Skip to content

Segfault in ReflectionAttribute->__toString() #11937

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
cgrabenstein opened this issue Aug 11, 2023 · 3 comments
Closed

Segfault in ReflectionAttribute->__toString() #11937

cgrabenstein opened this issue Aug 11, 2023 · 3 comments
Labels
Bug Status: Needs Triage

Comments

@cgrabenstein
Copy link

Description

I created a repository for the MRE, since the setup is a bit more complex. You can find it here: https://github.com/cgrabenstein/php-segfault-mre

The issue is possibly related to #8133, at least the constants in an enum are required to reproduce the error. But I could not reproduce it without the multiple kernels in Symfony.

PHP Version

PHP 8.2.8

Operating System

Debian 12 (that's what the php:8.2-cli image uses)
@iluuu1994
Copy link
Member

It doesn't look related.

[0x7fffe51760e0] ReflectionAttribute->__toString() [internal function]
[0x620000114080] Symfony\Component\Config\Resource\ReflectionClassResource->generateSignature(object[0x6200001140d0]) /home/ilutov/Developer/php-segfault-mre/vendor/symfony/config/Resource/ReflectionClassResource.php:171 
[0x7fffe5175f80] Symfony\Component\Config\Resource\ReflectionClassResource->computeHash() /home/ilutov/Developer/php-segfault-mre/vendor/symfony/config/Resource/ReflectionClassResource.php:115 
[0x7fffe5175ed0] Symfony\Component\Config\Resource\ReflectionClassResource->__sleep() /home/ilutov/Developer/php-segfault-mre/vendor/symfony/config/Resource/ReflectionClassResource.php:72 
[0x7fffe5175e70] serialize(array(28)[0x7fffe5175ec0]) [internal function]
[0x7fffe5175970] Symfony\Component\Config\ResourceCheckerConfigCache->write("<?xml version="1.0" encoding="utf-8"?>\12<container xmlns="http://symfony.com/schema/dic/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://symfony.com/schema/dic/services https://symfony.com/schema/dic/services/servic...", array(28)[0x7fffe51759d0]) /home/ilutov/Developer/php-segfault-mre/vendor/symfony/config/ResourceCheckerConfigCache.php:131 
[0x7fffe5175850] Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\ContainerBuilderDebugDumpPass->process(object[0x7fffe51758a0]) /home/ilutov/Developer/php-segfault-mre/vendor/symfony/framework-bundle/DependencyInjection/Compiler/ContainerBuilderDebugDumpPass.php:32 
[0x7fffe5175600] Symfony\Component\DependencyInjection\Compiler\Compiler->compile(object[0x7fffe5175650]) /home/ilutov/Developer/php-segfault-mre/vendor/symfony/dependency-injection/Compiler/Compiler.php:82 
[0x7fffe5175270] Symfony\Component\DependencyInjection\ContainerBuilder->compile() /home/ilutov/Developer/php-segfault-mre/vendor/symfony/dependency-injection/ContainerBuilder.php:757 
[0x7fffe51746d0] Symfony\Component\HttpKernel\Kernel->initializeContainer() /home/ilutov/Developer/php-segfault-mre/vendor/symfony/http-kernel/Kernel.php:546 
[0x7fffe5174420] Symfony\Component\HttpKernel\Kernel->preBoot() /home/ilutov/Developer/php-segfault-mre/vendor/symfony/http-kernel/Kernel.php:787 
[0x7fffe5174250] Symfony\Component\HttpKernel\Kernel->boot() /home/ilutov/Developer/php-segfault-mre/vendor/symfony/http-kernel/Kernel.php:128 
[0x7fffe51740f0] Symfony\Bundle\FrameworkBundle\Test\KernelTestCase->bootKernel(array(0)[0x7fffe5174140]) /home/ilutov/Developer/php-segfault-mre/vendor/symfony/framework-bundle/Test/KernelTestCase.php:82 
[0x7fffe5173f50] Symfony\Bundle\FrameworkBundle\Test\WebTestCase->createClient() /home/ilutov/Developer/php-segfault-mre/vendor/symfony/framework-bundle/Test/WebTestCase.php:46 
[0x7fffe5173e90] SecondTest->testBar() /home/ilutov/Developer/php-segfault-mre/tests/SecondTest.php:17 
[0x7fffe5173960] PHPUnit\Framework\TestCase->runTest() /home/ilutov/Developer/php-segfault-mre/vendor/phpunit/phpunit/src/Framework/TestCase.php:1608 
[0x7fffe5173240] PHPUnit\Framework\TestCase->runBare() /home/ilutov/Developer/php-segfault-mre/vendor/phpunit/phpunit/src/Framework/TestCase.php:1214 
[0x7fffe5172040] PHPUnit\Framework\TestResult->run(object[0x7fffe5172090]) /home/ilutov/Developer/php-segfault-mre/vendor/phpunit/phpunit/src/Framework/TestResult.php:728 
[0x7fffe5171430] PHPUnit\Framework\TestCase->run(object[0x7fffe5171480]) /home/ilutov/Developer/php-segfault-mre/vendor/phpunit/phpunit/src/Framework/TestCase.php:964 
[0x7fffe5170d30] PHPUnit\Framework\TestSuite->run(object[0x7fffe5170d80]) /home/ilutov/Developer/php-segfault-mre/vendor/phpunit/phpunit/src/Framework/TestSuite.php:684 
[0x7fffe5170630] PHPUnit\Framework\TestSuite->run(object[0x7fffe5170680]) /home/ilutov/Developer/php-segfault-mre/vendor/phpunit/phpunit/src/Framework/TestSuite.php:684 
[0x7fffe516e200] PHPUnit\TextUI\TestRunner->run(object[0x7fffe516e250], reference, reference, true) /home/ilutov/Developer/php-segfault-mre/vendor/phpunit/phpunit/src/TextUI/TestRunner.php:651 
[0x7fffe516de30] PHPUnit\TextUI\Command->run(array(4)[0x7fffe516de80], true) /home/ilutov/Developer/php-segfault-mre/vendor/phpunit/phpunit/src/TextUI/Command.php:144 
[0x7fffe516dd20] PHPUnit\TextUI\Command->main() /home/ilutov/Developer/php-segfault-mre/vendor/phpunit/phpunit/src/TextUI/Command.php:97 
[0x7fffe516d9e0] (main) /home/ilutov/Developer/php-segfault-mre/vendor/phpunit/phpunit/phpunit:107 
[0x7fffe516d820] (main) /home/ilutov/Developer/php-segfault-mre/vendor/bin/phpunit:122 

