Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segmentation fault (stack overflow in phpdbg) in main/spprintf.c #16041

Open
YuanchengJiang opened this issue Sep 25, 2024 · 2 comments · May be fixed by #16055
Open

Segmentation fault (stack overflow in phpdbg) in main/spprintf.c #16041

YuanchengJiang opened this issue Sep 25, 2024 · 2 comments · May be fixed by #16055
Labels
Bug SAPI: phpdbg Status: Verified

Comments

@YuanchengJiang
Copy link

Description

The following code:

<?php
final class StreamWrapper
{
    public $context;
}
$fusion = $context;
register_shutdown_function(function () {
    global $shutdown;
    $shutdown = true;
});
class Cycle {
    public $self;
    public function __construct() {
        $this->self = $this;
    }
}
class Canary {
    public $self;
    public function __construct() {
        $this->self = $fusion;
    }
    public function __destruct() {
        global $shutdown;
        if (!$shutdown) {
            work();
        }
    }
}
function work() {
    global $objs, $defaultThreshold;
    new Canary();
    // Create some collectable garbage so the next run will not adjust
    // threshold
    for ($i = 0; $i < 100; $i++) {
        new Cycle();
    }
    // Add potential garbage to buffer
    foreach (array_slice($objs, 0, $defaultThreshold) as $obj) {
        $o = $obj;
    }
}
work();
?>

To reproduce:

phpdbg test.php
> r

PHP Version

PHP 8.4.0-dev

Operating System

ubuntu 22.04
@DanielEScherzer
Copy link
Contributor

DanielEScherzer commented Sep 25, 2024
edited
Loading

Minimal reproduction (slightly different stack overflow trace but should be much clearer to reason with)

