Segfault for test case 13.1.17

Question

Segfault for test case 13.1.17

kelunik opened this issue 2 years ago · comments

Reproducible locally.

thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x1407a1f6e)
    frame #0: 0x00000001003c650c php`ZEND_HANDLE_EXCEPTION_SPEC_HANDLER + 340
    frame #1: 0x0000000100380258 php`execute_ex + 48
    frame #2: 0x00000001003f4468 php`zend_generator_resume + 260
    frame #3: 0x00000001003f4d5c php`zim_Generator_send + 128
    frame #4: 0x00000001003a3dc0 php`ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER + 408
    frame #5: 0x0000000100380258 php`execute_ex + 48
    frame #6: 0x000000010034f800 php`zend_call_function + 1416
    frame #7: 0x00000001004100f0 php`zend_fiber_execute + 316
    frame #8: 0x000000010040fb4c php`zend_fiber_trampoline + 152
    frame #9: 0x00000001002f2cf8 php`make_fcontext + 24

DamianGuma commented a year ago

👍

Aaron Piotrowski · Answer 1 · Wed Nov 09 2022 04:51:32 GMT+0800 (China Standard Time)

At a glance, I think this is fixed in 8.2.

Niklas Keller · Answer 2 · Wed Nov 09 2022 04:59:15 GMT+0800 (China Standard Time)

At least not with the version I just compiled:

PHP 8.2.0RC6 (cli) (built: Nov  8 2022 21:58:00) (NTS)

Niklas Keller · Answer 3 · Wed Nov 09 2022 05:02:47 GMT+0800 (China Standard Time)

Note: It's not reproducible with debug builds.

Bob Weinand · Answer 4 · Thu Nov 10 2022 07:33:06 GMT+0800 (China Standard Time)

I can confirm that, on master, there is an use-after-free in a non-debug build on a generator object, as part of shutdown sequence.

Bob Weinand · Answer 5 · Thu Nov 10 2022 08:04:04 GMT+0800 (China Standard Time)

More precisely, the crash happens when, a fiber, which is currently, actively running a generator, is continued.

Opened an issue: php/php-src#9916.

Niklas Keller · Answer 6 · Sun Apr 09 2023 22:23:31 GMT+0800 (China Standard Time)

I guess we can close this now.