#0  0x00007ffff6cb0844 in __pthread_kill_implementation () from /lib64/libc.so.6
#1  0x00007ffff6c5fabe in raise () from /lib64/libc.so.6
#2  0x00007ffff6c4887f in abort () from /lib64/libc.so.6
#3  0x00007ffff6c4879b in __assert_fail_base.cold () from /lib64/libc.so.6
#4  0x00007ffff6c58147 in __assert_fail () from /lib64/libc.so.6
#5  0x0000000001b777cb in zend_ast_export_zval (str=0x7ffff48fa120, zv=0x612000763e48, priority=0, indent=0) at /home/ilutov/Developer/php-src/Zend/zend_ast.c:1441
#6  0x0000000001b776e0 in zend_ast_export_zval (str=0x7ffff48fa120, zv=0x612000fb1d70, priority=20, indent=0) at /home/ilutov/Developer/php-src/Zend/zend_ast.c:1433
#7  0x0000000001b78653 in zend_ast_export_ex (str=0x7ffff48fa120, ast=0x612000fb1d68, priority=20, indent=0) at /home/ilutov/Developer/php-src/Zend/zend_ast.c:1588
#8  0x0000000001b75a83 in zend_ast_export_list (str=0x7ffff48fa120, list=0x612000fb1d20, separator=true, priority=20, indent=0) at /home/ilutov/Developer/php-src/Zend/zend_ast.c:1242
#9  0x0000000001b79cfa in zend_ast_export_ex (str=0x7ffff48fa120, ast=0x612000fb1d20, priority=0, indent=0) at /home/ilutov/Developer/php-src/Zend/zend_ast.c:1697
#10 0x0000000001b7cbd4 in zend_ast_export_ex (str=0x7ffff48fa120, ast=0x612000fb1cf0, priority=20, indent=0) at /home/ilutov/Developer/php-src/Zend/zend_ast.c:2040
#11 0x0000000001b75a83 in zend_ast_export_list (str=0x7ffff48fa120, list=0x612000fb1ca8, separator=true, priority=20, indent=0) at /home/ilutov/Developer/php-src/Zend/zend_ast.c:1242
#12 0x0000000001b79cfa in zend_ast_export_ex (str=0x7ffff48fa120, ast=0x612000fb1ca8, priority=0, indent=0) at /home/ilutov/Developer/php-src/Zend/zend_ast.c:1697
#13 0x0000000001b7cbd4 in zend_ast_export_ex (str=0x7ffff48fa120, ast=0x612000fb1c78, priority=80, indent=0) at /home/ilutov/Developer/php-src/Zend/zend_ast.c:2040
#14 0x0000000001b7c650 in zend_ast_export_ex (str=0x7ffff48fa120, ast=0x612000fb1c60, priority=20, indent=0) at /home/ilutov/Developer/php-src/Zend/zend_ast.c:2020
#15 0x0000000001b75a83 in zend_ast_export_list (str=0x7ffff48fa120, list=0x612000fb1c48, separator=true, priority=20, indent=0) at /home/ilutov/Developer/php-src/Zend/zend_ast.c:1242
#16 0x0000000001b79d35 in zend_ast_export_ex (str=0x7ffff48fa120, ast=0x612000fb1c48, priority=0, indent=0) at /home/ilutov/Developer/php-src/Zend/zend_ast.c:1701
#17 0x0000000001b80fdc in zend_ast_export (prefix=0x2ae6f80 "", ast=0x612000fb1c48, suffix=0x2ae6f80 "") at /home/ilutov/Developer/php-src/Zend/zend_ast.c:2395
#18 0x0000000000f6935c in format_default_value (str=0x7ffff48fa0a0, value=0x6060007294c8) at /home/ilutov/Developer/php-src/ext/reflection/php_reflection.c:650
#19 0x0000000000fdd675 in zim_ReflectionAttribute___toString (execute_data=0x7fffe51760e0, return_value=0x7ffff48fa060) at /home/ilutov/Developer/php-src/ext/reflection/php_reflection.c:6466
#20 0x00000000016b3932 in zend_call_function (fci=0x7ffff4a47680, fci_cache=0x7ffff4a47640) at /home/ilutov/Developer/php-src/Zend/zend_execute_API.c:943
#21 0x00000000016b4c1d in zend_call_known_function (fn=0x60c000095ec0, object=0x60700049c8e8, called_scope=0x615000019a80, retval_ptr=0x7ffff48fa060, param_count=0, params=0x0, named_params=0x0) at /home/ilutov/Developer/php-src/Zend/zend_execute_API.c:1020
#22 0x0000000001b8b41e in zend_call_known_instance_method (fn=0x60c000095ec0, object=0x60700049c8e8, retval_ptr=0x7ffff48fa060, param_count=0, params=0x0) at /home/ilutov/Developer/php-src/Zend/zend_API.h:670
#23 0x0000000001b8b458 in zend_call_known_instance_method_with_0_params (fn=0x60c000095ec0, object=0x60700049c8e8, retval_ptr=0x7ffff48fa060) at /home/ilutov/Developer/php-src/Zend/zend_API.h:676