<?php

class Canary {
    public $self;
    public function __construct() {
        $this->self = $fusion;
    }
    public function __destruct() {
        new Canary();
    }
}
new Canary();
phpdbg output 
...
[PHP Warning:  Undefined variable $fusion in /var/www/html/test.php on line 6]
[PHP Warning:  Undefined variable $fusion in /var/www/html/test.php on line 6]
[PHP Warning:  Undefined variable $fusion in /var/www/html/test.php on line 6]
AddressSanitizer:DEADLYSIGNAL
=================================================================
==81874==ERROR: AddressSanitizer: stack-overflow on address 0x7ffebe25ff58 (pc 0x7f6573b4c5fa bp 0x7ffebe260800 sp 0x7ffebe25ff50 T0)
    #0 0x7f6573b4c5fa in printf_common ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors_format.inc:495
    #1 0x7f6573b5f215 in __interceptor_vasprintf ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1693
    #2 0x55cce073dd75 in phpdbg_vprint /usr/src/php/sapi/phpdbg/phpdbg_out.c:131
    #3 0x55cce073e839 in phpdbg_print /usr/src/php/sapi/phpdbg/phpdbg_out.c:203
    #4 0x55cce079ba74 in php_sapi_phpdbg_log_message /usr/src/php/sapi/phpdbg/phpdbg.c:750
    #5 0x55ccdfbc803b in php_log_err_with_severity /usr/src/php/main/main.c:923
    #6 0x55ccdfbcaf88 in php_error_cb /usr/src/php/main/main.c:1391
    #7 0x55cce06d0979 in zend_error_zstr_at /usr/src/php/Zend/zend.c:1489
    #8 0x55cce06d2c38 in zend_error_va_list /usr/src/php/Zend/zend.c:1591
    #9 0x55cce06d37ed in zend_error_unchecked /usr/src/php/Zend/zend.c:1665
    #10 0x55cce0102e07 in zval_undefined_cv /usr/src/php/Zend/zend_execute.c:279
    #11 0x55cce0103432 in _get_zval_ptr_cv_BP_VAR_R /usr/src/php/Zend/zend_execute.c:352
    #12 0x55cce033a6e9 in ZEND_ASSIGN_OBJ_SPEC_UNUSED_CONST_OP_DATA_CV_HANDLER /usr/src/php/Zend/zend_vm_execute.h:34493
    #13 0x55cce045a058 in zend_vm_call_opcode_handler /usr/src/php/Zend/zend_vm_execute.h:68350
    #14 0x55cce076ad60 in phpdbg_execute_ex /usr/src/php/sapi/phpdbg/phpdbg_prompt.c:1817
    #15 0x55cce00ed823 in zend_call_function /usr/src/php/Zend/zend_execute_API.c:996
    #16 0x55cce00ef331 in zend_call_known_function /usr/src/php/Zend/zend_execute_API.c:1090
    #17 0x55cce061a696 in zend_call_known_instance_method /usr/src/php/Zend/zend_API.h:860
    #18 0x55cce061a6d0 in zend_call_known_instance_method_with_0_params /usr/src/php/Zend/zend_API.h:866
    #19 0x55cce061cbca in zend_objects_destroy_object /usr/src/php/Zend/zend_objects.c:194
    #20 0x55cce0617b87 in zend_objects_store_del /usr/src/php/Zend/zend_objects_API.c:179
    #21 0x55cce06ac21f in rc_dtor_func /usr/src/php/Zend/zend_variables.c:57
    #22 0x55cce00fa6fe in zval_ptr_dtor_nogc /usr/src/php/Zend/zend_variables.h:36
    #23 0x55cce0220883 in ZEND_FREE_SPEC_TMPVAR_HANDLER /usr/src/php/Zend/zend_vm_execute.h:15091
    #24 0x55cce045a058 in zend_vm_call_opcode_handler /usr/src/php/Zend/zend_vm_execute.h:68350
    #25 0x55cce076ad60 in phpdbg_execute_ex /usr/src/php/sapi/phpdbg/phpdbg_prompt.c:1817
    #26 0x55cce00ed823 in zend_call_function /usr/src/php/Zend/zend_execute_API.c:996
    #27 0x55cce00ef331 in zend_call_known_function /usr/src/php/Zend/zend_execute_API.c:1090
    #28 0x55cce061a696 in zend_call_known_instance_method /usr/src/php/Zend/zend_API.h:860
    #29 0x55cce061a6d0 in zend_call_known_instance_method_with_0_params /usr/src/php/Zend/zend_API.h:866
    #30 0x55cce061cbca in zend_objects_destroy_object /usr/src/php/Zend/zend_objects.c:194
