, strlen(startfilename), 0);
zend_hash_internal_pointer_reset_ex(Z_ARRVAL(zbacktrace), &position); zend_hash_internal_pointer_reset_ex(Z_ARRVAL(zbacktrace), &position);
tmp = zend_hash_get_current_data_ex(Z_ARRVAL(zbacktrace), &position);
zval *function_name = NULL;
while ((tmp = zend_hash_get_current_data_ex(Z_ARRVAL(zbacktrace), &position))) { while ((tmp = zend_hash_get_current_data_ex(Z_ARRVAL(zbacktrace), &position))) {
if (file) { /* userland */ if (file) { /* userland */
phpdbg_out("frame #%d: ", i); phpdbg_out("frame #%d: ", i);
@ -289,10 +290,18 @@ void phpdbg_dump_backtrace(size_t num) /* {{{ */
file = zend_hash_find(Z_ARRVAL_P(tmp), ZSTR_KNOWN(ZEND_STR_FILE)); file = zend_hash_find(Z_ARRVAL_P(tmp), ZSTR_KNOWN(ZEND_STR_FILE));
line = zend_hash_find(Z_ARRVAL_P(tmp), ZSTR_KNOWN(ZEND_STR_LINE)); line = zend_hash_find(Z_ARRVAL_P(tmp), ZSTR_KNOWN(ZEND_STR_LINE));
function_name = zend_hash_find(Z_ARRVAL_P(tmp), ZSTR_KNOWN(ZEND_STR_FUNCTION));
zend_hash_move_forward_ex(Z_ARRVAL(zbacktrace), &position); zend_hash_move_forward_ex(Z_ARRVAL(zbacktrace), &position);
} }
/* This is possible for fibers' start closure for example, which have a frame that doesn't contain the info
* of which location stated the fiber if that stack frame is already torn down. same behaviour with debug_backtrace(). */
if (file == NULL) {
phpdbg_writeln(" => %s (internal function)", Z_STRVAL_P(function_name));
} else {
phpdbg_writeln("frame #%d: {main} at %s:"ZEND_LONG_FMT, i, Z_STRVAL_P(file), Z_LVAL_P(line)); phpdbg_writeln("frame #%d: {main} at %s:"ZEND_LONG_FMT, i, Z_STRVAL_P(file), Z_LVAL_P(line));
}
zval_ptr_dtor_nogc(&zbacktrace); zval_ptr_dtor_nogc(&zbacktrace);
zend_string_release(Z_STR(startfile)); zend_string_release(Z_STR(startfile));

30
sapi/phpdbg/tests/gh13827.phpt Normal file
View file

@ -0,0 +1,30 @@
--TEST--
GH-13827 (Null pointer access of type 'zval' in phpdbg_frame)
--FILE--
<?php
$fiber = new Fiber(function () {
$fiber = Fiber::getCurrent();
Fiber::suspend();
});
$fiber->start();
$fiber = null;
gc_collect_cycles();
?>
--PHPDBG--
r
t
q
--EXPECTF--
[Successful compilation of %s]
prompt> [Uncaught GracefulExit in on line 0: ]
>00006: Fiber::suspend();
00007: });
00008:
prompt> frame #0: {closure}() at %s:6
=> {closure} (internal function)
prompt>