#24 0x0000000001ba517d in zend_std_cast_object_tostring (readobj=0x60700049c8e8, writeobj=0x7ffff48fa020, type=6) at /home/ilutov/Developer/php-src/Zend/zend_object_handlers.c:1850
#25 0x00000000016e590e in __zval_get_string_func (op=0x6200001140f0, try=false) at /home/ilutov/Developer/php-src/Zend/zend_operators.c:925
#26 0x00000000016e5cab in zval_get_string_func (op=0x6200001140f0) at /home/ilutov/Developer/php-src/Zend/zend_operators.c:946
#27 0x00000000017d2842 in zval_get_string (op=0x6200001140f0) at /home/ilutov/Developer/php-src/Zend/zend_operators.h:291
#28 0x0000000001a04b7f in ZEND_CAST_SPEC_CV_HANDLER () at /home/ilutov/Developer/php-src/Zend/zend_vm_execute.h:38665
#29 0x0000000001ac765f in execute_ex (ex=0x620000114080) at /home/ilutov/Developer/php-src/Zend/zend_vm_execute.h:59158
#30 0x0000000001b56448 in zend_generator_resume (orig_generator=0x61200153ebc0) at /home/ilutov/Developer/php-src/Zend/zend_generators.c:752
#31 0x0000000001b5ad68 in zend_generator_iterator_move_forward (iterator=0x60800054baa0) at /home/ilutov/Developer/php-src/Zend/zend_generators.c:1055
#32 0x000000000183f3e1 in zend_fe_fetch_object_helper_SPEC () at /home/ilutov/Developer/php-src/Zend/zend_vm_execute.h:2765
#33 0x000000000193b005 in ZEND_FE_FETCH_R_SPEC_VAR_HANDLER () at /home/ilutov/Developer/php-src/Zend/zend_vm_execute.h:21930
#34 0x0000000001abeae2 in execute_ex (ex=0x7fffe5175ed0) at /home/ilutov/Developer/php-src/Zend/zend_vm_execute.h:58024
#35 0x00000000016b34ce in zend_call_function (fci=0x7ffff4a47280, fci_cache=0x7ffff4a47240) at /home/ilutov/Developer/php-src/Zend/zend_execute_API.c:931
#36 0x00000000013ab914 in php_var_serialize_call_sleep (obj=0x60c0004ce580, fn=0x61100027e4c0) at /home/ilutov/Developer/php-src/ext/standard/var.c:787
#37 0x00000000013b0eda in php_var_serialize_intern (buf=0x7ffff49bdbe0, struc=0x6190001903a8, var_hash=0x6060009034a0, in_rcn_array=false, is_root=false) at /home/ilutov/Developer/php-src/ext/standard/var.c:1173
#38 0x00000000013adf5e in php_var_serialize_nested_data (buf=0x7ffff49bdbe0, struc=0x7fffe5175ec0, ht=0x606000903020, count=28, incomplete_class=false, var_hash=0x6060009034a0, in_rcn_array=false) at /home/ilutov/Developer/php-src/ext/standard/var.c:973
#39 0x00000000013b1fba in php_var_serialize_intern (buf=0x7ffff49bdbe0, struc=0x7fffe5175ec0, var_hash=0x6060009034a0, in_rcn_array=false, is_root=true) at /home/ilutov/Developer/php-src/ext/standard/var.c:1256
#40 0x00000000013b2171 in php_var_serialize (buf=0x7ffff49bdbe0, struc=0x7fffe5175ec0, data=0x7ffff49bdbc0) at /home/ilutov/Developer/php-src/ext/standard/var.c:1272
#41 0x00000000013b2c12 in zif_serialize (execute_data=0x7fffe5175e70, return_value=0x7fffe5175ae0) at /home/ilutov/Developer/php-src/ext/standard/var.c:1318
#42 0x0000000001827bd6 in ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_USED_HANDLER () at /home/ilutov/Developer/php-src/Zend/zend_vm_execute.h:1558
#43 0x0000000001aad8db in execute_ex (ex=0x7fffe516d820) at /home/ilutov/Developer/php-src/Zend/zend_vm_execute.h:55811
#44 0x0000000001acec9a in zend_execute (op_array=0x611000003b00, return_value=0x0) at /home/ilutov/Developer/php-src/Zend/zend_vm_execute.h:60163
#45 0x000000000171e2a9 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/ilutov/Developer/php-src/Zend/zend.c:1852
#46 0x00000000014c2855 in php_execute_script (primary_file=0x7ffff4f12170) at /home/ilutov/Developer/php-src/main/main.c:2542
#47 0x0000000001e6ded4 in do_cli (argc=5, argv=0x6040000002d0) at /home/ilutov/Developer/php-src/sapi/cli/php_cli.c:965
#48 0x0000000001e70f9c in main (argc=5, argv=0x6040000002d0) at /home/ilutov/Developer/php-src/sapi/cli/php_cli.c:1367