    #31 0x55cce0617b87 in zend_objects_store_del /usr/src/php/Zend/zend_objects_API.c:179
    #32 0x55cce06ac21f in rc_dtor_func /usr/src/php/Zend/zend_variables.c:57
    #33 0x55cce00fa6fe in zval_ptr_dtor_nogc /usr/src/php/Zend/zend_variables.h:36
    #34 0x55cce0220883 in ZEND_FREE_SPEC_TMPVAR_HANDLER /usr/src/php/Zend/zend_vm_execute.h:15091
    #35 0x55cce045a058 in zend_vm_call_opcode_handler /usr/src/php/Zend/zend_vm_execute.h:68350
    #36 0x55cce076ad60 in phpdbg_execute_ex /usr/src/php/sapi/phpdbg/phpdbg_prompt.c:1817
    #37 0x55cce00ed823 in zend_call_function /usr/src/php/Zend/zend_execute_API.c:996
    #38 0x55cce00ef331 in zend_call_known_function /usr/src/php/Zend/zend_execute_API.c:1090
    #39 0x55cce061a696 in zend_call_known_instance_method /usr/src/php/Zend/zend_API.h:860
    #40 0x55cce061a6d0 in zend_call_known_instance_method_with_0_params /usr/src/php/Zend/zend_API.h:866
    #41 0x55cce061cbca in zend_objects_destroy_object /usr/src/php/Zend/zend_objects.c:194
    #42 0x55cce0617b87 in zend_objects_store_del /usr/src/php/Zend/zend_objects_API.c:179
    #43 0x55cce06ac21f in rc_dtor_func /usr/src/php/Zend/zend_variables.c:57
    #44 0x55cce00fa6fe in zval_ptr_dtor_nogc /usr/src/php/Zend/zend_variables.h:36
    #45 0x55cce0220883 in ZEND_FREE_SPEC_TMPVAR_HANDLER /usr/src/php/Zend/zend_vm_execute.h:15091
    #46 0x55cce045a058 in zend_vm_call_opcode_handler /usr/src/php/Zend/zend_vm_execute.h:68350
    #47 0x55cce076ad60 in phpdbg_execute_ex /usr/src/php/sapi/phpdbg/phpdbg_prompt.c:1817
    #48 0x55cce00ed823 in zend_call_function /usr/src/php/Zend/zend_execute_API.c:996
    #49 0x55cce00ef331 in zend_call_known_function /usr/src/php/Zend/zend_execute_API.c:1090
    #50 0x55cce061a696 in zend_call_known_instance_method /usr/src/php/Zend/zend_API.h:860
    #51 0x55cce061a6d0 in zend_call_known_instance_method_with_0_params /usr/src/php/Zend/zend_API.h:866
    #52 0x55cce061cbca in zend_objects_destroy_object /usr/src/php/Zend/zend_objects.c:194
    #53 0x55cce0617b87 in zend_objects_store_del /usr/src/php/Zend/zend_objects_API.c:179
    #54 0x55cce06ac21f in rc_dtor_func /usr/src/php/Zend/zend_variables.c:57
    #55 0x55cce00fa6fe in zval_ptr_dtor_nogc /usr/src/php/Zend/zend_variables.h:36
    #56 0x55cce0220883 in ZEND_FREE_SPEC_TMPVAR_HANDLER /usr/src/php/Zend/zend_vm_execute.h:15091
    #57 0x55cce045a058 in zend_vm_call_opcode_handler /usr/src/php/Zend/zend_vm_execute.h:68350
    #58 0x55cce076ad60 in phpdbg_execute_ex /usr/src/php/sapi/phpdbg/phpdbg_prompt.c:1817
    #59 0x55cce00ed823 in zend_call_function /usr/src/php/Zend/zend_execute_API.c:996
    #60 0x55cce00ef331 in zend_call_known_function /usr/src/php/Zend/zend_execute_API.c:1090
    #61 0x55cce061a696 in zend_call_known_instance_method /usr/src/php/Zend/zend_API.h:860
    #62 0x55cce061a6d0 in zend_call_known_instance_method_with_0_params /usr/src/php/Zend/zend_API.h:866
    #63 0x55cce061cbca in zend_objects_destroy_object /usr/src/php/Zend/zend_objects.c:194
    #64 0x55cce0617b87 in zend_objects_store_del /usr/src/php/Zend/zend_objects_API.c:179
    #65 0x55cce06ac21f in rc_dtor_func /usr/src/php/Zend/zend_variables.c:57
    #66 0x55cce00fa6fe in zval_ptr_dtor_nogc /usr/src/php/Zend/zend_variables.h:36
    #67 0x55cce0220883 in ZEND_FREE_SPEC_TMPVAR_HANDLER /usr/src/php/Zend/zend_vm_execute.h:15091
    #68 0x55cce045a058 in zend_vm_call_opcode_handler /usr/src/php/Zend/zend_vm_execute.h:68350
