Issue 43177 #98
Issue 43177 #98
Conversation
code should not be affected. (bug 43177) Without this fix, a webpage using eval() may return code 500. That might display fine and the 500 go unnoticed, but using AJAX or wget, the 500 will cause problems. I looked at existing tests to create a new test for this fix, but I don't see a way to test the exit status or http response code. The test cases seem to rely on the textual output of the test case.
|
Somethinig is wrong with your diff, it contains changes that weren't actually made by you. Could you do a clean rebase to master (or whatever your target branch is)? |
|
The instructions (https://wiki.php.net/vcs/gitworkflow) said to If there's a way to be selective in what you take, my changes were
----- Original Message ---- To: jabouillei jabouillei@yahoo.com Somethinig is wrong with your diff, it contains changes that weren't actually Reply to this email directly or view it on GitHub: |
|
This is my second attempt to submit this change. For my first attempt, I followed the instructions at https://wiki.php.net/vcs/gitworkflow carefully and received an error when attempting "git pull --rebase upstream/PHP-5.4". I guess that's why there were other people's commits showing up in my pull request. Since then, I've executed the following commands. Some portion of these command seemed to fix things and others may have done nothing or messed something up. If anyone reads this that has the knowledge and permission to update https://wiki.php.net/vcs/gitworkflow, please make the appropriate updates so other people don't experience the problems I hit. Here are the additional commands that seemed to help: git fetch upstream |
|
I think I've fixed the pull request. The instructions for external contributors git fetch upstream After that I updated my pull request and now it only shows my changes. If some portion of those commands are needed for external contributors and Thanks!
----- Original Message ---- To: jabouillei jabouillei@yahoo.com Somethinig is wrong with your diff, it contains changes that weren't actually Reply to this email directly or view it on GitHub: |
| @@ -1218,7 +1218,10 @@ ZEND_API void zend_error(int type, const char *format, ...) /* {{{ */ | |||
| va_end(args); | |||
|
|
|||
| if (type == E_PARSE) { | |||
| EG(exit_status) = 255; | |||
| /* eval() errors do not affect exit_status */ | |||
| if (EG(current_execute_data)->opline->extended_value != ZEND_EVAL) { | |||
There was a problem hiding this comment.
Not sure this is safe - what guarantees that EG(current_execute_data)->opline is valid for every call to zend_error?
For example, this segfaults: php -r '0+'
There was a problem hiding this comment.
Also I'm not sure whether just checking the extended value is safe. ZEND_EVAL is 1 and I imagine that this extended value is also used for other opcodes in other circumstances. So you should probably additionally check that the opcode is ZEND_INCLUDE_OR_EVAL.
There was a problem hiding this comment.
Glad someone who knows how internals works looked at this! I've updated the code to check for the existence of everything being used before using it. In main.c, I introduced a local boolean. I guessed the type should be "zend_bool", but that was just a guess.
php -r '0+' no longer segfaults. Bad evals are harmless. Other parse errors are fatal (but don't segfault).
checking whether extended_value is ZEND_EVAL
| @@ -1112,6 +1112,11 @@ static void php_error_cb(int type, const char *error_filename, const uint error_ | |||
| } | |||
|
|
|||
| /* Bail out if we can't recover */ | |||
| /* eval() errors do not affect exit_status or response code */ | |||
| zend_bool during_eval = (EG(current_execute_data) && | |||
There was a problem hiding this comment.
I'm afraid you can't do this in plain C - you need to define vars in the beginning of the function.
There was a problem hiding this comment.
I've fixed this. I saw the other mid-function definitions and thought it was
OK, but now I understand that the definition must be at the beginning of
a block. Sorry. Rather than add confusion by putting the definition and
perhaps
assignment at the top of the function, I've introduced a block where the
variable is needed.
|
If I should do something about this, please let me know. Apparently, this was |
|
you can ignore the failed report by travisbot... it always reports failed |
|
@jabouillei Could you add test cases with the built in webserver to make sure your patch behaves like it should? |
|
Some test cases are definitely needed. |
|
With this patch, this code: eval("foo();");will return 200 too, even though it results in a fatal error. This is not right, so we need some better solution here. |
|
Comment on behalf of stas at php.net: merged |
I changed main.c and Zend.c to address bug #43177. The php.net description of eval() states:
"If there is a parse error in the evaluated code, eval() returns FALSE and execution of the following code continues normally."
That statement is almost true. The exit status and http response code were made 255 and 500. Even thought the script proceeds normally and the webpage may be perfectly constructed, the results may be discarded (e.g. by wget or an ajax framework) because of the 255/500. The changes to main.c and Zend.c in this request prevent an eval() error from affecting the exit status and http response code.
This is my first attempt to submit a bug fix to php. I believe I have followed the instructions at
https://wiki.php.net/vcs/gitworkflow
but I see that a half dozen files are listed as modified. I guess that is a merge issue, but I don't see how I am supposed to address it. I'm hoping it will be easy for whoever handles this pull request to only accept the relevant changes in main.c and zend.c.
Because the change regards the exit status and response code, testing does not appear to be compatible with the php test framework. I have not added anything to the tests/ directory.