zend_ast_export_zval doesn't expect an object but gets one.

[0x612000763e48] (refcount=2) object(App\Common\TestEnum) #5235
Properties     Hash(2)[0x6060004425e0]: {
      [0] "name" => [0x612000764000] indirect: [0x6070002eb838] (refcount=1) string: ONE

      [1] "value" => [0x612000764020] indirect: [0x6070002eb848] (refcount=2) string: ONE

}

I'll have to look at the more closely, but either we forgot to handle the enum case, or we're getting to this point mistakenly.

@cgrabenstein
Copy link
Author

@iluuu1994 I managed to reduce the MRE by quite a bit. I hope that helps tracing down the bug here.

iluuu1994 added a commit to iluuu1994/php-src that referenced this issue Aug 12, 2023
@iluuu1994
Fix segfault in format_default_value due to unexpected enum/object
2a99dcd 
Fixes phpGH-11937
iluuu1994 added a commit to iluuu1994/php-src that referenced this issue Aug 12, 2023
@iluuu1994
Fix segfault in format_default_value due to unexpected enum/object
3130d4c 
Evaluating constants at comptime can result in arrays that contain objects. This
is problematic for printing the default value of constant ASTs containing
objects, because we don't actually know what the constructor arguments were.
Avoid this by not propagating array constants.

Fixes phpGH-11937
@iluuu1994 iluuu1994 mentioned this issue Aug 12, 2023
Closed
iluuu1994 added a commit to iluuu1994/php-src that referenced this issue Aug 12, 2023
@iluuu1994
Fix segfault in format_default_value due to unexpected enum/object
3a918d6 
Evaluating constants at comptime can result in arrays that contain objects. This
is problematic for printing the default value of constant ASTs containing
objects, because we don't actually know what the constructor arguments were.
Avoid this by not propagating array constants.

Fixes phpGH-11937
@iluuu1994
Copy link
Member

@cgrabenstein It did indeed help a lot, thank you! The fix is here: #11947

iluuu1994 added a commit to iluuu1994/php-src that referenced this issue Aug 14, 2023
@iluuu1994
Fix segfault in format_default_value due to unexpected enum/object
883c4ca 
Evaluating constants at comptime can result in arrays that contain objects. This
is problematic for printing the default value of constant ASTs containing
objects, because we don't actually know what the constructor arguments were.
Avoid this by not propagating array constants.

Fixes phpGH-11937
@iluuu1994 iluuu1994 mentioned this issue Aug 14, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Status: Needs Triage
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix segfault in format_default_value due to unexpected enum/object iluuu1994/php-src
3 participants
@iluuu1994 @cgrabenstein and others