    #69 0x55cce076ad60 in phpdbg_execute_ex /usr/src/php/sapi/phpdbg/phpdbg_prompt.c:1817
    #70 0x55cce00ed823 in zend_call_function /usr/src/php/Zend/zend_execute_API.c:996
    #71 0x55cce00ef331 in zend_call_known_function /usr/src/php/Zend/zend_execute_API.c:1090
    #72 0x55cce061a696 in zend_call_known_instance_method /usr/src/php/Zend/zend_API.h:860
    #73 0x55cce061a6d0 in zend_call_known_instance_method_with_0_params /usr/src/php/Zend/zend_API.h:866
    #74 0x55cce061cbca in zend_objects_destroy_object /usr/src/php/Zend/zend_objects.c:194
    #75 0x55cce0617b87 in zend_objects_store_del /usr/src/php/Zend/zend_objects_API.c:179
    #76 0x55cce06ac21f in rc_dtor_func /usr/src/php/Zend/zend_variables.c:57
    #77 0x55cce00fa6fe in zval_ptr_dtor_nogc /usr/src/php/Zend/zend_variables.h:36
    #78 0x55cce0220883 in ZEND_FREE_SPEC_TMPVAR_HANDLER /usr/src/php/Zend/zend_vm_execute.h:15091
    #79 0x55cce045a058 in zend_vm_call_opcode_handler /usr/src/php/Zend/zend_vm_execute.h:68350
    #80 0x55cce076ad60 in phpdbg_execute_ex /usr/src/php/sapi/phpdbg/phpdbg_prompt.c:1817
    #81 0x55cce00ed823 in zend_call_function /usr/src/php/Zend/zend_execute_API.c:996
    #82 0x55cce00ef331 in zend_call_known_function /usr/src/php/Zend/zend_execute_API.c:1090
    #83 0x55cce061a696 in zend_call_known_instance_method /usr/src/php/Zend/zend_API.h:860
    #84 0x55cce061a6d0 in zend_call_known_instance_method_with_0_params /usr/src/php/Zend/zend_API.h:866
    #85 0x55cce061cbca in zend_objects_destroy_object /usr/src/php/Zend/zend_objects.c:194
    #86 0x55cce0617b87 in zend_objects_store_del /usr/src/php/Zend/zend_objects_API.c:179
    #87 0x55cce06ac21f in rc_dtor_func /usr/src/php/Zend/zend_variables.c:57
    #88 0x55cce00fa6fe in zval_ptr_dtor_nogc /usr/src/php/Zend/zend_variables.h:36
    #89 0x55cce0220883 in ZEND_FREE_SPEC_TMPVAR_HANDLER /usr/src/php/Zend/zend_vm_execute.h:15091
    #90 0x55cce045a058 in zend_vm_call_opcode_handler /usr/src/php/Zend/zend_vm_execute.h:68350
    #91 0x55cce076ad60 in phpdbg_execute_ex /usr/src/php/sapi/phpdbg/phpdbg_prompt.c:1817
    #92 0x55cce00ed823 in zend_call_function /usr/src/php/Zend/zend_execute_API.c:996
    #93 0x55cce00ef331 in zend_call_known_function /usr/src/php/Zend/zend_execute_API.c:1090
    #94 0x55cce061a696 in zend_call_known_instance_method /usr/src/php/Zend/zend_API.h:860
    #95 0x55cce061a6d0 in zend_call_known_instance_method_with_0_params /usr/src/php/Zend/zend_API.h:866
    #96 0x55cce061cbca in zend_objects_destroy_object /usr/src/php/Zend/zend_objects.c:194
    #97 0x55cce0617b87 in zend_objects_store_del /usr/src/php/Zend/zend_objects_API.c:179
    #98 0x55cce06ac21f in rc_dtor_func /usr/src/php/Zend/zend_variables.c:57
    #99 0x55cce00fa6fe in zval_ptr_dtor_nogc /usr/src/php/Zend/zend_variables.h:36
    #100 0x55cce0220883 in ZEND_FREE_SPEC_TMPVAR_HANDLER /usr/src/php/Zend/zend_vm_execute.h:15091
    #101 0x55cce045a058 in zend_vm_call_opcode_handler /usr/src/php/Zend/zend_vm_execute.h:68350
    #102 0x55cce076ad60 in phpdbg_execute_ex /usr/src/php/sapi/phpdbg/phpdbg_prompt.c:1817
    #103 0x55cce00ed823 in zend_call_function /usr/src/php/Zend/zend_execute_API.c:996
    #104 0x55cce00ef331 in zend_call_known_function /usr/src/php/Zend/zend_execute_API.c:1090
    #105 0x55cce061a696 in zend_call_known_instance_method /usr/src/php/Zend/zend_API.h:860
    #106 0x55cce061a6d0 in zend_call_known_instance_method_with_0_params /usr/src/php/Zend/zend_API.h:866
