You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
$app = new Yaf_Application(APP_PATH . "/config/application.ini");
$app->bootstrap();$req = new Yaf_Request_Simple();
$req->setControllerName('Test');
$req->setActionName('func');
$req->setParam(array('b' => 'the second param'));
$app->getDispatcher()->dispatch($req);
bt:
#0 0x0000000000833dab in zend_call_function (fci=fci@entry=0x7fe4380036c0, fci_cache=, fci_cache@entry=0x0) at /data3/soft/php-7.2.0/Zend/zend_execute_API.c:797 #1 0x0000000000834705 in _call_user_function_ex (object=object@entry=0x7fe438003790, function_name=function_name@entry=0x7fe4380037b0, retval_ptr=retval_ptr@entry=0x7fe438003770, param_count=, params=,
no_separation=no_separation@entry=1) at /data3/soft/php-7.2.0/Zend/zend_execute_API.c:652 #2 0x00007fe44b9b5c78 in yaf_dispatcher_handle (dispatcher=dispatcher@entry=0x7fe452a1c1a0, request=request@entry=0x7fe452a78208, response=response@entry=0x7fe4380038c0, view=view@entry=0x7fe452a781f8)
at /data3/soft/yaf-yaf-3.0.5/yaf_dispatcher.c:603 #3 0x00007fe44b9b6f10 in yaf_dispatcher_dispatch (dispatcher=dispatcher@entry=0x7fe452a1c1a0, response_ptr=response_ptr@entry=0x7fe4380038c0) at /data3/soft/yaf-yaf-3.0.5/yaf_dispatcher.c:886 #4 0x00007fe44b9b7834 in zim_yaf_dispatcher_dispatch (execute_data=, return_value=0x7fe438003940) at /data3/soft/yaf-yaf-3.0.5/yaf_dispatcher.c:1136 #5 0x00000000008e7cd5 in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER () at /data3/soft/php-7.2.0/Zend/zend_vm_execute.h:907 #6 execute_ex (ex=0x8010100) at /data3/soft/php-7.2.0/Zend/zend_vm_execute.h:59752 #7 0x00000000008e8d43 in zend_execute (op_array=0x7fe452a78000, op_array@entry=0x7fe439a80270, return_value=return_value@entry=0x7fe452a1c030) at /data3/soft/php-7.2.0/Zend/zend_vm_execute.h:63763 #8 0x0000000000843b04 in zend_execute_scripts (type=type@entry=8, retval=0x7fe452a1c030, retval@entry=0x0, file_count=file_count@entry=3) at /data3/soft/php-7.2.0/Zend/zend.c:1496 #9 0x00000000007e3920 in php_execute_script (primary_file=primary_file@entry=0x7fe438005c80) at /data3/soft/php-7.2.0/main/main.c:2592
The text was updated successfully, but these errors were encountered:
环境:
php 7.2.0
yaf 3.0.5
问题:
Program terminated with signal 11, Segmentation fault.
复现步骤:
1、创建一个Test的controller.
2、添加一个func方法,两个参数,分别叫$a和$b(默认值都设置为null).
3、添加两行测试代码
4、下面的代码copy到index.php,然后运行
5、有时候会得到如下输出, 而有时候会出现coredump
问题分析:
首先问题出在yaf_dispatcher_get_call_parameters这个函数,因为当params_ht非空的时候,下面的arg永远不可能为NULL,也就不会跳出循环。由于第一个参数$a不在params_ht里,导致params[0]个zval没有进行初始化(type info是个随机数),第二个参数$b存在,然后count++,最后yaf_dispatcher_get_call_parameters执行完,count=1,而params[0]却没有初始化。这就导致了后面调用zend_call_function进行参数copy的时候出现了内存越界(这一句:GC_REFCOUNT(_gc)++)。
解决方案:
去掉if(NULL==arg)的判断,直接break.
bt:
#0 0x0000000000833dab in zend_call_function (fci=fci@entry=0x7fe4380036c0, fci_cache=, fci_cache@entry=0x0) at /data3/soft/php-7.2.0/Zend/zend_execute_API.c:797
#1 0x0000000000834705 in _call_user_function_ex (object=object@entry=0x7fe438003790, function_name=function_name@entry=0x7fe4380037b0, retval_ptr=retval_ptr@entry=0x7fe438003770, param_count=, params=,
no_separation=no_separation@entry=1) at /data3/soft/php-7.2.0/Zend/zend_execute_API.c:652
#2 0x00007fe44b9b5c78 in yaf_dispatcher_handle (dispatcher=dispatcher@entry=0x7fe452a1c1a0, request=request@entry=0x7fe452a78208, response=response@entry=0x7fe4380038c0, view=view@entry=0x7fe452a781f8)
at /data3/soft/yaf-yaf-3.0.5/yaf_dispatcher.c:603
#3 0x00007fe44b9b6f10 in yaf_dispatcher_dispatch (dispatcher=dispatcher@entry=0x7fe452a1c1a0, response_ptr=response_ptr@entry=0x7fe4380038c0) at /data3/soft/yaf-yaf-3.0.5/yaf_dispatcher.c:886
#4 0x00007fe44b9b7834 in zim_yaf_dispatcher_dispatch (execute_data=, return_value=0x7fe438003940) at /data3/soft/yaf-yaf-3.0.5/yaf_dispatcher.c:1136
#5 0x00000000008e7cd5 in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER () at /data3/soft/php-7.2.0/Zend/zend_vm_execute.h:907
#6 execute_ex (ex=0x8010100) at /data3/soft/php-7.2.0/Zend/zend_vm_execute.h:59752
#7 0x00000000008e8d43 in zend_execute (op_array=0x7fe452a78000, op_array@entry=0x7fe439a80270, return_value=return_value@entry=0x7fe452a1c030) at /data3/soft/php-7.2.0/Zend/zend_vm_execute.h:63763
#8 0x0000000000843b04 in zend_execute_scripts (type=type@entry=8, retval=0x7fe452a1c030, retval@entry=0x0, file_count=file_count@entry=3) at /data3/soft/php-7.2.0/Zend/zend.c:1496
#9 0x00000000007e3920 in php_execute_script (primary_file=primary_file@entry=0x7fe438005c80) at /data3/soft/php-7.2.0/main/main.c:2592
The text was updated successfully, but these errors were encountered: