Fix GH-11121: ReflectionFiber segfault

danog · trowski · nielsdos · commit 71f14510f664 · 2023-10-11T17:19:01.000+02:00
Closes GH-12391. Co-authored-by: Aaron Piotrowski <aaron@trowski.com>
diff --git a/NEWS b/NEWS
@@ -2,6 +2,9 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? ????, PHP 8.1.26
 
+- Fiber:
+  . Fixed bug GH-11121 (ReflectionFiber segfault). (danog, trowski, bwoebi)
+
 - Opcache:
   . Added warning when JIT cannot be enabled. (danog)
   . Fixed bug GH-8143 (Crashes in zend_accel_inheritance_cache_find since
diff --git a/Zend/zend_fibers.c b/Zend/zend_fibers.c
@@ -554,6 +554,10 @@ static zend_always_inline zend_fiber_transfer zend_fiber_resume(zend_fiber *fibe
 {
 	zend_fiber *previous = EG(active_fiber);
 
+	if (previous) {
+		previous->execute_data = EG(current_execute_data);
+	}
+
 	fiber->caller = EG(current_fiber_context);
 	EG(active_fiber) = fiber;
 
@@ -571,6 +575,7 @@ static zend_always_inline zend_fiber_transfer zend_fiber_suspend(zend_fiber *fib
 	zend_fiber_context *caller = fiber->caller;
 	fiber->previous = EG(current_fiber_context);
 	fiber->caller = NULL;
+	fiber->execute_data = EG(current_execute_data);
 
 	return zend_fiber_switch_to(caller, value, false);
 }
@@ -741,7 +746,6 @@ ZEND_METHOD(Fiber, suspend)
 
 	ZEND_ASSERT(fiber->context.status == ZEND_FIBER_STATUS_RUNNING || fiber->context.status == ZEND_FIBER_STATUS_SUSPENDED);
 
-	fiber->execute_data = EG(current_execute_data);
 	fiber->stack_bottom->prev_execute_data = NULL;
 
 	zend_fiber_transfer transfer = zend_fiber_suspend(fiber, value);
diff --git a/ext/reflection/tests/ReflectionFiber_bug_gh11121_1.phpt b/ext/reflection/tests/ReflectionFiber_bug_gh11121_1.phpt
@@ -0,0 +1,62 @@
+--TEST--
+GH-11121: Segfault when using ReflectionFiber
+--FILE--
+<?php
+function f() {
+    Fiber::suspend();
+}
+
+function g() {
+    (new Fiber(function() {
+        global $f;
+        var_dump((new ReflectionFiber($f))->getTrace());
+    }))->start();
+}
+
+$f = new Fiber(function() { f(); max(...[1,2,3,4,5,6,7,8,9,10,11,12]); g(); });
+$f->start();
+$f->resume();
+
+?>
+--EXPECTF--
+array(3) {
+  [0]=>
+  array(7) {
+    ["file"]=>
+    string(%d) "%sReflectionFiber_bug_gh11121_1.php"
+    ["line"]=>
+    int(10)
+    ["function"]=>
+    string(5) "start"
+    ["class"]=>
+    string(5) "Fiber"
+    ["object"]=>
+    object(Fiber)#3 (0) {
+    }
+    ["type"]=>
+    string(2) "->"
+    ["args"]=>
+    array(0) {
+    }
+  }
+  [1]=>
+  array(4) {
+    ["file"]=>
+    string(%d) "%sReflectionFiber_bug_gh11121_1.php"
+    ["line"]=>
+    int(13)
+    ["function"]=>
+    string(1) "g"
+    ["args"]=>
+    array(0) {
+    }
+  }
+  [2]=>
+  array(2) {
+    ["function"]=>
+    string(9) "{closure}"
+    ["args"]=>
+    array(0) {
+    }
+  }
+}
diff --git a/ext/reflection/tests/ReflectionFiber_bug_gh11121_2.phpt b/ext/reflection/tests/ReflectionFiber_bug_gh11121_2.phpt
@@ -0,0 +1,63 @@
+--TEST--
+GH-11121: Segfault when using ReflectionFiber
+--FILE--
+<?php
+
+function f() {
+    Fiber::suspend();
+}
+
+function g() {
+    (new Fiber(function() {
+        global $f;
+        var_dump((new ReflectionFiber($f))->getTrace());
+    }))->start();
+}
+
+$f = new Fiber(function() { f(); g(); });
+$f->start();
+$f->resume();
+
+?>
+--EXPECTF--
+array(3) {
+  [0]=>
+  array(7) {
+    ["file"]=>
+    string(%d) "%sReflectionFiber_bug_gh11121_2.php"
+    ["line"]=>
+    int(11)
+    ["function"]=>
+    string(5) "start"
+    ["class"]=>
+    string(5) "Fiber"
+    ["object"]=>
+    object(Fiber)#3 (0) {
+    }
+    ["type"]=>
+    string(2) "->"
+    ["args"]=>
+    array(0) {
+    }
+  }
+  [1]=>
+  array(4) {
+    ["file"]=>
+    string(%d) "%sReflectionFiber_bug_gh11121_2.php"
+    ["line"]=>
+    int(14)
+    ["function"]=>
+    string(1) "g"
+    ["args"]=>
+    array(0) {
+    }
+  }
+  [2]=>
+  array(2) {
+    ["function"]=>
+    string(9) "{closure}"
+    ["args"]=>
+    array(0) {
+    }
+  }
+}