    #107 0x55cce061cbca in zend_objects_destroy_object /usr/src/php/Zend/zend_objects.c:194
    #108 0x55cce0617b87 in zend_objects_store_del /usr/src/php/Zend/zend_objects_API.c:179
    #109 0x55cce06ac21f in rc_dtor_func /usr/src/php/Zend/zend_variables.c:57
    #110 0x55cce00fa6fe in zval_ptr_dtor_nogc /usr/src/php/Zend/zend_variables.h:36
    #111 0x55cce0220883 in ZEND_FREE_SPEC_TMPVAR_HANDLER /usr/src/php/Zend/zend_vm_execute.h:15091
    #112 0x55cce045a058 in zend_vm_call_opcode_handler /usr/src/php/Zend/zend_vm_execute.h:68350
    #113 0x55cce076ad60 in phpdbg_execute_ex /usr/src/php/sapi/phpdbg/phpdbg_prompt.c:1817
    #114 0x55cce00ed823 in zend_call_function /usr/src/php/Zend/zend_execute_API.c:996
    #115 0x55cce00ef331 in zend_call_known_function /usr/src/php/Zend/zend_execute_API.c:1090
    #116 0x55cce061a696 in zend_call_known_instance_method /usr/src/php/Zend/zend_API.h:860
    #117 0x55cce061a6d0 in zend_call_known_instance_method_with_0_params /usr/src/php/Zend/zend_API.h:866
    #118 0x55cce061cbca in zend_objects_destroy_object /usr/src/php/Zend/zend_objects.c:194
    #119 0x55cce0617b87 in zend_objects_store_del /usr/src/php/Zend/zend_objects_API.c:179
    #120 0x55cce06ac21f in rc_dtor_func /usr/src/php/Zend/zend_variables.c:57
    #121 0x55cce00fa6fe in zval_ptr_dtor_nogc /usr/src/php/Zend/zend_variables.h:36
    #122 0x55cce0220883 in ZEND_FREE_SPEC_TMPVAR_HANDLER /usr/src/php/Zend/zend_vm_execute.h:15091
    #123 0x55cce045a058 in zend_vm_call_opcode_handler /usr/src/php/Zend/zend_vm_execute.h:68350
    #124 0x55cce076ad60 in phpdbg_execute_ex /usr/src/php/sapi/phpdbg/phpdbg_prompt.c:1817
    #125 0x55cce00ed823 in zend_call_function /usr/src/php/Zend/zend_execute_API.c:996
    #126 0x55cce00ef331 in zend_call_known_function /usr/src/php/Zend/zend_execute_API.c:1090
    #127 0x55cce061a696 in zend_call_known_instance_method /usr/src/php/Zend/zend_API.h:860
    #128 0x55cce061a6d0 in zend_call_known_instance_method_with_0_params /usr/src/php/Zend/zend_API.h:866
    #129 0x55cce061cbca in zend_objects_destroy_object /usr/src/php/Zend/zend_objects.c:194
    #130 0x55cce0617b87 in zend_objects_store_del /usr/src/php/Zend/zend_objects_API.c:179
    #131 0x55cce06ac21f in rc_dtor_func /usr/src/php/Zend/zend_variables.c:57
    #132 0x55cce00fa6fe in zval_ptr_dtor_nogc /usr/src/php/Zend/zend_variables.h:36
    #133 0x55cce0220883 in ZEND_FREE_SPEC_TMPVAR_HANDLER /usr/src/php/Zend/zend_vm_execute.h:15091
    #134 0x55cce045a058 in zend_vm_call_opcode_handler /usr/src/php/Zend/zend_vm_execute.h:68350
    #135 0x55cce076ad60 in phpdbg_execute_ex /usr/src/php/sapi/phpdbg/phpdbg_prompt.c:1817
    #136 0x55cce00ed823 in zend_call_function /usr/src/php/Zend/zend_execute_API.c:996
    #137 0x55cce00ef331 in zend_call_known_function /usr/src/php/Zend/zend_execute_API.c:1090
    #138 0x55cce061a696 in zend_call_known_instance_method /usr/src/php/Zend/zend_API.h:860
    #139 0x55cce061a6d0 in zend_call_known_instance_method_with_0_params /usr/src/php/Zend/zend_API.h:866
    #140 0x55cce061cbca in zend_objects_destroy_object /usr/src/php/Zend/zend_objects.c:194
    #141 0x55cce0617b87 in zend_objects_store_del /usr/src/php/Zend/zend_objects_API.c:179
    #142 0x55cce06ac21f in rc_dtor_func /usr/src/php/Zend/zend_variables.c:57
    #143 0x55cce00fa6fe in zval_ptr_dtor_nogc /usr/src/php/Zend/zend_variables.h:36
    #144 0x55cce0220883 in ZEND_FREE_SPEC_TMPVAR_HANDLER /usr/src/php/Zend/zend_vm_execute.h:15091
    #145 0x55cce045a058 in zend_vm_call_opcode_handler /usr/src/php/Zend/zend_vm_execute.h:68350
    #146 0x55cce076ad60 in phpdbg_execute_ex /usr/src/php/sapi/phpdbg/phpdbg_prompt.c:1817
    #147 0x55cce00ed823 in zend_call_function /usr/src/php/Zend/zend_execute_API.c:996
    #148 0x55cce00ef331 in zend_call_known_function /usr/src/php/Zend/zend_execute_API.c:1090
    #149 0x55cce061a696 in zend_call_known_instance_method /usr/src/php/Zend/zend_API.h:860
    #150 0x55cce061a6d0 in zend_call_known_instance_method_with_0_params /usr/src/php/Zend/zend_API.h:866
    #151 0x55cce061cbca in zend_objects_destroy_object /usr/src/php/Zend/zend_objects.c:194
    #152 0x55cce0617b87 in zend_objects_store_del /usr/src/php/Zend/zend_objects_API.c:179
    #153 0x55cce06ac21f in rc_dtor_func /usr/src/php/Zend/zend_variables.c:57
    #154 0x55cce00fa6fe in zval_ptr_dtor_nogc /usr/src/php/Zend/zend_variables.h:36
    #155 0x55cce0220883 in ZEND_FREE_SPEC_TMPVAR_HANDLER /usr/src/php/Zend/zend_vm_execute.h:15091
    #156 0x55cce045a058 in zend_vm_call_opcode_handler /usr/src/php/Zend/zend_vm_execute.h:68350
    #157 0x55cce076ad60 in phpdbg_execute_ex /usr/src/php/sapi/phpdbg/phpdbg_prompt.c:1817
    #158 0x55cce00ed823 in zend_call_function /usr/src/php/Zend/zend_execute_API.c:996
    #159 0x55cce00ef331 in zend_call_known_function /usr/src/php/Zend/zend_execute_API.c:1090
    #160 0x55cce061a696 in zend_call_known_instance_method /usr/src/php/Zend/zend_API.h:860
    #161 0x55cce061a6d0 in zend_call_known_instance_method_with_0_params /usr/src/php/Zend/zend_API.h:866
    #162 0x55cce061cbca in zend_objects_destroy_object /usr/src/php/Zend/zend_objects.c:194
    #163 0x55cce0617b87 in zend_objects_store_del /usr/src/php/Zend/zend_objects_API.c:179
    #164 0x55cce06ac21f in rc_dtor_func /usr/src/php/Zend/zend_variables.c:57
    #165 0x55cce00fa6fe in zval_ptr_dtor_nogc /usr/src/php/Zend/zend_variables.h:36
    #166 0x55cce0220883 in ZEND_FREE_SPEC_TMPVAR_HANDLER /usr/src/php/Zend/zend_vm_execute.h:15091
    #167 0x55cce045a058 in zend_vm_call_opcode_handler /usr/src/php/Zend/zend_vm_execute.h:68350
    #168 0x55cce076ad60 in phpdbg_execute_ex /usr/src/php/sapi/phpdbg/phpdbg_prompt.c:1817
    #169 0x55cce00ed823 in zend_call_function /usr/src/php/Zend/zend_execute_API.c:996
    #170 0x55cce00ef331 in zend_call_known_function /usr/src/php/Zend/zend_execute_API.c:1090
    #171 0x55cce061a696 in zend_call_known_instance_method /usr/src/php/Zend/zend_API.h:860
    #172 0x55cce061a6d0 in zend_call_known_instance_method_with_0_params /usr/src/php/Zend/zend_API.h:866
    #173 0x55cce061cbca in zend_objects_destroy_object /usr/src/php/Zend/zend_objects.c:194
    #174 0x55cce0617b87 in zend_objects_store_del /usr/src/php/Zend/zend_objects_API.c:179
    #175 0x55cce06ac21f in rc_dtor_func /usr/src/php/Zend/zend_variables.c:57
    #176 0x55cce00fa6fe in zval_ptr_dtor_nogc /usr/src/php/Zend/zend_variables.h:36
    #177 0x55cce0220883 in ZEND_FREE_SPEC_TMPVAR_HANDLER /usr/src/php/Zend/zend_vm_execute.h:15091
    #178 0x55cce045a058 in zend_vm_call_opcode_handler /usr/src/php/Zend/zend_vm_execute.h:68350
    #179 0x55cce076ad60 in phpdbg_execute_ex /usr/src/php/sapi/phpdbg/phpdbg_prompt.c:1817
    #180 0x55cce00ed823 in zend_call_function /usr/src/php/Zend/zend_execute_API.c:996
    #181 0x55cce00ef331 in zend_call_known_function /usr/src/php/Zend/zend_execute_API.c:1090
    #182 0x55cce061a696 in zend_call_known_instance_method /usr/src/php/Zend/zend_API.h:860
    #183 0x55cce061a6d0 in zend_call_known_instance_method_with_0_params /usr/src/php/Zend/zend_API.h:866
    #184 0x55cce061cbca in zend_objects_destroy_object /usr/src/php/Zend/zend_objects.c:194
    #185 0x55cce0617b87 in zend_objects_store_del /usr/src/php/Zend/zend_objects_API.c:179
    #186 0x55cce06ac21f in rc_dtor_func /usr/src/php/Zend/zend_variables.c:57
    #187 0x55cce00fa6fe in zval_ptr_dtor_nogc /usr/src/php/Zend/zend_variables.h:36
    #188 0x55cce0220883 in ZEND_FREE_SPEC_TMPVAR_HANDLER /usr/src/php/Zend/zend_vm_execute.h:15091
    #189 0x55cce045a058 in zend_vm_call_opcode_handler /usr/src/php/Zend/zend_vm_execute.h:68350
    #190 0x55cce076ad60 in phpdbg_execute_ex /usr/src/php/sapi/phpdbg/phpdbg_prompt.c:1817
    #191 0x55cce00ed823 in zend_call_function /usr/src/php/Zend/zend_execute_API.c:996
    #192 0x55cce00ef331 in zend_call_known_function /usr/src/php/Zend/zend_execute_API.c:1090
    #193 0x55cce061a696 in zend_call_known_instance_method /usr/src/php/Zend/zend_API.h:860
    #194 0x55cce061a6d0 in zend_call_known_instance_method_with_0_params /usr/src/php/Zend/zend_API.h:866
    #195 0x55cce061cbca in zend_objects_destroy_object /usr/src/php/Zend/zend_objects.c:194
    #196 0x55cce0617b87 in zend_objects_store_del /usr/src/php/Zend/zend_objects_API.c:179
    #197 0x55cce06ac21f in rc_dtor_func /usr/src/php/Zend/zend_variables.c:57
    #198 0x55cce00fa6fe in zval_ptr_dtor_nogc /usr/src/php/Zend/zend_variables.h:36
    #199 0x55cce0220883 in ZEND_FREE_SPEC_TMPVAR_HANDLER /usr/src/php/Zend/zend_vm_execute.h:15091
    #200 0x55cce045a058 in zend_vm_call_opcode_handler /usr/src/php/Zend/zend_vm_execute.h:68350
    #201 0x55cce076ad60 in phpdbg_execute_ex /usr/src/php/sapi/phpdbg/phpdbg_prompt.c:1817
    #202 0x55cce00ed823 in zend_call_function /usr/src/php/Zend/zend_execute_API.c:996
    #203 0x55cce00ef331 in zend_call_known_function /usr/src/php/Zend/zend_execute_API.c:1090
    #204 0x55cce061a696 in zend_call_known_instance_method /usr/src/php/Zend/zend_API.h:860
    #205 0x55cce061a6d0 in zend_call_known_instance_method_with_0_params /usr/src/php/Zend/zend_API.h:866
    #206 0x55cce061cbca in zend_objects_destroy_object /usr/src/php/Zend/zend_objects.c:194
    #207 0x55cce0617b87 in zend_objects_store_del /usr/src/php/Zend/zend_objects_API.c:179
    #208 0x55cce06ac21f in rc_dtor_func /usr/src/php/Zend/zend_variables.c:57
    #209 0x55cce00fa6fe in zval_ptr_dtor_nogc /usr/src/php/Zend/zend_variables.h:36
    #210 0x55cce0220883 in ZEND_FREE_SPEC_TMPVAR_HANDLER /usr/src/php/Zend/zend_vm_execute.h:15091
    #211 0x55cce045a058 in zend_vm_call_opcode_handler /usr/src/php/Zend/zend_vm_execute.h:68350
    #212 0x55cce076ad60 in phpdbg_execute_ex /usr/src/php/sapi/phpdbg/phpdbg_prompt.c:1817
    #213 0x55cce00ed823 in zend_call_function /usr/src/php/Zend/zend_execute_API.c:996
    #214 0x55cce00ef331 in zend_call_known_function /usr/src/php/Zend/zend_execute_API.c:1090
    #215 0x55cce061a696 in zend_call_known_instance_method /usr/src/php/Zend/zend_API.h:860
    #216 0x55cce061a6d0 in zend_call_known_instance_method_with_0_params /usr/src/php/Zend/zend_API.h:866
    #217 0x55cce061cbca in zend_objects_destroy_object /usr/src/php/Zend/zend_objects.c:194
    #218 0x55cce0617b87 in zend_objects_store_del /usr/src/php/Zend/zend_objects_API.c:179
    #219 0x55cce06ac21f in rc_dtor_func /usr/src/php/Zend/zend_variables.c:57
    #220 0x55cce00fa6fe in zval_ptr_dtor_nogc /usr/src/php/Zend/zend_variables.h:36
    #221 0x55cce0220883 in ZEND_FREE_SPEC_TMPVAR_HANDLER /usr/src/php/Zend/zend_vm_execute.h:15091
    #222 0x55cce045a058 in zend_vm_call_opcode_handler /usr/src/php/Zend/zend_vm_execute.h:68350
    #223 0x55cce076ad60 in phpdbg_execute_ex /usr/src/php/sapi/phpdbg/phpdbg_prompt.c:1817
    #224 0x55cce00ed823 in zend_call_function /usr/src/php/Zend/zend_execute_API.c:996
    #225 0x55cce00ef331 in zend_call_known_function /usr/src/php/Zend/zend_execute_API.c:1090
    #226 0x55cce061a696 in zend_call_known_instance_method /usr/src/php/Zend/zend_API.h:860
    #227 0x55cce061a6d0 in zend_call_known_instance_method_with_0_params /usr/src/php/Zend/zend_API.h:866
    #228 0x55cce061cbca in zend_objects_destroy_object /usr/src/php/Zend/zend_objects.c:194
    #229 0x55cce0617b87 in zend_objects_store_del /usr/src/php/Zend/zend_objects_API.c:179
    #230 0x55cce06ac21f in rc_dtor_func /usr/src/php/Zend/zend_variables.c:57
    #231 0x55cce00fa6fe in zval_ptr_dtor_nogc /usr/src/php/Zend/zend_variables.h:36
    #232 0x55cce0220883 in ZEND_FREE_SPEC_TMPVAR_HANDLER /usr/src/php/Zend/zend_vm_execute.h:15091
    #233 0x55cce045a058 in zend_vm_call_opcode_handler /usr/src/php/Zend/zend_vm_execute.h:68350
    #234 0x55cce076ad60 in phpdbg_execute_ex /usr/src/php/sapi/phpdbg/phpdbg_prompt.c:1817
    #235 0x55cce00ed823 in zend_call_function /usr/src/php/Zend/zend_execute_API.c:996
    #236 0x55cce00ef331 in zend_call_known_function /usr/src/php/Zend/zend_execute_API.c:1090
    #237 0x55cce061a696 in zend_call_known_instance_method /usr/src/php/Zend/zend_API.h:860
    #238 0x55cce061a6d0 in zend_call_known_instance_method_with_0_params /usr/src/php/Zend/zend_API.h:866
    #239 0x55cce061cbca in zend_objects_destroy_object /usr/src/php/Zend/zend_objects.c:194
    #240 0x55cce0617b87 in zend_objects_store_del /usr/src/php/Zend/zend_objects_API.c:179
    #241 0x55cce06ac21f in rc_dtor_func /usr/src/php/Zend/zend_variables.c:57
    #242 0x55cce00fa6fe in zval_ptr_dtor_nogc /usr/src/php/Zend/zend_variables.h:36
    #243 0x55cce0220883 in ZEND_FREE_SPEC_TMPVAR_HANDLER /usr/src/php/Zend/zend_vm_execute.h:15091
    #244 0x55cce045a058 in zend_vm_call_opcode_handler /usr/src/php/Zend/zend_vm_execute.h:68350
    #245 0x55cce076ad60 in phpdbg_execute_ex /usr/src/php/sapi/phpdbg/phpdbg_prompt.c:1817
    #246 0x55cce00ed823 in zend_call_function /usr/src/php/Zend/zend_execute_API.c:996
    #247 0x55cce00ef331 in zend_call_known_function /usr/src/php/Zend/zend_execute_API.c:1090

SUMMARY: AddressSanitizer: stack-overflow ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors_format.inc:495 in printf_common
==81874==ABORTING

@iluuu1994
Copy link
Member

It seems phpdbg doesn't support the stack overflow check at all. I think it's because it overrides and skips execute_ex. @arnaud-lb I'm not sure if we need another check to zend_vm_call_opcode_handler()?

@arnaud-lb arnaud-lb linked a pull request Sep 25, 2024 that will close this issue
Fix GH-16041: Support stack limit in phpdbg SAPI #16055
Open
@arnaud-lb arnaud-lb linked a pull request Sep 27, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug SAPI: phpdbg Status: Verified
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix GH-16041: Support stack limit in phpdbg SAPI arnaud-lb/php-src
4 participants
@iluuu1994 @devnexen @YuanchengJiang @DanielEScherzer